PC windows 7 is slowing down and sometimes shut down by itself
Started by
alisonmunandar
, Jun 14 2018 05:52 PM
Windows7
#1
Posted 14 June 2018 - 05:52 PM
alisonmunandar
-
- Member
-
- 49 posts
Member
#2
Posted 15 June 2018 - 08:25 AM
RKinner
-
- Expert
-
- 24,731 posts
Malware Expert
Get Process Explorer
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a full minute then:
File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.
Copy the next 2 lines:
TASKLIST /SVC > \junk.txt
notepad \junk.txt
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.
Get the free version of Speccy:
http://www.filehippo...ownload_speccy/
(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.
- Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Check the Addition.txt box
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
#3
Posted 16 June 2018 - 07:45 AM
alisonmunandar
- Topic Starter
-
- Member
-
- 49 posts
Member
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
67.0.3396.87_66.0.3359.181_chrome_updater.exe 1,624 K 1,708 K 2336 Google Chrome Installer Google Inc. (Verified) Google Inc
armsvc.exe 1,220 K 4,240 K 1940 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
atieclxx.exe 2,868 K 8,352 K 3056 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atiesrxx.exe 1,544 K 4,704 K 1036 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
lsm.exe 2,832 K 4,888 K 796 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 2,680 K 6,532 K 672 Bonjour Service Apple Inc. (Verified) Apple Inc.
msseces.exe 7,208 K 15,868 K 3036 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
NisSrv.exe 14,880 K 8,648 K 2732 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
notepad.exe 2,076 K 7,204 K 5336 Notepad Microsoft Corporation (Verified) Microsoft Windows
nusb3mon.exe 1,780 K 5,624 K 1684 AMD USB 3.0 Device Detector Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
PresentationFontCache.exe 35,232 K 35,272 K 5452 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 2,328 K 7,896 K 3816 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RAVCpl64.exe 8,712 K 11,412 K 2076 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
setup.exe 3,256 K 5,628 K 2340 Google Chrome Installer Google Inc. (Verified) Google Inc
smss.exe 556 K 1,336 K 300 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 6,976 K 12,916 K 1804 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SpotifyWebHelper.exe 1,584 K 5,476 K 2004 SpotifyWebHelper Spotify Ltd (Verified) Spotify AB
sppsvc.exe 2,648 K 8,852 K 3124 Microsoft Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Windows
SSScheduler.exe 1,460 K 4,192 K 4116 McAfee Security Scanner Scheduler McAfee, Inc. (Verified) McAfee
svchost.exe 2,040 K 6,120 K 2080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,268 K 6,292 K 6984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,764 K 11,896 K 5588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,504 K 7,016 K 6848 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,068 K 5,980 K 3768 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 44,044 K 48,372 K 1292 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
TunnelBear.Maintenance.exe 23,084 K 37,008 K 2116 TunnelBear.Maintenance (Verified) TunnelBear
unsecapp.exe 1,832 K 5,776 K 4556 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
Wacom_Tablet.exe 9,628 K 21,824 K 3464 Tablet Service for professional driver Wacom Technology, Corp. (Verified) Wacom Technology Corporation
Wacom_TabletUser.exe 1,924 K 5,960 K 3360 Tablet user module for professional driver Wacom Technology, Corp. (Verified) Wacom Technology Corporation
Wacom_TouchUser.exe 4,480 K 13,100 K 3484 Touch User Mode Driver Wacom Technology, Corp. (Verified) Wacom Technology Corporation
WacomHost.exe 1,668 K 6,664 K 3368 Wacom Load Agent Wacom Technology (Verified) Wacom Technology Corp.
wininit.exe 1,688 K 4,872 K 660 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,384 K 7,968 K 760 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,692 K 6,884 K 2200 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 7,904 K 15,040 K 2656 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WTabletServicePro.exe 1,680 K 5,292 K 1468 Tablet Service Wacom Technology, Corp. (Verified) Wacom Technology Corporation
wuauclt.exe 2,288 K 7,672 K 5372 Windows Update Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe < 0.01 4,672 K 13,820 K 3012 iTunesHelper Apple Inc. (Verified) Apple Inc.
rundll32.exe < 0.01 2,536 K 6,556 K 6516 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 6,872 K 3,148 K 4864 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
Lavasoft.WCAssistant.WinService.exe < 0.01 38,052 K 44,300 K 2292 SPWindowsService (Verified) Lavasoft Software Canada
svchost.exe < 0.01 6,676 K 11,316 K 5912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,756 K 13,000 K 1408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 29,456 K 35,288 K 1536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AAM Updates Notifier.exe < 0.01 7,480 K 6,912 K 6192 AAM Updates Notifier Application Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
DTLService.exe < 0.01 7,552 K 12,952 K 2028 驱动人生服务 深圳市驱动人生软件技术有限公司 (A certificate chain could not be built to a trusted root authority) 深圳市驱动人生软件技术有限公司
taskhost.exe < 0.01 13,440 K 15,856 K 3292 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
VSSVC.exe < 0.01 8,800 K 14,916 K 6532 Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
EvernoteClipper.exe < 0.01 3,132 K 7,268 K 4184 Evernote Clipper Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (Verified) EVERNOTE CORPORATION
slui.exe < 0.01 3,532 K 11,672 K 6900 Windows Activation Client Microsoft Corporation (Verified) Microsoft Windows
lsass.exe < 0.01 5,028 K 12,696 K 788 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 14,276 K 26,648 K 1140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe < 0.01 4,024 K 11,488 K 1964 MobileDeviceService Apple Inc. (Verified) Apple Inc.
iPodService.exe < 0.01 2,408 K 7,500 K 3076 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
firefox.exe < 0.01 49,740 K 52,012 K 5276 Firefox Mozilla Corporation (Verified) Mozilla Corporation
csrss.exe < 0.01 2,712 K 5,344 K 584 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 5,464 K 9,500 K 996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
firefox.exe < 0.01 74,332 K 86,936 K 6596 Firefox Mozilla Corporation (Verified) Mozilla Corporation
WebCompanion.exe 0.02 90,088 K 84,744 K 3680 Web Companion Lavasoft (Verified) Lavasoft Software Canada
SearchIndexer.exe 0.02 40,540 K 39,720 K 3892 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
WkSvMgr.exe 0.02 5,076 K 11,256 K 4144 WkSvMgr WIBU-SYSTEMS AG (Verified) WIBU-SYSTEMS AG
svchost.exe 0.03 22,164 K 24,600 K 1076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe 0.04 7,172 K 10,824 K 728 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.06 49,176 K 72,932 K 4056 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.06 634,112 K 360,800 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.10 12,992 K 17,220 K 1832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe 0.10 2,744 K 2,060 K 5400 Google Installer Google Inc. (Verified) Google Inc
svchost.exe 0.13 5,260 K 10,872 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.19 3,280 K 11,028 K 684 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe 0.25 10,440 K 17,712 K 3228 Google Installer Google Inc. (Verified) Google Inc
svchost.exe 0.28 218,992 K 229,372 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TWCU.exe 0.28 11,524 K 21,280 K 4164 (No signature was present in the subject)
DriveTheLife.exe 0.30 32,544 K 15,868 K 4672 驱动人生 深圳市驱动人生软件技术有限公司 (A certificate chain could not be built to a trusted root authority) 深圳市驱动人生软件技术有限公司
AvastUI.exe 0.34 18,328 K 30,664 K 4604 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
firefox.exe 0.43 36,936 K 50,264 K 6172 Firefox Mozilla Corporation (Verified) Mozilla Corporation
firefox.exe 0.57 204,096 K 278,360 K 5856 Firefox Mozilla Corporation (Verified) Mozilla Corporation
dwm.exe 0.58 33,264 K 33,812 K 4048 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 0.79 256 K 7,448 K 4
Interrupts 0.91 0 K 0 K n/a Hardware Interrupts and DPCs
MsMpEng.exe 1.09 155,116 K 206,848 K 328 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 1.52 33,076 K 56,156 K 2548 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
firefox.exe 1.80 211,688 K 242,668 K 3764 Firefox Mozilla Corporation (Verified) Mozilla Corporation
setup.exe 5.36 13,068 K 24,984 K 6328 Google Chrome Installer Google Inc. (Verified) Google Inc
AvastSvc.exe 9.12 76,232 K 54,256 K 1644 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
System Idle Process 75.54 0 K 24 K 0
#4
Posted 16 June 2018 - 07:47 AM
alisonmunandar
- Topic Starter
-
- Member
-
- 49 posts
Member
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 300 N/A
csrss.exe 584 N/A
wininit.exe 660 N/A
csrss.exe 684 N/A
services.exe 728 N/A
winlogon.exe 760 N/A
lsass.exe 788 KeyIso, SamSs
lsm.exe 796 N/A
svchost.exe 900 DcomLaunch, PlugPlay, Power
svchost.exe 996 RpcEptMapper, RpcSs
MsMpEng.exe 328 MsMpSvc
atiesrxx.exe 1036 AMD External Events Utility
svchost.exe 1076 AudioSrv, Dhcp, eventlog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 1108 AudioEndpointBuilder, CscService, hidserv,
HomeGroupListener, Netman, PcaSvc, SysMain,
TrkWks, UxSms, WdiSystemHost, Wlansvc,
wudfsvc
svchost.exe 1140 EventSystem, fdPHost, FontCache, netprofm,
nsi, WdiServiceHost, WinHttpAutoProxySvc
svchost.exe 1172 AeLookupSvc, Appinfo, BITS, Browser,
EapHost, gpsvc, IKEEXT, iphlpsvc,
LanmanServer, MMCSS, ProfSvc, Schedule,
SENS, ShellHWDetection, Themes, Winmgmt,
wuauserv
TrustedInstaller.exe 1292 TrustedInstaller
WTabletServicePro.exe 1468 WTabletServicePro
svchost.exe 1536 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
AvastSvc.exe 1644 avast! Antivirus
spoolsv.exe 1804 Spooler
svchost.exe 1832 BFE, DPS, MpsSvc
armsvc.exe 1940 AdobeARMservice
AppleMobileDeviceService. 1964 Apple Mobile Device Service
mDNSResponder.exe 672 Bonjour Service
svchost.exe 1408 DiagTrack
DTLService.exe 2028 DTLService
svchost.exe 2080 stisvc
TunnelBear.Maintenance.ex 2116 TunnelBearMaintenance
Lavasoft.WCAssistant.WinS 2292 WCAssistantService
WmiPrvSE.exe 2656 N/A
NisSrv.exe 2732 NisSrv
atieclxx.exe 3056 N/A
sppsvc.exe 3124 sppsvc
taskhost.exe 3292 N/A
Wacom_TabletUser.exe 3360 N/A
WacomHost.exe 3368 N/A
Wacom_Tablet.exe 3464 N/A
Wacom_TouchUser.exe 3484 N/A
dwm.exe 4048 N/A
explorer.exe 4056 N/A
RAVCpl64.exe 2076 N/A
nusb3mon.exe 1684 N/A
msseces.exe 3036 N/A
iTunesHelper.exe 3012 N/A
SearchIndexer.exe 3892 WSearch
iPodService.exe 3076 iPod Service
WebCompanion.exe 3680 N/A
SpotifyWebHelper.exe 2004 N/A
SSScheduler.exe 4116 N/A
WkSvMgr.exe 4144 N/A
TWCU.exe 4164 N/A
EvernoteClipper.exe 4184 N/A
unsecapp.exe 4556 N/A
AvastUI.exe 4604 N/A
DriveTheLife.exe 4672 N/A
PresentationFontCache.exe 5452 FontCache3.0.0.0
svchost.exe 5912 FDResPub, SSDPSRV
wmpnetwk.exe 4864 WMPNetworkSvc
svchost.exe 5588 p2pimsvc, p2psvc, PNRPsvc
rundll32.exe 6516 N/A
wuauclt.exe 5372 N/A
firefox.exe 5856 N/A
firefox.exe 6172 N/A
firefox.exe 6596 N/A
firefox.exe 3764 N/A
firefox.exe 5276 N/A
slui.exe 6900 N/A
taskeng.exe 6848 N/A
AAM Updates Notifier.exe 6192 N/A
notepad.exe 5336 N/A
svchost.exe 6984 swprv
WmiPrvSE.exe 2200 N/A
audiodg.exe 6428 N/A
notepad.exe 1788 N/A
SearchProtocolHost.exe 3952 N/A
SearchFilterHost.exe 6060 N/A
cmd.exe 5308 N/A
conhost.exe 3212 N/A
tasklist.exe 5796 N/A
#5
Posted 16 June 2018 - 07:56 AM
alisonmunandar
- Topic Starter
-
- Member
-
- 49 posts
Member
This is the speecy result
#7
Posted 16 June 2018 - 08:01 AM
alisonmunandar
- Topic Starter
-
- Member
-
- 49 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by WINDOWS7 (administrator) on WINDOWS7-PC (16-06-2018 21:01:03)
Running from C:\Users\WINDOWS7\Downloads
Loaded Profiles: WINDOWS7 (Available Profiles: WINDOWS7)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(深圳市驱动人生软件技术有限公司) C:\Program Files (x86)\DriveTheLife2012\DTLService.exe
() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Spotify Ltd) C:\Users\WINDOWS7\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(深圳市驱动人生软件技术有限公司) C:\Program Files (x86)\DriveTheLife2012\DriveTheLife.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-18] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [DriveTheLife2012] => C:\Program Files (x86)\DriveTheLife2012\DriveTheLife.exe [1109888 2012-03-31] (深圳市驱动人生软件技术有限公司)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Run: [Spotify] => C:\Users\WINDOWS7\AppData\Roaming\Spotify\Spotify.exe [23177616 2018-05-28] (Spotify Ltd)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-05-06] (Lavasoft)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Run: [BitTorrent] => C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe [1991104 2018-05-18] (BitTorrent Inc.)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Run: [Spotify Web Helper] => C:\Users\WINDOWS7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-28] (Spotify Ltd)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\MountPoints2: {422461e7-d272-11e6-82ce-003018ad7743} - G:\Setup.exe /s
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\MountPoints2: {42246216-d272-11e6-82ce-003018ad7743} - G:\Setup.exe /s
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\MountPoints2: {4bc607fa-c919-11e7-bfd0-003018ad7743} - V:\MAXON-Start.exe
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\MountPoints2: {8c5a10ff-d278-11e6-b2cb-003018ad7743} - G:\Setup.exe /s
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\MountPoints2: {da78fe56-d26f-11e6-8a06-003018ad7743} - G:\Setup.exe /s
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2017-09-21]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-05-20]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\WINDOWS7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-09-10]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6BD95C13-2E1F-4194-9A44-36664A457EFE}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{BD752DE7-0918-4265-934A-22FE76B2B827}: [NameServer] 4.2.2.1,4.2.2.6
Tcpip\..\Interfaces\{BD752DE7-0918-4265-934A-22FE76B2B827}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D45BCE11-3A83-4A1E-941C-069901900870}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://id.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10427__180505__yaie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btrnt_17_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCyE0C0CtBtDtByD0FzztDtB0A0FtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtAtFyDzytN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StDyBzytCtAtAzy0EtGyEyDtByBtGyB0F0B0FtGtC0DzyyDtG0DtA0E0FyBtD0BtD0AtC0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBzztCtC0DzzyEtGyDtDtC0CtGyE0B0A0FtGzz0AyE0BtGtC0CyDtAyC0BtDyCyDtAtD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtCtByC%26cr%3D1045487113%26a%3Dwny_btrnt_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://id.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10427__180505__yaie&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-18] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-18] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-07-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: qq6om5z5.default-1510674967152
FF ProfilePath: C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152 [2018-06-16]
FF Homepage: Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152 -> hxxps://id.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10427__180505__yaff
FF NewTab: Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152 -> hxxps://id.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10427__180505__yaff
FF Extension: (Grammarly for Firefox) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-05-18]
FF Extension: (Avira Browser Safety) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-06-13]
FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-05-13]
FF Extension: (Avira Password Manager) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-06-13]
FF Extension: (Avira SafeSearch Plus) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-06-13]
FF Extension: (Avast SafePrice) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-06-16]
FF Extension: (Avast Online Security) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\[email protected] [2018-06-16]
FF Extension: (Video DownloadHelper) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-06-06]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\features\{311ec405-dd84-460b-ae98-c63ee75bd963}\[email protected] [2018-06-09] [Legacy]
FF SearchPlugin: C:\Users\WINDOWS7\AppData\Roaming\Mozilla\Firefox\Profiles\qq6om5z5.default-1510674967152\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srchbar.com/?s={searchTerms}
CHR Profile: C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default [2018-06-15]
CHR Extension: (Docs) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-26]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-06-15]
CHR Extension: (YouTube) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-26]
CHR Extension: (Google Docs Offline) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-26]
CHR Extension: (Video DownloadHelper) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-01-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-15]
CHR Extension: (Search Manager) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2018-06-13]
CHR Extension: (Gmail) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-26]
CHR Extension: (Chrome Media Router) - C:\Users\WINDOWS7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-18] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-18] (AVAST Software)
R2 DTLService; C:\Program Files (x86)\DriveTheLife2012\DTLService.exe [184208 2012-03-29] (深圳市驱动人生软件技术有限公司)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [39296 2017-12-12] ()
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-05-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [742864 2016-03-22] (Wacom Technology, Corp.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdiommu; C:\Windows\System32\DRIVERS\amdkiomd.sys [77312 2013-12-07] (Advanced Micro Devices, Inc.)
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-18] (AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-05-18] (AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-05-18] (AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-05-18] (AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-05-18] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-18] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-18] (AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-18] (AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-18] (AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-18] (AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-18] (AVAST Software)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 HWCore; C:\Program Files (x86)\DriveTheLife2012\hwcore.sys [29584 2012-03-13] (<company name here>)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)
S3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [102864 2016-03-03] (Wacom Technology)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [97792 2011-09-22] (WIBU-SYSTEMS AG)
U3 aswbdisk; no ImagePath
R3 cpuz135; \??\C:\Users\WINDOWS7\AppData\Local\Temp\DTL135\DTL135_x64.sys [X] <==== ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
Error(1) reading file: "C:\Users\WINDOWS7\Downloads\[DownSub.com] Is gay marriage really about "
2018-06-16 21:01 - 2018-06-16 21:01 - 000025878 _____ C:\Users\WINDOWS7\Downloads\FRST.txt
2018-06-16 21:00 - 2018-06-16 21:01 - 000000000 ____D C:\FRST
2018-06-16 21:00 - 2018-06-16 21:00 - 002413056 _____ (Farbar) C:\Users\WINDOWS7\Downloads\FRST64.exe
2018-06-16 20:52 - 2018-06-16 20:53 - 000333054 _____ C:\Users\WINDOWS7\Desktop\Speecy.txt
2018-06-16 20:51 - 2018-06-16 20:51 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-16 20:51 - 2018-06-16 20:51 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-06-16 20:51 - 2018-06-16 20:51 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-06-16 20:51 - 2018-06-16 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-06-16 20:51 - 2018-06-16 20:51 - 000000000 ____D C:\Program Files\CCleaner
2018-06-16 20:50 - 2018-06-16 20:50 - 006889184 _____ (Piriform Ltd) C:\Users\WINDOWS7\Downloads\spsetup132.exe
2018-06-16 20:50 - 2018-06-16 20:50 - 000000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2018-06-16 20:50 - 2018-06-16 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-06-16 20:50 - 2018-06-16 20:50 - 000000000 ____D C:\Program Files\Speccy
2018-06-16 20:49 - 2018-06-16 20:49 - 000007616 _____ C:\junk.txt
2018-06-16 20:46 - 2018-06-16 20:46 - 000010102 _____ C:\Users\WINDOWS7\Desktop\Process Explorer.TXT
2018-06-16 20:35 - 2018-06-16 20:35 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\WINDOWS7\Downloads\procexp.exe
2018-06-14 06:26 - 2018-05-18 02:09 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-06-14 06:20 - 2018-06-14 06:20 - 000365509 _____ C:\unp30671725384346723i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000364979 _____ C:\unp30671725387778729i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000363678 _____ C:\unp30671725383566721i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000363067 _____ C:\unp30671725391210735i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000361907 _____ C:\unp30671725386842727i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000361817 _____ C:\unp30671725381694718i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000361713 _____ C:\unp30671725382630720i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000360649 _____ C:\unp30671725386062726i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000360625 _____ C:\unp30671725380914717i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000360618 _____ C:\unp30671725385126724i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000360435 _____ C:\unp30671725379978715i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000360355 _____ C:\unp30671725389494732i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000359619 _____ C:\unp30671725378262712i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000359376 _____ C:\unp30671725390430733i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000358009 _____ C:\unp30671725388714730i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000356893 _____ C:\unp30671725379198714i-manual.mdmp
2018-06-14 06:20 - 2018-06-14 06:20 - 000341615 _____ C:\unp30671725371398700i-manual.mdmp
2018-06-14 06:16 - 2018-06-14 06:16 - 000276088 _____ C:\Windows\Minidump\061418-17300-01.dmp
2018-06-14 04:12 - 2018-06-14 04:17 - 065369756 _____ C:\Users\WINDOWS7\Downloads\t-shirt White by 3mad art.psd
2018-06-14 04:12 - 2018-06-14 04:16 - 058863940 _____ C:\Users\WINDOWS7\Downloads\t-shirt Denimblue by 3mad art.psd
2018-06-14 04:12 - 2018-06-14 04:16 - 058815014 _____ C:\Users\WINDOWS7\Downloads\t-shirt red by 3mad art.psd
2018-06-14 03:41 - 2018-06-14 03:41 - 000022371 _____ C:\Users\WINDOWS7\Downloads\YikesTypefaceFree.zip
2018-06-14 01:54 - 2018-06-14 01:55 - 097999997 _____ C:\Users\WINDOWS7\Downloads\Creating Patterns On Clothing in Photoshop.mp4
2018-06-14 01:40 - 2018-06-14 01:41 - 102856184 _____ C:\Users\WINDOWS7\Downloads\How to Create a Packaging Design Mockup in Photoshop.mp4
2018-06-14 01:27 - 2018-06-14 01:27 - 023149318 _____ C:\Users\WINDOWS7\Downloads\How to Design Mockup in Photoshop Adobe Photoshop Tutorial.mp4
2018-06-13 04:13 - 2018-06-13 04:13 - 000276144 _____ C:\Windows\Minidump\061318-15506-01.dmp
2018-06-13 04:03 - 2018-06-13 04:03 - 000000000 ____D C:\Users\WINDOWS7\AppData\Local\Avira
2018-06-13 03:55 - 2018-06-13 03:55 - 000000000 ____D C:\Users\WINDOWS7\AppData\Local\Avira Operations Gmbh & Co. KG
2018-06-13 03:55 - 2018-06-13 03:55 - 000000000 ____D C:\ProgramData\Avira Operations Gmbh & Co. KG
2018-06-13 03:47 - 2018-06-13 19:13 - 000000000 ____D C:\Program Files (x86)\Avira
2018-06-13 03:47 - 2018-06-13 04:04 - 000000000 ____D C:\ProgramData\Avira
2018-06-12 02:54 - 2018-06-12 02:57 - 383295164 _____ C:\Users\WINDOWS7\Downloads\The Rise of AI.mp4
2018-06-11 03:23 - 2018-06-11 03:23 - 000276088 _____ C:\Windows\Minidump\061118-17238-01.dmp
2018-06-11 02:21 - 2018-06-11 02:29 - 1015817850 _____ C:\Users\WINDOWS7\Downloads\Learn SEO! Free SEO Training Course Created In December 2017.mp4
2018-06-10 05:55 - 2018-06-10 05:59 - 534069562 _____ C:\Users\WINDOWS7\Downloads\The Authenticity Code Philip Mckernan.mp4
2018-06-10 05:36 - 2018-06-10 05:39 - 527808532 _____ C:\Users\WINDOWS7\Downloads\Transformational Communication What Masters Know About Conne.mp4
2018-06-10 04:44 - 2018-06-10 04:46 - 202968505 _____ C:\Users\WINDOWS7\Downloads\How to Connect with Powerful and Influential People.mp4
2018-06-07 00:06 - 2018-06-07 00:18 - 205171429 _____ C:\Users\WINDOWS7\Downloads\Marcus Samuelsson, Restaurant Marketing & Trends in Food #As.mp4
2018-06-06 23:37 - 2018-06-06 23:42 - 122439894 _____ C:\Users\WINDOWS7\Downloads\Consumer Behavior on the Internet with Sean Duffy.mp4
2018-06-05 22:49 - 2018-06-05 22:50 - 012058461 _____ C:\Users\WINDOWS7\Downloads\2D ANIMATED SHORT FILM - DIPTYQUE - BEST SELLERS by Parallel Studio.mp4
2018-06-05 22:35 - 2018-06-05 22:37 - 016559215 _____ C:\Users\WINDOWS7\Downloads\SIAMÉS - The Wolf [Official Video].mp4
2018-06-05 22:22 - 2018-06-05 22:23 - 012339128 _____ C:\Users\WINDOWS7\Downloads\videoplayba3ck.mp4
2018-06-05 22:15 - 2018-06-05 22:18 - 030374936 _____ C:\Users\WINDOWS7\Downloads\RASPUTIN - Vladimir Putin - Love The Way You Move (Funk Overload) @slocband.mp4
2018-06-05 22:12 - 2018-06-05 22:24 - 023043833 _____ C:\Users\WINDOWS7\Downloads\Caravan Palace - Lone Digger.mp4
2018-06-05 22:08 - 2018-06-05 22:11 - 036614324 _____ C:\Users\WINDOWS7\Downloads\LORN - ANVIL [Official Music Video].mp4
2018-06-05 22:07 - 2018-06-05 22:10 - 022697488 _____ C:\Users\WINDOWS7\Downloads\CONCORDE - Sons.mp4
2018-06-05 22:04 - 2018-06-05 22:06 - 023404109 _____ C:\Users\WINDOWS7\Downloads\Stuck In the Sound - Let's Go [Official Video].mp4
2018-06-05 04:37 - 2018-06-05 04:37 - 014002824 _____ C:\Users\WINDOWS7\Downloads\What voice search means for the future of digital marketing.mp4
2018-06-05 03:58 - 2018-06-05 04:00 - 164172478 _____ C:\Users\WINDOWS7\Downloads\What's The One Thing Rich People Buy That Poor People Don't .mp4
2018-06-05 03:20 - 2018-06-05 03:26 - 441585637 _____ C:\Users\WINDOWS7\Downloads\95% of You Will Ignore This 2018 Marketing Strategy Business.mp4
2018-06-05 02:54 - 2018-06-05 02:57 - 253622963 _____ C:\Users\WINDOWS7\Downloads\Online Marketing Rockstars Gary Vaynerchuk Keynote Hamburg 2.mp4
2018-06-05 02:21 - 2018-06-05 02:21 - 037654143 _____ C:\Users\WINDOWS7\Downloads\Jeff Bezos's Top 10 Rules For Success (@JeffBezos).mp4
2018-06-04 23:59 - 2018-06-04 23:59 - 068353943 _____ C:\Users\WINDOWS7\Downloads\eCommerce Marketing Strategies - 12 Killer Tips.mp4
2018-06-04 23:12 - 2018-06-04 23:14 - 314797262 _____ C:\Users\WINDOWS7\Downloads\Jack Ma's Life Advice LEARN FROM YOUR MISTAKES (MUST WATCH).mp4
2018-06-04 22:36 - 2018-06-04 22:38 - 175963062 _____ C:\Users\WINDOWS7\Downloads\JACK MA’S TIPS – HOW TO GROW A SMALL BUSINESS (Jack Ma 2017).mp4
2018-06-04 21:50 - 2018-06-04 21:50 - 067928882 _____ C:\Users\WINDOWS7\Downloads\Jack Ma - How to Make a Small Business Successful.mp4
2018-06-04 04:56 - 2018-06-04 04:56 - 006618142 _____ C:\Users\WINDOWS7\Downloads\334.mp4.mp4
2018-06-03 01:53 - 2018-06-03 01:54 - 084918456 _____ C:\Users\WINDOWS7\Downloads\TOP 5 DEFENDING SKILLS HOW TO DEFEND IN FOOTBALL.mp4
2018-05-29 03:31 - 2018-05-29 03:31 - 013900018 _____ C:\Users\WINDOWS7\Downloads\How to Straighten and Color Correct Architectural Photograph.mp4
2018-05-29 02:23 - 2018-05-29 02:28 - 047561506 _____ C:\Users\WINDOWS7\Downloads\Cup Mockup with Hand.zip
2018-05-29 02:23 - 2018-05-29 02:27 - 025033399 _____ C:\Users\WINDOWS7\Downloads\Paper Bag PSD Mockup.zip
2018-05-29 02:23 - 2018-05-29 02:26 - 024468280 _____ C:\Users\WINDOWS7\Downloads\Billboard Mockup.zip
2018-05-29 02:21 - 2018-05-29 02:27 - 078986799 _____ C:\Users\WINDOWS7\Downloads\tshirt-mockup-psd.zip
2018-05-29 02:21 - 2018-05-29 02:27 - 044240894 _____ C:\Users\WINDOWS7\Downloads\flag-mockup.zip
2018-05-29 02:21 - 2018-05-29 02:24 - 046046348 _____ C:\Users\WINDOWS7\Downloads\6-marble-textures.zip
2018-05-29 02:21 - 2018-05-29 02:22 - 001969270 _____ C:\Users\WINDOWS7\Downloads\hanging_business_card_mockup.zip
2018-05-29 02:20 - 2018-05-29 02:26 - 035053564 _____ C:\Users\WINDOWS7\Downloads\shop-sign-mockup.zip
2018-05-29 02:20 - 2018-05-29 02:21 - 012955641 _____ C:\Users\WINDOWS7\Downloads\paper-cup-mockup.zip
2018-05-28 21:39 - 2018-05-28 22:52 - 000000000 ____D C:\Users\WINDOWS7\Downloads\VSCO.FILM.01-06-LIGHTROOM-ILLEGAL_FTP
2018-05-28 10:38 - 2018-05-28 10:39 - 000212790 _____ C:\Windows\ntbtlog.txt
2018-05-28 04:00 - 2018-05-28 04:00 - 078045779 _____ C:\Users\WINDOWS7\Downloads\Composition and Cropping Quick Trick for Food Photography - .mp4
2018-05-28 03:28 - 2018-05-28 03:28 - 047778105 _____ C:\Users\WINDOWS7\Downloads\Lightroom Basics for Food Photography - how I edit photos - .mp4
2018-05-28 03:20 - 2018-05-28 03:20 - 050916573 _____ C:\Users\WINDOWS7\Downloads\Lightroom Classic CC Rocks Food Photography - YouTube.mp4
2018-05-28 02:14 - 2018-05-28 02:14 - 000006733 _____ C:\Users\WINDOWS7\Downloads\Mokusei-Konten(1).xlsx
2018-05-28 02:13 - 2018-05-28 02:14 - 046289515 _____ C:\Users\WINDOWS7\Downloads\A YouTube Employee Shares Tips for Getting Discovered.mp4
2018-05-27 19:14 - 2018-05-27 19:17 - 415052727 _____ C:\Users\WINDOWS7\Downloads\Compositional techniques for Graphic Designers - LIVE stream.mp4
2018-05-27 19:06 - 2018-05-27 19:07 - 031632772 _____ C:\Users\WINDOWS7\Downloads\How To Create Custom Type Designs in Adobe Illustrator - You.mp4
2018-05-27 18:38 - 2018-05-27 18:40 - 023095969 _____ C:\Users\WINDOWS7\Downloads\3 Lightroom Hacks for Food Photography - That's Sage.mp4
2018-05-27 02:56 - 2018-05-27 02:56 - 000276144 _____ C:\Windows\Minidump\052718-18049-01.dmp
2018-05-26 02:38 - 2018-05-26 02:41 - 372406790 _____ C:\Users\WINDOWS7\Downloads\How To Make Your First $100,000 Online With Dan Lok - YouTub.mp4
2018-05-24 18:34 - 2018-05-24 18:34 - 000579968 _____ C:\Users\WINDOWS7\Downloads\BSS Deck - Content.pdf
2018-05-24 02:32 - 2018-05-24 02:32 - 025379970 _____ C:\Users\WINDOWS7\Downloads\Habis Galau Terbitlah Move On - J. Sumardianta.pdf
2018-05-21 22:31 - 2018-05-21 22:31 - 000006733 _____ C:\Users\WINDOWS7\Downloads\Mokusei-Konten.xlsx
2018-05-21 04:37 - 2018-05-21 04:38 - 000595112 _____ C:\Users\WINDOWS7\Downloads\Bennett+the+Bengal.skp
2018-05-18 02:16 - 2018-06-15 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-05-18 02:16 - 2018-06-14 06:27 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-05-18 02:10 - 2018-06-15 20:57 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-05-18 02:10 - 2018-06-14 06:27 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-05-18 02:10 - 2018-05-18 02:09 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7313cd3a6318203a.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\asw2bb5198fffbf1e96.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw85b8accca6c2e1db.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3a7844fbe1b6d8cf.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\asw59c34738c2e8d436.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\asw22501129328a1aaf.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9c92f9da610caf43.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\asw704b31daf17eebad.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa40c094a43b262bb.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1a66fa6031e80e16.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\asw 2fa9a42d74bded.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswee45c25eaefb22ed.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe759c81b81dcbf48.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswccb03d6a8578486c.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswab2078ee8d15712b.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcff095db1e985e8c.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\asw39d21f1654d519c2.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswde3af1a91d4810b6.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa9c53004aaecf8e9.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\asw919b808491b2773d.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\asw d5346639070fc0c.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswdab38123e37efa0f.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\asw31e6702dc0117ceb.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcbfda7385250999c.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw84ede645199614ab.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw52f6ead88bfac051.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\asw149bf59a16a6aa78.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-18 02:10 - 2018-05-18 02:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswde5a8f0fbe82f05b.tmp
2018-05-18 02:10 - 2018-05-18 02:09 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw757f564ca5a21445.tmp
2018-05-18 02:09 - 2018-06-15 20:57 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-18 02:08 - 2018-05-18 02:08 - 000000857 _____ C:\Users\WINDOWS7\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-05-18 01:52 - 2018-05-18 01:52 - 006825999 _____ C:\Users\WINDOWS7\Downloads\Mister_Credentials_2018_A.pdf
2018-05-18 01:49 - 2018-05-18 01:49 - 014648085 _____ C:\Users\WINDOWS7\Downloads\Why Some Designers Are More Valuable Than Others - YouTube.mp4
2018-05-18 01:40 - 2018-05-18 01:40 - 026781121 _____ C:\Users\WINDOWS7\Downloads\Photoshop Tutorials - Glitch Animation - YouTube.mp4
2018-05-18 01:34 - 2018-05-18 01:35 - 017266467 _____ C:\Users\WINDOWS7\Downloads\How to create Neon Tubes Sign in Illustrator Adobe Illustrat.mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-16 20:48 - 2016-05-20 17:47 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-16 20:41 - 2016-05-20 21:07 - 000000000 ____D C:\Users\WINDOWS7\AppData\Local\Adobe
2018-06-16 20:39 - 2017-03-02 00:44 - 000000000 ____D C:\Program Files\Opera
2018-06-16 20:32 - 2016-11-25 01:15 - 000000000 ____D C:\Users\WINDOWS7\AppData\LocalLow\Mozilla
2018-06-16 20:28 - 2018-05-06 01:48 - 000000000 ____D C:\Users\WINDOWS7\AppData\Roaming\BitTorrent
2018-06-16 20:28 - 2016-07-01 00:25 - 000000000 ____D C:\Users\WINDOWS7\AppData\Local\Spotify
2018-06-16 20:28 - 2016-05-20 21:02 - 000000000 ____D C:\Program Files (x86)\DriveTheLife2012
2018-06-16 20:27 - 2016-07-01 00:22 - 000000000 ____D C:\Users\WINDOWS7\AppData\Roaming\Spotify
2018-06-16 20:25 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-15 20:57 - 2018-05-06 04:03 - 000000000 ____D C:\Users\WINDOWS7\AppData\Local\Lavasoft
2018-06-15 20:57 - 2017-09-26 01:25 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-06-15 20:57 - 2017-09-21 19:54 - 000000000 ____D C:\ProgramData\ASGVIS
2018-06-15 20:57 - 2017-06-03 05:21 - 000000000 ____D C:\Windows\Minidump
2018-06-15 20:57 - 2016-11-18 04:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-15 20:57 - 2016-05-21 18:22 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-15 20:57 - 2016-05-21 18:22 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-15 20:57 - 2016-05-20 23:05 - 000000000 ____D C:\Users\WINDOWS7\AppData\Roaming\vlc
2018-06-15 20:57 - 2016-05-20 21:07 - 000000000 ____D C:\Users\WINDOWS7\AppData\Roaming\Adobe
2018-06-15 20:57 - 2016-05-20 21:04 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-15 20:57 - 2016-05-20 17:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-15 20:57 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\servicing
2018-06-15 20:57 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2018-06-15 20:57 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\AppCompat
2018-06-15 20:57 - 2009-07-14 10:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-06-15 20:56 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\registration
2018-06-15 20:50 - 2016-05-20 17:26 - 000000000 __RHD C:\MSOCache
2018-06-15 06:09 - 2016-05-20 17:08 - 000000000 ____D C:\Users\WINDOWS7
2018-06-15 05:06 - 2016-05-20 21:42 - 000000034 _____ C:\Users\WINDOWS7\AppData\Roaming\AdobeWLCMCache.dat
2018-06-14 06:20 - 2009-07-14 11:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-14 06:20 - 2009-07-14 11:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-14 06:16 - 2017-06-03 05:21 - 348347763 _____ C:\Windows\MEMORY.DMP
2018-06-13 04:15 - 2016-05-20 17:10 - 000390560 _____ C:\Users\WINDOWS7\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-09 05:02 - 2018-03-13 23:48 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-09 05:02 - 2016-05-21 18:23 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-09 05:02 - 2016-05-21 18:23 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-09 05:02 - 2016-05-21 18:23 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-24 09:22 - 2009-07-14 11:45 - 012480432 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-19 04:14 - 2016-05-20 17:47 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-19 04:14 - 2016-05-20 17:47 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-18 05:25 - 2017-09-16 23:54 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-18 03:32 - 2009-07-14 12:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-17 05:56 - 2016-06-19 18:35 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-17 05:55 - 2017-03-22 23:31 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2017-01-04 04:21 - 2017-12-28 01:18 - 000000132 _____ () C:\Users\WINDOWS7\AppData\Roaming\Adobe PNG Format CC Prefs
2016-05-20 21:42 - 2018-06-15 05:06 - 000000034 _____ () C:\Users\WINDOWS7\AppData\Roaming\AdobeWLCMCache.dat
2018-04-24 00:41 - 2018-04-24 02:02 - 000001456 _____ () C:\Users\WINDOWS7\AppData\Local\Adobe Save for Web 13.0 Prefs
Some files in TEMP:
====================
2018-05-06 04:02 - 2018-05-06 04:02 - 000066192 _____ (AVAST Software) C:\Users\WINDOWS7\AppData\Local\Temp\ocgj5vxd.zpt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-11 05:35
==================== End of FRST.txt ============================
Edited by alisonmunandar, 16 June 2018 - 08:07 AM.
#8
Posted 16 June 2018 - 08:03 AM
RKinner
-
- Expert
-
- 24,731 posts
Malware Expert
CPU
AMD A8-6600K 78 °C
If this is accurate (which it often isn't) your CPU is boiling over. Either the fan is not working or the interface between the heatsink and the fan is clogged with dust or Speccy is wrong. Let's get a second opinion:
Run Speedfan to monitor your temps in real time:
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
It will tell you your temps in real time tho the default is to show the hard drive temp in the systray. You can change it: Hit Configure then click on the highest temp and check Show in tray. With no other programs running what is the highest temp you see? Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes. What is the highest temp now?
#9
Posted 16 June 2018 - 08:04 AM
alisonmunandar
- Topic Starter
-
- Member
-
- 49 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by WINDOWS7 (16-06-2018 21:02:03)
Running from C:\Users\WINDOWS7\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-20 10:08:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2779534775-2398878252-1007244984-500 - Administrator - Disabled)
Guest (S-1-5-21-2779534775-2398878252-1007244984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2779534775-2398878252-1007244984-1002 - Limited - Enabled)
WINDOWS7 (S-1-5-21-2779534775-2398878252-1007244984-1000 - Administrator - Enabled) => C:\Users\WINDOWS7
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.42 (HKLM-x32\...\7-Zip) (Version: - )
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR)
AMD Catalyst Install Manager (HKLM\...\{F87F5A36-43B2-F8CD-F601-AED5D064DD4C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk CAD Manager Tools (HKLM\...\{28B89EEF-0111-0409-0110-CF3F3A09B77D}) (Version: 16.0.0.65 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.13.1.2 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\BitTorrent) (Version: 7.10.3.44397 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CINEMA 4D 17.016 (HKLM\...\MAXONFC68216F) (Version: 17.016 - MAXON Computer GmbH)
DriveTheLife2012 (HKLM-x32\...\{4705B7D9-5E57-4508-8EBD-27E3A710AE6C}_is1) (Version: 1.0 - ÉîÛÚÊÐÇý¶¯ÈËÉúÈí¼þ¼¼ÊõÓÐÏÞ¹«Ë¾)
DWGSee Pro 2018 (HKLM-x32\...\{A1E00A4C-1463-4F7D-B62C-431ADC45EB15}) (Version: 4.72 - AutoDWG)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version: - MixMeister Technology LLC)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
Mp3tag v2.82 (HKLM-x32\...\Mp3tag) (Version: 2.82 - Florian Heidenreich)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Python 3.7.0a1 (64-bit) (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\{8082ccda-4fe2-41e2-9b95-91707f17c026}) (Version: 3.7.101.0 - Python Software Foundation)
Python 3.7.0a1 Add to Path (64-bit) (HKLM\...\{E98E1591-9594-45C1-A832-4254369F7984}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Core Interpreter (64-bit) (HKLM\...\{54B7F70A-9A10-4C53-960C-9DC0C424ABC1}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Development Libraries (64-bit) (HKLM\...\{6A37468A-5D30-472C-AB14-3029108DF911}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Documentation (64-bit) (HKLM\...\{97519427-B263-4CEC-96C2-276D4BB1F402}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Executables (64-bit) (HKLM\...\{B23324D0-B46C-405E-B644-ECAD08F5B42F}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 pip Bootstrap (64-bit) (HKLM\...\{86A4BA9C-84B4-49BE-B5FE-F12FC37A3CC2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Standard Library (64-bit) (HKLM\...\{C5A71F74-8AB8-4815-AB65-9802E087D887}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Tcl/Tk Support (64-bit) (HKLM\...\{6F59BEB1-0A50-497B-AC43-0DC5EB815DAD}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Test Suite (64-bit) (HKLM\...\{66B23FEC-8888-4C5C-89F9-DB3D2F1E87C2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Utility Scripts (64-bit) (HKLM\...\{2D9EDE7D-632E-48D8-B4A6-710C9A20650E}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{675736DA-F01C-42F0-BD96-AC28924B330E}) (Version: 3.7.6105.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.64 - Remo Software)
Sharepod 4.1.0.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TunnelBear (HKLM-x32\...\{33c90f23-a057-4c6d-af1e-c9f004065494}) (Version: 3.1.0.5 - TunnelBear)
TunnelBear (HKLM-x32\...\{3CD8C0E2-5A79-4BBD-A46B-9242E163D6B0}) (Version: 3.1.0.5 - TunnelBear) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
Web Companion (HKLM-x32\...\{89500c76-3af0-4ef8-bb4f-a9359eef74a6}) (Version: 4.2.1846.3481 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2018\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {037FACE2-1E1D-4909-BE26-15EBF1BA36DD} - System32\Tasks\AdobeAAMUpdater-1.0-WINDOWS7-PC-WINDOWS7 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {059D9593-820E-4E96-A888-1637A2E6BA17} - System32\Tasks\goloader1 => wscript /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
Task: {1FDD08A5-2A69-46F8-ACFF-D261D9B61192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {5E15BC24-F7A5-432E-B239-8CE9F79E2C67} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {66958E60-1E75-444F-AF08-20248973CDCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-18] (AVAST Software)
Task: {6ACF82A5-1162-4C36-A869-B5B8AF0FD66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {6C127B07-949B-4034-9257-2C2274D26885} - System32\Tasks\{FD0C9195-8DFF-4F77-B5BD-345BF6D4A15C} => C:\Windows\system32\pcalua.exe -a H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157\Setup.exe -d H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157
Task: {76DB2156-3BB5-4A6D-8663-569A6E08D80E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-25] (Piriform Ltd)
Task: {78BE5CAC-E9FD-4B65-B8D3-0D08F95D8B67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {810B746F-37D2-4CAD-9EB2-4EB4D1945805} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-25] (Piriform Ltd)
Task: {8C9C2D0B-5BEA-43DC-B74F-45A3E522FDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {A391FE45-235C-4BBE-B488-8550182BD186} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-18] (AVAST Software)
Task: {B249CD08-A3E3-4ED5-818F-77636B49BBD6} - System32\Tasks\{DC016729-2903-465B-A2BA-DDAA048C9D95} => C:\Windows\system32\pcalua.exe -a C:\Users\WINDOWS7\Downloads\mp3gain-win-1_2_5.exe -d C:\Users\WINDOWS7\Downloads
Task: {DFD0BF39-8D22-4A88-9687-65EC6148F99C} - System32\Tasks\Opera scheduled Autoupdate 1488390387 => C:\Program Files\Opera\launcher.exe [2018-02-21] (Opera Software)
Task: {FA0EC640-6309-4392-A1FA-FB9D9EB734C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000039296 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-07-03 01:19 - 2016-03-22 03:28 - 001357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-20 17:10 - 2006-12-11 02:14 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-05-20 21:10 - 2013-08-05 17:36 - 000847360 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2018-05-18 02:09 - 2018-05-18 02:09 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-16 20:29 - 2018-06-16 20:29 - 005841040 _____ () C:\Program Files\AVAST Software\Avast\defs\18061600\algo.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000082680 _____ () C:\Program Files (x86)\DriveTheLife2012\PipeProtocol.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000111352 _____ () C:\Program Files (x86)\DriveTheLife2012\tipsdll.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000126464 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000114280 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000361064 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000040040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000021096 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000057448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-05-20 21:10 - 2013-07-23 15:08 - 000193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-05-20 21:10 - 2013-09-27 16:18 - 000192000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2017-07-27 14:31 - 2017-07-27 14:31 - 000667520 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000085904 _____ () C:\Program Files (x86)\DriveTheLife2012\ResLoader.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000119544 _____ () C:\Program Files (x86)\DriveTheLife2012\pcid.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000012176 _____ () C:\Program Files (x86)\DriveTheLife2012\DllHook.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000114576 _____ () C:\Program Files (x86)\DriveTheLife2012\DevCfg.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000122616 _____ () C:\Program Files (x86)\DriveTheLife2012\httpd.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\WINDOWS7\Local Settings:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Application Data:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Temporary Internet Files:HMARSI7TdXhnxdFtBNoQg [2320]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\TO5NE5rAPFV8dkG:EVo8jwl2740vPpCS8G [2276]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 09:34 - 2017-09-26 01:25 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 4.2.2.1 - 4.2.2.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{689BD162-6A0B-4075-9FC4-B603050679C8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{FB6386F0-4B7E-475F-B331-FADAE5B393DA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{0B08AD44-EAEA-4C35-9AA2-3620B2285010}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{B5A9F743-82A3-40B2-B4CD-CB7F089F38A0}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [TCP Query User{2821492D-C0E6-4896-8C9F-EA9CA74DE87D}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{8377A5D7-5D66-4214-81B8-D88A2DD6161C}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [{9D8BEC54-A899-4E84-8718-937F20E09303}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{86E65A40-025F-46BF-84CF-CD915175C292}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{D9DD40D4-8052-420C-8AD4-2D58C206EEDB}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{0B1543BC-1462-4F41-860E-603E76E1C314}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{6EB2A4CF-07D9-465F-8FE3-8C929986D5FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DAF870C-7A46-4A2B-9C56-BDE6CF3DD16B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD1C0C4C-BCBA-4285-9A63-8DB18A6F517E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E69AA736-6AE3-47D3-BF4B-AAFB35DCCE80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2A574FA-A670-4DE7-9733-4C5511D41971}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{68DF5FFB-907D-4A64-805A-DA94816E6DE2}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{09616769-B8B1-4C8C-8A80-9AA3015B6339}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{EFA884FF-1120-4D3D-B1E7-2C4AC1BC04A7}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{9E3D6AF2-7D44-4ACA-B03D-DC8F732CC6EB}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{A071528E-3950-45A7-B84A-FF3D4731360D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{56D348EC-E718-4014-B9D6-286A7F2E3400}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [TCP Query User{6A567C96-717C-4BEB-95D4-5932873948F0}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5DC2A50C-4C26-42C4-A5E6-C561CEF9B44A}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FC906922-D764-42CC-AA3F-602503F53D0C}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8D9B74D3-7F5C-47EF-A786-BC3005E531CD}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A792A289-4C41-4F36-95DA-300EF5D4EAB9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A618F0DE-DA61-4504-A1CA-DEF52764A127}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{1D36ACF8-8A5D-4E15-B56F-70072620ED13}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3594D14-5CB9-4193-BEAE-B8E2C553E5BC}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E239342-6C74-443A-B4EF-4E51CE2C1093}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E5DE7BD-4355-4C42-851E-91E26D9EF649}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7DAC85B-5DE5-4A13-8496-7CC2DE758F61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD570A9C-CCD5-41B1-B08B-54EE93B9A9E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4ACC0FC3-C5B7-47C1-8D48-9533D37A87A1}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{50A59956-6975-4DEF-A51B-02C599F9B4C2}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{A8349172-3B65-434A-832B-1A1A267F3D97}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{563C02DE-959F-46E2-A4E3-9F0253FC6890}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{CFEF566B-4E96-45B2-8DE0-1E5F7AF089B0}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{615E0D3C-8580-4873-9589-56823B857A01}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{20037118-35F4-45EB-8823-EA7296D1376D}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{ACFB32C6-BE29-4F3A-8BA2-6C535AC5D63B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FFB90DB0-49D0-4682-B579-467AAC2A8CD4}] => (Allow) C:\Program Files\Opera\47.0.2631.80\opera.exe
FirewallRules: [{552728CC-C2D3-453B-83F6-51BC2C273365}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7EB3580-78B4-4B14-9929-037A83E39958}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7C52CE1E-DC99-4482-B77F-CCE3E67B59FC}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{13C0C023-39BB-4039-831E-62B38020489D}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{5FD44883-84F1-4B3A-BF68-E392C3D1AC2F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{0A0DF6EC-067E-4158-B8B9-A21B37427BE1}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{6D4A651C-F730-4F75-9D30-0DDBDD46EF2F}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{17964BF0-D381-4B37-B883-EFF9424F95B4}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{149D9E38-713F-4CF7-B6E2-E507DAC94F43}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{BD0D0320-6063-4493-A9CB-B6F57797F0B5}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{0C7CADE2-1EFE-4635-B034-1CB9F6DB12AC}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{21733773-5BC1-4661-AE88-C2861387449B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{E3175532-215F-4A87-9DB8-F528032CC722}] => (Allow) C:\Program Files\Opera\51.0.2830.34\opera.exe
FirewallRules: [{D6B4678D-AA81-4C2C-AF98-07FB807F8472}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [{1F19CA0B-EFDE-43C9-B369-C4C479FC7D53}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBFEB451-CF07-44F8-BC7C-C9128D731294}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C35B04CC-8CE6-4CF5-A5A8-E72CF744C3A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0568F890-A1AB-4645-B371-B36F6EC29801}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47220A36-1346-4151-89A6-E5DD9AFBDE19}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
13-06-2018 04:17:08 Restore Operation
13-06-2018 04:17:40 Windows Update
13-06-2018 04:30:49 Restore Operation
13-06-2018 06:12:00 Windows Update
15-06-2018 05:13:35 Restore Operation
16-06-2018 20:44:55 Windows Update
==================== Faulty Device Manager Devices =============
Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2018 05:24:10 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
Error: (06/14/2018 01:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Faulting module name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Exception code: 0xc0000005
Fault offset: 0x000000000021507c
Faulting process id: 0xd00
Faulting application start time: 0x01d403431579f750
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Report Id: 5f2c5570-6f36-11e8-af1b-14cc2025f802
Error: (06/13/2018 05:29:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.2.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1478
Start Time: 01d4029cd429b104
Termination Time: 5
Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: 179e27cc-6e90-11e8-9dfd-003018ad7743
Error: (06/13/2018 04:27:45 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000056.
Error: (06/13/2018 04:15:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:15:47 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:01:33 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:01:26 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
System errors:
=============
Error: (06/16/2018 08:29:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/16/2018 08:29:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/16/2018 08:25:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:16:48 AM on 6/15/2018 was unexpected.
Error: (06/15/2018 06:14:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/15/2018 06:14:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/15/2018 06:09:01 AM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Error: (06/15/2018 05:41:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/15/2018 05:41:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
CodeIntegrity:
===================================
Date: 2018-06-16 20:29:32.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-16 20:29:32.347
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 06:14:09.672
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 06:14:09.563
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:41:02.019
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:41:01.884
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:27:36.406
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:27:36.300
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A8-6600K APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7657.89 MB
Available physical RAM: 4226.76 MB
Total Virtual: 15313.96 MB
Available Virtual: 11646 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.21 GB) (Free:41.22 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:89.47 GB) NTFS
Drive e: () (Fixed) (Total:443.23 GB) (Free:48.09 GB) NTFS
\\?\Volume{2faffd3e-1ee7-11e6-85f9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8E0582D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#10
Posted 16 June 2018 - 08:04 AM
alisonmunandar
- Topic Starter
-
- Member
-
- 49 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by WINDOWS7 (16-06-2018 21:02:03)
Running from C:\Users\WINDOWS7\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-20 10:08:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2779534775-2398878252-1007244984-500 - Administrator - Disabled)
Guest (S-1-5-21-2779534775-2398878252-1007244984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2779534775-2398878252-1007244984-1002 - Limited - Enabled)
WINDOWS7 (S-1-5-21-2779534775-2398878252-1007244984-1000 - Administrator - Enabled) => C:\Users\WINDOWS7
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.42 (HKLM-x32\...\7-Zip) (Version: - )
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR)
AMD Catalyst Install Manager (HKLM\...\{F87F5A36-43B2-F8CD-F601-AED5D064DD4C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk CAD Manager Tools (HKLM\...\{28B89EEF-0111-0409-0110-CF3F3A09B77D}) (Version: 16.0.0.65 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.13.1.2 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\BitTorrent) (Version: 7.10.3.44397 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CINEMA 4D 17.016 (HKLM\...\MAXONFC68216F) (Version: 17.016 - MAXON Computer GmbH)
DriveTheLife2012 (HKLM-x32\...\{4705B7D9-5E57-4508-8EBD-27E3A710AE6C}_is1) (Version: 1.0 - ÉîÛÚÊÐÇý¶¯ÈËÉúÈí¼þ¼¼ÊõÓÐÏÞ¹«Ë¾)
DWGSee Pro 2018 (HKLM-x32\...\{A1E00A4C-1463-4F7D-B62C-431ADC45EB15}) (Version: 4.72 - AutoDWG)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version: - MixMeister Technology LLC)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
Mp3tag v2.82 (HKLM-x32\...\Mp3tag) (Version: 2.82 - Florian Heidenreich)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Python 3.7.0a1 (64-bit) (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\{8082ccda-4fe2-41e2-9b95-91707f17c026}) (Version: 3.7.101.0 - Python Software Foundation)
Python 3.7.0a1 Add to Path (64-bit) (HKLM\...\{E98E1591-9594-45C1-A832-4254369F7984}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Core Interpreter (64-bit) (HKLM\...\{54B7F70A-9A10-4C53-960C-9DC0C424ABC1}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Development Libraries (64-bit) (HKLM\...\{6A37468A-5D30-472C-AB14-3029108DF911}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Documentation (64-bit) (HKLM\...\{97519427-B263-4CEC-96C2-276D4BB1F402}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Executables (64-bit) (HKLM\...\{B23324D0-B46C-405E-B644-ECAD08F5B42F}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 pip Bootstrap (64-bit) (HKLM\...\{86A4BA9C-84B4-49BE-B5FE-F12FC37A3CC2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Standard Library (64-bit) (HKLM\...\{C5A71F74-8AB8-4815-AB65-9802E087D887}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Tcl/Tk Support (64-bit) (HKLM\...\{6F59BEB1-0A50-497B-AC43-0DC5EB815DAD}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Test Suite (64-bit) (HKLM\...\{66B23FEC-8888-4C5C-89F9-DB3D2F1E87C2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Utility Scripts (64-bit) (HKLM\...\{2D9EDE7D-632E-48D8-B4A6-710C9A20650E}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{675736DA-F01C-42F0-BD96-AC28924B330E}) (Version: 3.7.6105.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.64 - Remo Software)
Sharepod 4.1.0.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TunnelBear (HKLM-x32\...\{33c90f23-a057-4c6d-af1e-c9f004065494}) (Version: 3.1.0.5 - TunnelBear)
TunnelBear (HKLM-x32\...\{3CD8C0E2-5A79-4BBD-A46B-9242E163D6B0}) (Version: 3.1.0.5 - TunnelBear) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
Web Companion (HKLM-x32\...\{89500c76-3af0-4ef8-bb4f-a9359eef74a6}) (Version: 4.2.1846.3481 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2018\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {037FACE2-1E1D-4909-BE26-15EBF1BA36DD} - System32\Tasks\AdobeAAMUpdater-1.0-WINDOWS7-PC-WINDOWS7 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {059D9593-820E-4E96-A888-1637A2E6BA17} - System32\Tasks\goloader1 => wscript /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
Task: {1FDD08A5-2A69-46F8-ACFF-D261D9B61192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {5E15BC24-F7A5-432E-B239-8CE9F79E2C67} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {66958E60-1E75-444F-AF08-20248973CDCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-18] (AVAST Software)
Task: {6ACF82A5-1162-4C36-A869-B5B8AF0FD66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {6C127B07-949B-4034-9257-2C2274D26885} - System32\Tasks\{FD0C9195-8DFF-4F77-B5BD-345BF6D4A15C} => C:\Windows\system32\pcalua.exe -a H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157\Setup.exe -d H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157
Task: {76DB2156-3BB5-4A6D-8663-569A6E08D80E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-25] (Piriform Ltd)
Task: {78BE5CAC-E9FD-4B65-B8D3-0D08F95D8B67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {810B746F-37D2-4CAD-9EB2-4EB4D1945805} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-25] (Piriform Ltd)
Task: {8C9C2D0B-5BEA-43DC-B74F-45A3E522FDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {A391FE45-235C-4BBE-B488-8550182BD186} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-18] (AVAST Software)
Task: {B249CD08-A3E3-4ED5-818F-77636B49BBD6} - System32\Tasks\{DC016729-2903-465B-A2BA-DDAA048C9D95} => C:\Windows\system32\pcalua.exe -a C:\Users\WINDOWS7\Downloads\mp3gain-win-1_2_5.exe -d C:\Users\WINDOWS7\Downloads
Task: {DFD0BF39-8D22-4A88-9687-65EC6148F99C} - System32\Tasks\Opera scheduled Autoupdate 1488390387 => C:\Program Files\Opera\launcher.exe [2018-02-21] (Opera Software)
Task: {FA0EC640-6309-4392-A1FA-FB9D9EB734C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000039296 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-07-03 01:19 - 2016-03-22 03:28 - 001357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-20 17:10 - 2006-12-11 02:14 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-05-20 21:10 - 2013-08-05 17:36 - 000847360 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2018-05-18 02:09 - 2018-05-18 02:09 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-16 20:29 - 2018-06-16 20:29 - 005841040 _____ () C:\Program Files\AVAST Software\Avast\defs\18061600\algo.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000082680 _____ () C:\Program Files (x86)\DriveTheLife2012\PipeProtocol.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000111352 _____ () C:\Program Files (x86)\DriveTheLife2012\tipsdll.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000126464 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000114280 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000361064 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000040040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000021096 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000057448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-05-20 21:10 - 2013-07-23 15:08 - 000193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-05-20 21:10 - 2013-09-27 16:18 - 000192000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2017-07-27 14:31 - 2017-07-27 14:31 - 000667520 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000085904 _____ () C:\Program Files (x86)\DriveTheLife2012\ResLoader.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000119544 _____ () C:\Program Files (x86)\DriveTheLife2012\pcid.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000012176 _____ () C:\Program Files (x86)\DriveTheLife2012\DllHook.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000114576 _____ () C:\Program Files (x86)\DriveTheLife2012\DevCfg.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000122616 _____ () C:\Program Files (x86)\DriveTheLife2012\httpd.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\WINDOWS7\Local Settings:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Application Data:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Temporary Internet Files:HMARSI7TdXhnxdFtBNoQg [2320]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\TO5NE5rAPFV8dkG:EVo8jwl2740vPpCS8G [2276]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 09:34 - 2017-09-26 01:25 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 4.2.2.1 - 4.2.2.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{689BD162-6A0B-4075-9FC4-B603050679C8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{FB6386F0-4B7E-475F-B331-FADAE5B393DA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{0B08AD44-EAEA-4C35-9AA2-3620B2285010}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{B5A9F743-82A3-40B2-B4CD-CB7F089F38A0}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [TCP Query User{2821492D-C0E6-4896-8C9F-EA9CA74DE87D}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{8377A5D7-5D66-4214-81B8-D88A2DD6161C}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [{9D8BEC54-A899-4E84-8718-937F20E09303}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{86E65A40-025F-46BF-84CF-CD915175C292}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{D9DD40D4-8052-420C-8AD4-2D58C206EEDB}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{0B1543BC-1462-4F41-860E-603E76E1C314}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{6EB2A4CF-07D9-465F-8FE3-8C929986D5FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DAF870C-7A46-4A2B-9C56-BDE6CF3DD16B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD1C0C4C-BCBA-4285-9A63-8DB18A6F517E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E69AA736-6AE3-47D3-BF4B-AAFB35DCCE80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2A574FA-A670-4DE7-9733-4C5511D41971}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{68DF5FFB-907D-4A64-805A-DA94816E6DE2}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{09616769-B8B1-4C8C-8A80-9AA3015B6339}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{EFA884FF-1120-4D3D-B1E7-2C4AC1BC04A7}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{9E3D6AF2-7D44-4ACA-B03D-DC8F732CC6EB}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{A071528E-3950-45A7-B84A-FF3D4731360D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{56D348EC-E718-4014-B9D6-286A7F2E3400}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [TCP Query User{6A567C96-717C-4BEB-95D4-5932873948F0}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5DC2A50C-4C26-42C4-A5E6-C561CEF9B44A}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FC906922-D764-42CC-AA3F-602503F53D0C}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8D9B74D3-7F5C-47EF-A786-BC3005E531CD}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A792A289-4C41-4F36-95DA-300EF5D4EAB9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A618F0DE-DA61-4504-A1CA-DEF52764A127}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{1D36ACF8-8A5D-4E15-B56F-70072620ED13}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3594D14-5CB9-4193-BEAE-B8E2C553E5BC}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E239342-6C74-443A-B4EF-4E51CE2C1093}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E5DE7BD-4355-4C42-851E-91E26D9EF649}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7DAC85B-5DE5-4A13-8496-7CC2DE758F61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD570A9C-CCD5-41B1-B08B-54EE93B9A9E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4ACC0FC3-C5B7-47C1-8D48-9533D37A87A1}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{50A59956-6975-4DEF-A51B-02C599F9B4C2}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{A8349172-3B65-434A-832B-1A1A267F3D97}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{563C02DE-959F-46E2-A4E3-9F0253FC6890}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{CFEF566B-4E96-45B2-8DE0-1E5F7AF089B0}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{615E0D3C-8580-4873-9589-56823B857A01}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{20037118-35F4-45EB-8823-EA7296D1376D}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{ACFB32C6-BE29-4F3A-8BA2-6C535AC5D63B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FFB90DB0-49D0-4682-B579-467AAC2A8CD4}] => (Allow) C:\Program Files\Opera\47.0.2631.80\opera.exe
FirewallRules: [{552728CC-C2D3-453B-83F6-51BC2C273365}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7EB3580-78B4-4B14-9929-037A83E39958}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7C52CE1E-DC99-4482-B77F-CCE3E67B59FC}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{13C0C023-39BB-4039-831E-62B38020489D}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{5FD44883-84F1-4B3A-BF68-E392C3D1AC2F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{0A0DF6EC-067E-4158-B8B9-A21B37427BE1}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{6D4A651C-F730-4F75-9D30-0DDBDD46EF2F}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{17964BF0-D381-4B37-B883-EFF9424F95B4}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{149D9E38-713F-4CF7-B6E2-E507DAC94F43}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{BD0D0320-6063-4493-A9CB-B6F57797F0B5}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{0C7CADE2-1EFE-4635-B034-1CB9F6DB12AC}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{21733773-5BC1-4661-AE88-C2861387449B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{E3175532-215F-4A87-9DB8-F528032CC722}] => (Allow) C:\Program Files\Opera\51.0.2830.34\opera.exe
FirewallRules: [{D6B4678D-AA81-4C2C-AF98-07FB807F8472}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [{1F19CA0B-EFDE-43C9-B369-C4C479FC7D53}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBFEB451-CF07-44F8-BC7C-C9128D731294}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C35B04CC-8CE6-4CF5-A5A8-E72CF744C3A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0568F890-A1AB-4645-B371-B36F6EC29801}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47220A36-1346-4151-89A6-E5DD9AFBDE19}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
13-06-2018 04:17:08 Restore Operation
13-06-2018 04:17:40 Windows Update
13-06-2018 04:30:49 Restore Operation
13-06-2018 06:12:00 Windows Update
15-06-2018 05:13:35 Restore Operation
16-06-2018 20:44:55 Windows Update
==================== Faulty Device Manager Devices =============
Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2018 05:24:10 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
Error: (06/14/2018 01:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Faulting module name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Exception code: 0xc0000005
Fault offset: 0x000000000021507c
Faulting process id: 0xd00
Faulting application start time: 0x01d403431579f750
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Report Id: 5f2c5570-6f36-11e8-af1b-14cc2025f802
Error: (06/13/2018 05:29:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.2.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1478
Start Time: 01d4029cd429b104
Termination Time: 5
Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: 179e27cc-6e90-11e8-9dfd-003018ad7743
Error: (06/13/2018 04:27:45 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000056.
Error: (06/13/2018 04:15:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:15:47 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:01:33 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:01:26 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
System errors:
=============
Error: (06/16/2018 08:29:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/16/2018 08:29:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/16/2018 08:25:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:16:48 AM on 6/15/2018 was unexpected.
Error: (06/15/2018 06:14:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/15/2018 06:14:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/15/2018 06:09:01 AM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Error: (06/15/2018 05:41:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/15/2018 05:41:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
CodeIntegrity:
===================================
Date: 2018-06-16 20:29:32.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-16 20:29:32.347
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 06:14:09.672
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 06:14:09.563
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:41:02.019
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:41:01.884
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:27:36.406
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:27:36.300
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A8-6600K APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7657.89 MB
Available physical RAM: 4226.76 MB
Total Virtual: 15313.96 MB
Available Virtual: 11646 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.21 GB) (Free:41.22 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:89.47 GB) NTFS
Drive e: () (Fixed) (Total:443.23 GB) (Free:48.09 GB) NTFS
\\?\Volume{2faffd3e-1ee7-11e6-85f9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8E0582D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#11
Posted 16 June 2018 - 08:05 AM
alisonmunandar
- Topic Starter
-
- Member
-
- 49 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by WINDOWS7 (16-06-2018 21:02:03)
Running from C:\Users\WINDOWS7\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-20 10:08:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2779534775-2398878252-1007244984-500 - Administrator - Disabled)
Guest (S-1-5-21-2779534775-2398878252-1007244984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2779534775-2398878252-1007244984-1002 - Limited - Enabled)
WINDOWS7 (S-1-5-21-2779534775-2398878252-1007244984-1000 - Administrator - Enabled) => C:\Users\WINDOWS7
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.42 (HKLM-x32\...\7-Zip) (Version: - )
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR)
AMD Catalyst Install Manager (HKLM\...\{F87F5A36-43B2-F8CD-F601-AED5D064DD4C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk CAD Manager Tools (HKLM\...\{28B89EEF-0111-0409-0110-CF3F3A09B77D}) (Version: 16.0.0.65 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.13.1.2 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\BitTorrent) (Version: 7.10.3.44397 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CINEMA 4D 17.016 (HKLM\...\MAXONFC68216F) (Version: 17.016 - MAXON Computer GmbH)
DriveTheLife2012 (HKLM-x32\...\{4705B7D9-5E57-4508-8EBD-27E3A710AE6C}_is1) (Version: 1.0 - ÉîÛÚÊÐÇý¶¯ÈËÉúÈí¼þ¼¼ÊõÓÐÏÞ¹«Ë¾)
DWGSee Pro 2018 (HKLM-x32\...\{A1E00A4C-1463-4F7D-B62C-431ADC45EB15}) (Version: 4.72 - AutoDWG)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version: - MixMeister Technology LLC)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
Mp3tag v2.82 (HKLM-x32\...\Mp3tag) (Version: 2.82 - Florian Heidenreich)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Python 3.7.0a1 (64-bit) (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\{8082ccda-4fe2-41e2-9b95-91707f17c026}) (Version: 3.7.101.0 - Python Software Foundation)
Python 3.7.0a1 Add to Path (64-bit) (HKLM\...\{E98E1591-9594-45C1-A832-4254369F7984}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Core Interpreter (64-bit) (HKLM\...\{54B7F70A-9A10-4C53-960C-9DC0C424ABC1}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Development Libraries (64-bit) (HKLM\...\{6A37468A-5D30-472C-AB14-3029108DF911}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Documentation (64-bit) (HKLM\...\{97519427-B263-4CEC-96C2-276D4BB1F402}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Executables (64-bit) (HKLM\...\{B23324D0-B46C-405E-B644-ECAD08F5B42F}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 pip Bootstrap (64-bit) (HKLM\...\{86A4BA9C-84B4-49BE-B5FE-F12FC37A3CC2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Standard Library (64-bit) (HKLM\...\{C5A71F74-8AB8-4815-AB65-9802E087D887}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Tcl/Tk Support (64-bit) (HKLM\...\{6F59BEB1-0A50-497B-AC43-0DC5EB815DAD}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Test Suite (64-bit) (HKLM\...\{66B23FEC-8888-4C5C-89F9-DB3D2F1E87C2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Utility Scripts (64-bit) (HKLM\...\{2D9EDE7D-632E-48D8-B4A6-710C9A20650E}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{675736DA-F01C-42F0-BD96-AC28924B330E}) (Version: 3.7.6105.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.64 - Remo Software)
Sharepod 4.1.0.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TunnelBear (HKLM-x32\...\{33c90f23-a057-4c6d-af1e-c9f004065494}) (Version: 3.1.0.5 - TunnelBear)
TunnelBear (HKLM-x32\...\{3CD8C0E2-5A79-4BBD-A46B-9242E163D6B0}) (Version: 3.1.0.5 - TunnelBear) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
Web Companion (HKLM-x32\...\{89500c76-3af0-4ef8-bb4f-a9359eef74a6}) (Version: 4.2.1846.3481 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2018\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {037FACE2-1E1D-4909-BE26-15EBF1BA36DD} - System32\Tasks\AdobeAAMUpdater-1.0-WINDOWS7-PC-WINDOWS7 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {059D9593-820E-4E96-A888-1637A2E6BA17} - System32\Tasks\goloader1 => wscript /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
Task: {1FDD08A5-2A69-46F8-ACFF-D261D9B61192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {5E15BC24-F7A5-432E-B239-8CE9F79E2C67} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {66958E60-1E75-444F-AF08-20248973CDCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-18] (AVAST Software)
Task: {6ACF82A5-1162-4C36-A869-B5B8AF0FD66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {6C127B07-949B-4034-9257-2C2274D26885} - System32\Tasks\{FD0C9195-8DFF-4F77-B5BD-345BF6D4A15C} => C:\Windows\system32\pcalua.exe -a H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157\Setup.exe -d H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157
Task: {76DB2156-3BB5-4A6D-8663-569A6E08D80E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-25] (Piriform Ltd)
Task: {78BE5CAC-E9FD-4B65-B8D3-0D08F95D8B67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {810B746F-37D2-4CAD-9EB2-4EB4D1945805} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-25] (Piriform Ltd)
Task: {8C9C2D0B-5BEA-43DC-B74F-45A3E522FDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {A391FE45-235C-4BBE-B488-8550182BD186} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-18] (AVAST Software)
Task: {B249CD08-A3E3-4ED5-818F-77636B49BBD6} - System32\Tasks\{DC016729-2903-465B-A2BA-DDAA048C9D95} => C:\Windows\system32\pcalua.exe -a C:\Users\WINDOWS7\Downloads\mp3gain-win-1_2_5.exe -d C:\Users\WINDOWS7\Downloads
Task: {DFD0BF39-8D22-4A88-9687-65EC6148F99C} - System32\Tasks\Opera scheduled Autoupdate 1488390387 => C:\Program Files\Opera\launcher.exe [2018-02-21] (Opera Software)
Task: {FA0EC640-6309-4392-A1FA-FB9D9EB734C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000039296 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-07-03 01:19 - 2016-03-22 03:28 - 001357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-20 17:10 - 2006-12-11 02:14 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-05-20 21:10 - 2013-08-05 17:36 - 000847360 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2018-05-18 02:09 - 2018-05-18 02:09 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-16 20:29 - 2018-06-16 20:29 - 005841040 _____ () C:\Program Files\AVAST Software\Avast\defs\18061600\algo.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000082680 _____ () C:\Program Files (x86)\DriveTheLife2012\PipeProtocol.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000111352 _____ () C:\Program Files (x86)\DriveTheLife2012\tipsdll.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000126464 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000114280 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000361064 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000040040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000021096 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000057448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-05-20 21:10 - 2013-07-23 15:08 - 000193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-05-20 21:10 - 2013-09-27 16:18 - 000192000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2017-07-27 14:31 - 2017-07-27 14:31 - 000667520 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000085904 _____ () C:\Program Files (x86)\DriveTheLife2012\ResLoader.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000119544 _____ () C:\Program Files (x86)\DriveTheLife2012\pcid.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000012176 _____ () C:\Program Files (x86)\DriveTheLife2012\DllHook.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000114576 _____ () C:\Program Files (x86)\DriveTheLife2012\DevCfg.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000122616 _____ () C:\Program Files (x86)\DriveTheLife2012\httpd.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\WINDOWS7\Local Settings:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Application Data:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Temporary Internet Files:HMARSI7TdXhnxdFtBNoQg [2320]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\TO5NE5rAPFV8dkG:EVo8jwl2740vPpCS8G [2276]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 09:34 - 2017-09-26 01:25 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 4.2.2.1 - 4.2.2.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{689BD162-6A0B-4075-9FC4-B603050679C8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{FB6386F0-4B7E-475F-B331-FADAE5B393DA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{0B08AD44-EAEA-4C35-9AA2-3620B2285010}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{B5A9F743-82A3-40B2-B4CD-CB7F089F38A0}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [TCP Query User{2821492D-C0E6-4896-8C9F-EA9CA74DE87D}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{8377A5D7-5D66-4214-81B8-D88A2DD6161C}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [{9D8BEC54-A899-4E84-8718-937F20E09303}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{86E65A40-025F-46BF-84CF-CD915175C292}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{D9DD40D4-8052-420C-8AD4-2D58C206EEDB}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{0B1543BC-1462-4F41-860E-603E76E1C314}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{6EB2A4CF-07D9-465F-8FE3-8C929986D5FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DAF870C-7A46-4A2B-9C56-BDE6CF3DD16B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD1C0C4C-BCBA-4285-9A63-8DB18A6F517E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E69AA736-6AE3-47D3-BF4B-AAFB35DCCE80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2A574FA-A670-4DE7-9733-4C5511D41971}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{68DF5FFB-907D-4A64-805A-DA94816E6DE2}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{09616769-B8B1-4C8C-8A80-9AA3015B6339}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{EFA884FF-1120-4D3D-B1E7-2C4AC1BC04A7}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{9E3D6AF2-7D44-4ACA-B03D-DC8F732CC6EB}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{A071528E-3950-45A7-B84A-FF3D4731360D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{56D348EC-E718-4014-B9D6-286A7F2E3400}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [TCP Query User{6A567C96-717C-4BEB-95D4-5932873948F0}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5DC2A50C-4C26-42C4-A5E6-C561CEF9B44A}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FC906922-D764-42CC-AA3F-602503F53D0C}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8D9B74D3-7F5C-47EF-A786-BC3005E531CD}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A792A289-4C41-4F36-95DA-300EF5D4EAB9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A618F0DE-DA61-4504-A1CA-DEF52764A127}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{1D36ACF8-8A5D-4E15-B56F-70072620ED13}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3594D14-5CB9-4193-BEAE-B8E2C553E5BC}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E239342-6C74-443A-B4EF-4E51CE2C1093}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E5DE7BD-4355-4C42-851E-91E26D9EF649}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7DAC85B-5DE5-4A13-8496-7CC2DE758F61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD570A9C-CCD5-41B1-B08B-54EE93B9A9E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4ACC0FC3-C5B7-47C1-8D48-9533D37A87A1}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{50A59956-6975-4DEF-A51B-02C599F9B4C2}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{A8349172-3B65-434A-832B-1A1A267F3D97}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{563C02DE-959F-46E2-A4E3-9F0253FC6890}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{CFEF566B-4E96-45B2-8DE0-1E5F7AF089B0}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{615E0D3C-8580-4873-9589-56823B857A01}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{20037118-35F4-45EB-8823-EA7296D1376D}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{ACFB32C6-BE29-4F3A-8BA2-6C535AC5D63B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FFB90DB0-49D0-4682-B579-467AAC2A8CD4}] => (Allow) C:\Program Files\Opera\47.0.2631.80\opera.exe
FirewallRules: [{552728CC-C2D3-453B-83F6-51BC2C273365}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7EB3580-78B4-4B14-9929-037A83E39958}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7C52CE1E-DC99-4482-B77F-CCE3E67B59FC}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{13C0C023-39BB-4039-831E-62B38020489D}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{5FD44883-84F1-4B3A-BF68-E392C3D1AC2F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{0A0DF6EC-067E-4158-B8B9-A21B37427BE1}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{6D4A651C-F730-4F75-9D30-0DDBDD46EF2F}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{17964BF0-D381-4B37-B883-EFF9424F95B4}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{149D9E38-713F-4CF7-B6E2-E507DAC94F43}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{BD0D0320-6063-4493-A9CB-B6F57797F0B5}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{0C7CADE2-1EFE-4635-B034-1CB9F6DB12AC}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{21733773-5BC1-4661-AE88-C2861387449B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{E3175532-215F-4A87-9DB8-F528032CC722}] => (Allow) C:\Program Files\Opera\51.0.2830.34\opera.exe
FirewallRules: [{D6B4678D-AA81-4C2C-AF98-07FB807F8472}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [{1F19CA0B-EFDE-43C9-B369-C4C479FC7D53}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBFEB451-CF07-44F8-BC7C-C9128D731294}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C35B04CC-8CE6-4CF5-A5A8-E72CF744C3A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0568F890-A1AB-4645-B371-B36F6EC29801}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47220A36-1346-4151-89A6-E5DD9AFBDE19}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
13-06-2018 04:17:08 Restore Operation
13-06-2018 04:17:40 Windows Update
13-06-2018 04:30:49 Restore Operation
13-06-2018 06:12:00 Windows Update
15-06-2018 05:13:35 Restore Operation
16-06-2018 20:44:55 Windows Update
==================== Faulty Device Manager Devices =============
Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2018 05:24:10 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
Error: (06/14/2018 01:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Faulting module name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Exception code: 0xc0000005
Fault offset: 0x000000000021507c
Faulting process id: 0xd00
Faulting application start time: 0x01d403431579f750
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Report Id: 5f2c5570-6f36-11e8-af1b-14cc2025f802
Error: (06/13/2018 05:29:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.2.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1478
Start Time: 01d4029cd429b104
Termination Time: 5
Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: 179e27cc-6e90-11e8-9dfd-003018ad7743
Error: (06/13/2018 04:27:45 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000056.
Error: (06/13/2018 04:15:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:15:47 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:01:33 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:01:26 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
System errors:
=============
Error: (06/16/2018 08:29:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/16/2018 08:29:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/16/2018 08:25:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:16:48 AM on 6/15/2018 was unexpected.
Error: (06/15/2018 06:14:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/15/2018 06:14:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/15/2018 06:09:01 AM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Error: (06/15/2018 05:41:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/15/2018 05:41:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
CodeIntegrity:
===================================
Date: 2018-06-16 20:29:32.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-16 20:29:32.347
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 06:14:09.672
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 06:14:09.563
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:41:02.019
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:41:01.884
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:27:36.406
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:27:36.300
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A8-6600K APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7657.89 MB
Available physical RAM: 4226.76 MB
Total Virtual: 15313.96 MB
Available Virtual: 11646 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.21 GB) (Free:41.22 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:89.47 GB) NTFS
Drive e: () (Fixed) (Total:443.23 GB) (Free:48.09 GB) NTFS
\\?\Volume{2faffd3e-1ee7-11e6-85f9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8E0582D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#12
Posted 16 June 2018 - 08:06 AM
RKinner
-
- Expert
-
- 24,731 posts
Malware Expert
CPU
AMD A8-6600K 78 °C
If this is accurate (which it often isn't) your CPU is boiling over. Either the fan is not working or the interface between the heatsink and the fan is clogged with dust or Speccy is wrong. Let's get a second opinion:
Run Speedfan to monitor your temps in real time:
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
It will tell you your temps in real time tho the default is to show the hard drive temp in the systray. You can change it: Hit Configure then click on the highest temp and check Show in tray. With no other programs running what is the highest temp you see? Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes. What is the highest temp now?
#13
Posted 16 June 2018 - 08:07 AM
alisonmunandar
- Topic Starter
-
- Member
-
- 49 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by WINDOWS7 (16-06-2018 21:02:03)
Running from C:\Users\WINDOWS7\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-20 10:08:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2779534775-2398878252-1007244984-500 - Administrator - Disabled)
Guest (S-1-5-21-2779534775-2398878252-1007244984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2779534775-2398878252-1007244984-1002 - Limited - Enabled)
WINDOWS7 (S-1-5-21-2779534775-2398878252-1007244984-1000 - Administrator - Enabled) => C:\Users\WINDOWS7
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.42 (HKLM-x32\...\7-Zip) (Version: - )
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR)
AMD Catalyst Install Manager (HKLM\...\{F87F5A36-43B2-F8CD-F601-AED5D064DD4C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk CAD Manager Tools (HKLM\...\{28B89EEF-0111-0409-0110-CF3F3A09B77D}) (Version: 16.0.0.65 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.13.1.2 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\BitTorrent) (Version: 7.10.3.44397 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CINEMA 4D 17.016 (HKLM\...\MAXONFC68216F) (Version: 17.016 - MAXON Computer GmbH)
DriveTheLife2012 (HKLM-x32\...\{4705B7D9-5E57-4508-8EBD-27E3A710AE6C}_is1) (Version: 1.0 - ÉîÛÚÊÐÇý¶¯ÈËÉúÈí¼þ¼¼ÊõÓÐÏÞ¹«Ë¾)
DWGSee Pro 2018 (HKLM-x32\...\{A1E00A4C-1463-4F7D-B62C-431ADC45EB15}) (Version: 4.72 - AutoDWG)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version: - MixMeister Technology LLC)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.1.6710 - Mozilla)
Mp3tag v2.82 (HKLM-x32\...\Mp3tag) (Version: 2.82 - Florian Heidenreich)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Python 3.7.0a1 (64-bit) (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\{8082ccda-4fe2-41e2-9b95-91707f17c026}) (Version: 3.7.101.0 - Python Software Foundation)
Python 3.7.0a1 Add to Path (64-bit) (HKLM\...\{E98E1591-9594-45C1-A832-4254369F7984}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Core Interpreter (64-bit) (HKLM\...\{54B7F70A-9A10-4C53-960C-9DC0C424ABC1}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Development Libraries (64-bit) (HKLM\...\{6A37468A-5D30-472C-AB14-3029108DF911}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Documentation (64-bit) (HKLM\...\{97519427-B263-4CEC-96C2-276D4BB1F402}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Executables (64-bit) (HKLM\...\{B23324D0-B46C-405E-B644-ECAD08F5B42F}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 pip Bootstrap (64-bit) (HKLM\...\{86A4BA9C-84B4-49BE-B5FE-F12FC37A3CC2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Standard Library (64-bit) (HKLM\...\{C5A71F74-8AB8-4815-AB65-9802E087D887}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Tcl/Tk Support (64-bit) (HKLM\...\{6F59BEB1-0A50-497B-AC43-0DC5EB815DAD}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Test Suite (64-bit) (HKLM\...\{66B23FEC-8888-4C5C-89F9-DB3D2F1E87C2}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Utility Scripts (64-bit) (HKLM\...\{2D9EDE7D-632E-48D8-B4A6-710C9A20650E}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{675736DA-F01C-42F0-BD96-AC28924B330E}) (Version: 3.7.6105.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.64 - Remo Software)
Sharepod 4.1.0.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited)
SoulseekQt version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
TP-LINK TL-WN727N Driver (HKLM-x32\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TunnelBear (HKLM-x32\...\{33c90f23-a057-4c6d-af1e-c9f004065494}) (Version: 3.1.0.5 - TunnelBear)
TunnelBear (HKLM-x32\...\{3CD8C0E2-5A79-4BBD-A46B-9242E163D6B0}) (Version: 3.1.0.5 - TunnelBear) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
Web Companion (HKLM-x32\...\{89500c76-3af0-4ef8-bb4f-a9359eef74a6}) (Version: 4.2.1846.3481 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers1-x32: [DWGSeeMenu] -> {A6EAF440-149E-4AF3-AE84-5DA3CF791E3B} => C:\Program Files (x86)\AutoDWG\DWGSee Pro 2018\DWGSeeMenu64.dll [2012-07-13] (TODO: <Company name>)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2006-05-14] ()
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-04-29] (Florian Heidenreich)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-18] (AVAST Software)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-29] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {037FACE2-1E1D-4909-BE26-15EBF1BA36DD} - System32\Tasks\AdobeAAMUpdater-1.0-WINDOWS7-PC-WINDOWS7 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {059D9593-820E-4E96-A888-1637A2E6BA17} - System32\Tasks\goloader1 => wscript /B "C:\ProgramData\SsiRecord\recovery.vbs" "C:\ProgramData\SsiRecord\goloader-recovery.bat"
Task: {1FDD08A5-2A69-46F8-ACFF-D261D9B61192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {5E15BC24-F7A5-432E-B239-8CE9F79E2C67} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {66958E60-1E75-444F-AF08-20248973CDCA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-18] (AVAST Software)
Task: {6ACF82A5-1162-4C36-A869-B5B8AF0FD66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {6C127B07-949B-4034-9257-2C2274D26885} - System32\Tasks\{FD0C9195-8DFF-4F77-B5BD-345BF6D4A15C} => C:\Windows\system32\pcalua.exe -a H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157\Setup.exe -d H:\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157
Task: {76DB2156-3BB5-4A6D-8663-569A6E08D80E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-25] (Piriform Ltd)
Task: {78BE5CAC-E9FD-4B65-B8D3-0D08F95D8B67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {810B746F-37D2-4CAD-9EB2-4EB4D1945805} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-25] (Piriform Ltd)
Task: {8C9C2D0B-5BEA-43DC-B74F-45A3E522FDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {A391FE45-235C-4BBE-B488-8550182BD186} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-18] (AVAST Software)
Task: {B249CD08-A3E3-4ED5-818F-77636B49BBD6} - System32\Tasks\{DC016729-2903-465B-A2BA-DDAA048C9D95} => C:\Windows\system32\pcalua.exe -a C:\Users\WINDOWS7\Downloads\mp3gain-win-1_2_5.exe -d C:\Users\WINDOWS7\Downloads
Task: {DFD0BF39-8D22-4A88-9687-65EC6148F99C} - System32\Tasks\Opera scheduled Autoupdate 1488390387 => C:\Program Files\Opera\launcher.exe [2018-02-21] (Opera Software)
Task: {FA0EC640-6309-4392-A1FA-FB9D9EB734C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000039296 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-06 04:03 - 2018-05-06 04:03 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-07-03 01:19 - 2016-03-22 03:28 - 001357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-20 17:10 - 2006-12-11 02:14 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-05-20 21:10 - 2013-08-05 17:36 - 000847360 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2018-05-18 02:09 - 2018-05-18 02:09 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-16 20:29 - 2018-06-16 20:29 - 005841040 _____ () C:\Program Files\AVAST Software\Avast\defs\18061600\algo.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000082680 _____ () C:\Program Files (x86)\DriveTheLife2012\PipeProtocol.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000111352 _____ () C:\Program Files (x86)\DriveTheLife2012\tipsdll.dll
2017-12-12 10:30 - 2017-12-12 10:30 - 000126464 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000114280 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000100968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000361064 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000058984 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000084072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000040040 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000021096 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2018-05-06 04:03 - 2018-05-06 04:03 - 000057448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2016-05-20 21:10 - 2013-07-23 15:08 - 000193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2016-05-20 21:10 - 2013-09-27 16:18 - 000192000 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRa.dll
2016-05-20 21:10 - 2013-06-17 14:04 - 001206576 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\RaWLAPI.dll
2017-07-27 14:31 - 2017-07-27 14:31 - 000667520 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2018-05-18 02:16 - 2018-05-18 02:16 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-18 02:09 - 2018-05-18 02:09 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000085904 _____ () C:\Program Files (x86)\DriveTheLife2012\ResLoader.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000119544 _____ () C:\Program Files (x86)\DriveTheLife2012\pcid.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000012176 _____ () C:\Program Files (x86)\DriveTheLife2012\DllHook.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000114576 _____ () C:\Program Files (x86)\DriveTheLife2012\DevCfg.dll
2016-05-20 21:02 - 2012-03-13 11:17 - 000122616 _____ () C:\Program Files (x86)\DriveTheLife2012\httpd.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\WINDOWS7\Local Settings:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Application Data:MqFSKzWNJN0dePhYhreqoaWidVb [2470]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\Temporary Internet Files:HMARSI7TdXhnxdFtBNoQg [2320]
AlternateDataStreams: C:\Users\WINDOWS7\AppData\Local\TO5NE5rAPFV8dkG:EVo8jwl2740vPpCS8G [2276]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 09:34 - 2017-09-26 01:25 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2779534775-2398878252-1007244984-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 4.2.2.1 - 4.2.2.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{689BD162-6A0B-4075-9FC4-B603050679C8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{FB6386F0-4B7E-475F-B331-FADAE5B393DA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{0B08AD44-EAEA-4C35-9AA2-3620B2285010}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{B5A9F743-82A3-40B2-B4CD-CB7F089F38A0}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [TCP Query User{2821492D-C0E6-4896-8C9F-EA9CA74DE87D}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [UDP Query User{8377A5D7-5D66-4214-81B8-D88A2DD6161C}C:\program files (x86)\drivethelife2012\drivethelife.exe] => (Allow) C:\program files (x86)\drivethelife2012\drivethelife.exe
FirewallRules: [{9D8BEC54-A899-4E84-8718-937F20E09303}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{86E65A40-025F-46BF-84CF-CD915175C292}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{D9DD40D4-8052-420C-8AD4-2D58C206EEDB}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{0B1543BC-1462-4F41-860E-603E76E1C314}] => (Allow) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{6EB2A4CF-07D9-465F-8FE3-8C929986D5FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DAF870C-7A46-4A2B-9C56-BDE6CF3DD16B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD1C0C4C-BCBA-4285-9A63-8DB18A6F517E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E69AA736-6AE3-47D3-BF4B-AAFB35DCCE80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2A574FA-A670-4DE7-9733-4C5511D41971}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{68DF5FFB-907D-4A64-805A-DA94816E6DE2}] => (Allow) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{09616769-B8B1-4C8C-8A80-9AA3015B6339}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{EFA884FF-1120-4D3D-B1E7-2C4AC1BC04A7}] => (Block) %ProgramFiles% (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
FirewallRules: [{9E3D6AF2-7D44-4ACA-B03D-DC8F732CC6EB}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{A071528E-3950-45A7-B84A-FF3D4731360D}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{56D348EC-E718-4014-B9D6-286A7F2E3400}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [TCP Query User{6A567C96-717C-4BEB-95D4-5932873948F0}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5DC2A50C-4C26-42C4-A5E6-C561CEF9B44A}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FC906922-D764-42CC-AA3F-602503F53D0C}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8D9B74D3-7F5C-47EF-A786-BC3005E531CD}C:\users\windows7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\windows7\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A792A289-4C41-4F36-95DA-300EF5D4EAB9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A618F0DE-DA61-4504-A1CA-DEF52764A127}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{1D36ACF8-8A5D-4E15-B56F-70072620ED13}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3594D14-5CB9-4193-BEAE-B8E2C553E5BC}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E239342-6C74-443A-B4EF-4E51CE2C1093}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E5DE7BD-4355-4C42-851E-91E26D9EF649}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7DAC85B-5DE5-4A13-8496-7CC2DE758F61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD570A9C-CCD5-41B1-B08B-54EE93B9A9E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4ACC0FC3-C5B7-47C1-8D48-9533D37A87A1}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{50A59956-6975-4DEF-A51B-02C599F9B4C2}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{A8349172-3B65-434A-832B-1A1A267F3D97}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{563C02DE-959F-46E2-A4E3-9F0253FC6890}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{CFEF566B-4E96-45B2-8DE0-1E5F7AF089B0}] => (Block) %ALLUSERSPROFILE%\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{615E0D3C-8580-4873-9589-56823B857A01}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{20037118-35F4-45EB-8823-EA7296D1376D}] => (Allow) C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exe
FirewallRules: [{ACFB32C6-BE29-4F3A-8BA2-6C535AC5D63B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FFB90DB0-49D0-4682-B579-467AAC2A8CD4}] => (Allow) C:\Program Files\Opera\47.0.2631.80\opera.exe
FirewallRules: [{552728CC-C2D3-453B-83F6-51BC2C273365}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7EB3580-78B4-4B14-9929-037A83E39958}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7C52CE1E-DC99-4482-B77F-CCE3E67B59FC}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{13C0C023-39BB-4039-831E-62B38020489D}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{5FD44883-84F1-4B3A-BF68-E392C3D1AC2F}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{0A0DF6EC-067E-4158-B8B9-A21B37427BE1}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{6D4A651C-F730-4F75-9D30-0DDBDD46EF2F}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{17964BF0-D381-4B37-B883-EFF9424F95B4}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{149D9E38-713F-4CF7-B6E2-E507DAC94F43}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{BD0D0320-6063-4493-A9CB-B6F57797F0B5}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{0C7CADE2-1EFE-4635-B034-1CB9F6DB12AC}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{21733773-5BC1-4661-AE88-C2861387449B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{E3175532-215F-4A87-9DB8-F528032CC722}] => (Allow) C:\Program Files\Opera\51.0.2830.34\opera.exe
FirewallRules: [{D6B4678D-AA81-4C2C-AF98-07FB807F8472}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [{1F19CA0B-EFDE-43C9-B369-C4C479FC7D53}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EBFEB451-CF07-44F8-BC7C-C9128D731294}] => (Allow) C:\Users\WINDOWS7\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C35B04CC-8CE6-4CF5-A5A8-E72CF744C3A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0568F890-A1AB-4645-B371-B36F6EC29801}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{47220A36-1346-4151-89A6-E5DD9AFBDE19}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
13-06-2018 04:17:08 Restore Operation
13-06-2018 04:17:40 Windows Update
13-06-2018 04:30:49 Restore Operation
13-06-2018 06:12:00 Windows Update
15-06-2018 05:13:35 Restore Operation
16-06-2018 20:44:55 Windows Update
==================== Faulty Device Manager Devices =============
Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2018 05:24:10 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
Error: (06/14/2018 01:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Faulting module name: Wacom_TouchUser.exe, version: 6.3.16.2, time stamp: 0x56f05832
Exception code: 0xc0000005
Fault offset: 0x000000000021507c
Faulting process id: 0xd00
Faulting application start time: 0x01d403431579f750
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Report Id: 5f2c5570-6f36-11e8-af1b-14cc2025f802
Error: (06/13/2018 05:29:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vlc.exe version 2.2.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1478
Start Time: 01d4029cd429b104
Termination Time: 5
Application Path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: 179e27cc-6e90-11e8-9dfd-003018ad7743
Error: (06/13/2018 04:27:45 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000056.
Error: (06/13/2018 04:15:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:15:47 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:01:33 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
Error: (06/13/2018 04:01:26 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Event-ID 1
System errors:
=============
Error: (06/16/2018 08:29:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/16/2018 08:29:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/16/2018 08:25:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:16:48 AM on 6/15/2018 was unexpected.
Error: (06/15/2018 06:14:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/15/2018 06:14:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/15/2018 06:09:01 AM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Error: (06/15/2018 05:41:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWCore service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/15/2018 05:41:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
CodeIntegrity:
===================================
Date: 2018-06-16 20:29:32.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-16 20:29:32.347
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 06:14:09.672
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 06:14:09.563
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:41:02.019
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:41:01.884
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:27:36.406
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-06-15 05:27:36.300
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\DriveTheLife2012\hwcore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A8-6600K APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7657.89 MB
Available physical RAM: 4226.76 MB
Total Virtual: 15313.96 MB
Available Virtual: 11646 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.21 GB) (Free:41.22 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:89.47 GB) NTFS
Drive e: () (Fixed) (Total:443.23 GB) (Free:48.09 GB) NTFS
\\?\Volume{2faffd3e-1ee7-11e6-85f9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8E0582D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
#15
Posted 16 June 2018 - 08:22 AM
alisonmunandar
- Topic Starter
-
- Member
-
- 49 posts
Member
Here's the speedfan result. Fa1.png (Youtube, Internet) Fan2.png(Without program running)
Attached Thumbnails
Similar Topics
Also tagged with one or more of these keywords: Windows7
Answered1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
