Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Believe Have Malware; MBAM Not Running


  • This topic is locked This topic is locked
24 replies to this topic

#1 meeshu

meeshu

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 03 July 2017 - 10:06 PM

Since a few days ago, noticed that the CPU load is often at 50% when at idle, which is not normal. Normal load is usually around 0%.

 

Opening Task Manager usually causes the CPU load to increase to 100%, and the load sometimes stays at that level even after closing the Task Manager!

 

 

Tried running several anti-malware and anti-adware programs (SAS, AdWCleaner, RogueKiller, Zemana, . .), but very little or no infections were found. But MalwareBytes AntiMalware fails to run, I get error message that it is "unable to start". MBAM previously ran fine (about a week ago).

 

Suspect malware is blocking MBAM from running.

 

Did FRST scan with the attached results.

 

It would be appreciated if this could be looked into as soon as possible please.

 

Attached File  FRST.txt   28.14KB   9 downloadsAttached File  Addition.txt   26.44KB   2 downloads

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:41 AM

Posted 04 July 2017 - 03:25 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 meeshu

meeshu
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 04 July 2017 - 06:28 AM

Thank you for your prompt response!

 

Downloaded RGSA and tried to run this program several times, but after getting message about copyright etc and clicking OK, got error message. RGSA didn't seem to run any scan at all!?

 

Screenshot enclosed of error message.

 

 

Attached File  RGSA_error.png   253.68KB   0 downloads

 

 

Downloaded MBAR (MalwareBytes Anti-Rootkit), updated database, and scanned computer with the following result -

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org


Database version:
  main:    v2017.07.04.02
  rootkit: v2017.05.27.01


Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: MINE-PC [administrator]


4/07/2017 10:54:39 p.m.
mbar-log-2017-07-04 (22-54-39).txt


Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 262518
Time elapsed: 4 minute(s), 53 second(s)


Memory Processes Detected: 1
C:\Users\Administrator\AppData\Roaming\audiodg.exe (Trojan.Agent.GenX.IPH) -> 2660 -> No action taken. [1c26441ef9b0c96d91f2ee708d73758b]


Memory Modules Detected: 0
(No malicious items detected)


Registry Keys Detected: 0
(No malicious items detected)


Registry Values Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|7131630b287dd96b31bcd3be031aaffe (Trojan.Agent.GenX.IPH) -> Data: "C:\Users\Administrator\AppData\Roaming\audiodg.exe" .. -> No action taken. [1c26441ef9b0c96d91f2ee708d73758b]
HKU\S-1-5-21-1002102086-959386047-1437358805-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|7131630b287dd96b31bcd3be031aaffe (Trojan.Agent.GenX.IPH) -> Data: "C:\Users\Administrator\AppData\Roaming\audiodg.exe" .. -> No action taken. [1c26441ef9b0c96d91f2ee708d73758b]


Registry Data Items Detected: 0
(No malicious items detected)


Folders Detected: 0
(No malicious items detected)


Files Detected: 6
C:\Users\Administrator\AppData\Roaming\audiodg.exe (Trojan.Agent.GenX.IPH) -> No action taken. [1c26441ef9b0c96d91f2ee708d73758b]
C:\$Recycle.Bin\S-1-5-21-1002102086-959386047-1437358805-500\$R8MJDXX.exe (Trojan.Agent.GenX.IPH) -> No action taken. [f94976ec5e4bdb5be03f798a9a66db25]
C:\$Recycle.Bin\S-1-5-21-1382256656-1906833549-2697462634-500\$RUUAUFK.exe (Trojan.Agent.GenX.IPH) -> No action taken. [1d25b1b1a801fe38bf602dd6e21e966a]
C:\$Recycle.Bin\S-1-5-21-1382256656-1906833549-2697462634-500\$RWN3FKO.exe (Trojan.Agent.GenX.IPH) -> No action taken. [2b179dc5c7e2d165f6297f84e21e15eb]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7131630b287dd96b31bcd3be031aaffe.exe (Trojan.Agent.GenX) -> No action taken. [261c3032c9e094a203b1769438c92fd1]
C:\Windows\tasksche.exe (Ransom.WannaCrypt) -> No action taken. [360c3b27951453e3dcf5cf233bc64fb1]


Physical Sectors Detected: 0
(No malicious items detected)


(end)

Finally downloaded and ran AdwCleaner with the following results -

 

# AdwCleaner v6.047 - Logfile created 04/07/2017 at 23:09:11
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X86)
# Username : Administrator - MINE-PC
# Running from : C:\Users\Administrator\Desktop\adwcleaner_6.047 (6.0.4.7).exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support






***** [ Services ] *****


No malicious services found.




***** [ Folders ] *****


Folder Found:  C:\ProgramData\Auslogics
Folder Found:  C:\ProgramData\Application Data\Auslogics
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Folder Found:  C:\Program Files\Auslogics




***** [ Files ] *****


No malicious files found.




***** [ DLL ] *****


No malicious DLLs found.




***** [ WMI ] *****


No malicious keys found.




***** [ Shortcuts ] *****


No infected shortcut found.




***** [ Scheduled Tasks ] *****


No malicious task found.




***** [ Registry ] *****


Key Found:  HKCU\Software\7131630b287dd96b31bcd3be031aaffe
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found:  HKLM\SOFTWARE\TWEAKBIT
Key Found:  HKLM\SOFTWARE\Auslogics




***** [ Web browsers ] *****


No malicious Firefox based browser items found.
No malicious Chromium based browser items found.


*************************


C:\AdwCleaner\AdwCleaner[S0].txt - [1806 Bytes] - [25/06/2017 00:11:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [1697 Bytes] - [04/07/2017 23:09:11]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1770 Bytes] ##########

So there appears to be an infection on my computer!

 

What is the best way to eliminate this malware, please?

 



#4 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:41 AM

Posted 04 July 2017 - 06:39 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: How the computer is running now?


***


:step5: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the boxes next to Addition.txt and Shortcut.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txt, Shortcut.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 meeshu

meeshu
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 04 July 2017 - 08:43 PM

OK.

 

Results of MBAR clean -

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org


Database version:
  main:    v2017.07.04.07
  rootkit: v2017.05.27.01


Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: MINE-PC [administrator]


5/07/2017 12:23:52 p.m.
mbar-log-2017-07-05 (12-23-52).txt


Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 262314
Time elapsed: 4 minute(s), 54 second(s)


Memory Processes Detected: 1
C:\Users\Administrator\AppData\Roaming\audiodg.exe (Trojan.Agent.GenX.IPH) -> 2676 -> Delete on reboot. [65e2ca98edbcc373b5ceed717e82718f]


Memory Modules Detected: 0
(No malicious items detected)


Registry Keys Detected: 0
(No malicious items detected)


Registry Values Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|7131630b287dd96b31bcd3be031aaffe (Trojan.Agent.GenX.IPH) -> Data: "C:\Users\Administrator\AppData\Roaming\audiodg.exe" .. -> Delete on reboot. [65e2ca98edbcc373b5ceed717e82718f]
HKU\S-1-5-21-1002102086-959386047-1437358805-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|7131630b287dd96b31bcd3be031aaffe (Trojan.Agent.GenX.IPH) -> Data: "C:\Users\Administrator\AppData\Roaming\audiodg.exe" .. -> Delete on reboot. [65e2ca98edbcc373b5ceed717e82718f]


Registry Data Items Detected: 0
(No malicious items detected)


Folders Detected: 0
(No malicious items detected)


Files Detected: 6
C:\Users\Administrator\AppData\Roaming\audiodg.exe (Trojan.Agent.GenX.IPH) -> Delete on reboot. [65e2ca98edbcc373b5ceed717e82718f]
C:\$Recycle.Bin\S-1-5-21-1002102086-959386047-1437358805-500\$R8MJDXX.exe (Trojan.Agent.GenX.IPH) -> Delete on reboot. [f750461cdbcebc7a5ac5976c14ec29d7]
C:\$Recycle.Bin\S-1-5-21-1382256656-1906833549-2697462634-500\$RUUAUFK.exe (Trojan.Agent.GenX.IPH) -> Delete on reboot. [ca7dff63327770c6ec333dc63cc4e818]
C:\$Recycle.Bin\S-1-5-21-1382256656-1906833549-2697462634-500\$RWN3FKO.exe (Trojan.Agent.GenX.IPH) -> Delete on reboot. [95b2bca63e6bee48938cc1428779827e]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7131630b287dd96b31bcd3be031aaffe.exe (Trojan.Agent.GenX) -> Delete on reboot. [7ccb9fc38b1e93a3baf9ff0b1ce520e0]
C:\Windows\tasksche.exe (Ransom.WannaCrypt) -> Delete on reboot. [05422a3803a6fc3a4d830ae860a1fa06]


Physical Sectors Detected: 0
(No malicious items detected)


(end)

Results of AdwCleaner after cleaning -

 

# AdwCleaner v6.047 - Logfile created 05/07/2017 at 12:39:28
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-04.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X86)
# Username : Administrator - MINE-PC
# Running from : C:\Users\Administrator\Desktop\adwcleaner_6.047 (6.0.4.7).exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support






***** [ Services ] *****


No malicious services found.




***** [ Folders ] *****


Folder Found:  C:\ProgramData\Auslogics
Folder Found:  C:\ProgramData\Application Data\Auslogics
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Folder Found:  C:\Program Files\Auslogics




***** [ Files ] *****


No malicious files found.




***** [ DLL ] *****


No malicious DLLs found.




***** [ WMI ] *****


No malicious keys found.




***** [ Shortcuts ] *****


No infected shortcut found.




***** [ Scheduled Tasks ] *****


No malicious task found.




***** [ Registry ] *****


Key Found:  HKCU\Software\7131630b287dd96b31bcd3be031aaffe
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found:  HKLM\SOFTWARE\TWEAKBIT
Key Found:  HKLM\SOFTWARE\Auslogics




***** [ Web browsers ] *****


No malicious Firefox based browser items found.
No malicious Chromium based browser items found.


*************************


C:\AdwCleaner\AdwCleaner[S0].txt - [1806 Bytes] - [25/06/2017 00:11:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [1849 Bytes] - [04/07/2017 23:09:11]
C:\AdwCleaner\AdwCleaner[S2].txt - [1770 Bytes] - [05/07/2017 12:39:28]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1843 Bytes] ##########

Results after JRT cleaning -

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x86 
Ran by Administrator (Administrator) on Wed 05/07/2017 at 12:42:24.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








File System: 14 


Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AS3QBPM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8A8PUV9V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8R5OL5Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMIHVR3Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8KJ0SK7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ZZVPBF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCQT469K (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AS3QBPM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8A8PUV9V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8R5OL5Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMIHVR3Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8KJ0SK7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8ZZVPBF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCQT469K (Temporary Internet Files Folder) 






Registry: 0 










~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/07/2017 at 12:43:00.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Unfortunately the CPU is still running at 50% load while "idling". Also MBAM still fails to run - "Unable to start". So there is still a problem with my computer.

 

 

Results of FRST scan -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2017
Ran by Administrator (administrator) on MINE-PC (05-07-2017 13:24:06)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)




==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CVGW14EN] => C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe [610424 2012-11-29] (ACD Systems)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [NetworkIndicator] => C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [4179576 2017-06-15] (Vivaldi Technologies AS)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6843808 2017-06-13] (SUPERAntiSpyware)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4019312 2017-06-29] (Tonec Inc.)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Compact Tray Meter] => C:\Compact Tray Meter\Compact Tray Meter.exe [3081672 2014-05-31] (www.dennisbabkin.com)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\RunOnce: [Application Restart #0] => C:\Program Files\Vivaldi\Application\vivaldi.exe [921720 2017-06-15] (Vivaldi Technologies AS)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\MountPoints2: {0698c26a-adf2-11e6-a5dc-806e6f6e6963} - G:\autorun\autorun.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bookmark Buddy Unicode.lnk [2017-04-01]
ShortcutTarget: Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{cea530d4-3fbc-47e3-92f6-b2bb03d16922} <==== ATTENTION (Restriction - IP)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\..\Interfaces\{82918AE5-FEF1-4FD4-9414-8D9A196A3FE0}: [NameServer] 203.97.78.43 203.97.78.44


Internet Explorer:
==================
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1002102086-959386047-1437358805-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-06-24] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)


FireFox:
========
FF DefaultProfile: 3b5x35ob.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default [2017-07-01]
FF Extension: (Internet Download Accelerator) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ida@westbyte.com.xpi [2017-05-15]
FF Extension: (Internet Download Accelerator Toolbar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\idabarff@westbyte.com.xpi [2017-02-10]
FF Extension: (Status-4-Evar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\status4evar@caligonstudios.com.xpi [2017-03-04]
FF Extension: (FlashGot) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-03-04]
FF Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-04]
FF Extension: (No Name) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [not found]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default [2017-06-26]
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default\user.js [2006-04-07]
FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-13] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2017-06-29] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)


Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-06-29]


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-06] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 CVShell Service; C:\Program Files\ACD Systems\Canvas 14\CVShellSrv.exe [259192 2012-11-29] (ACD Systems of America Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 WELM; C:\Windows\Fonts\wininit.exe [1428996 2017-07-03] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139216 2016-07-12] (RedFox)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [46848 2012-02-19] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [68352 2012-02-19] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-04-12] (REALiX(tm))
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSGDIO; C:\Windows\System32\DRIVERS\ssgdio32.sys [12048 2017-04-12] (ATI Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-07-01] ()
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-01] (Zemana Ltd.)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-07-05 13:23 - 2017-07-05 13:23 - 00000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2017-07-05 12:43 - 2017-07-05 12:43 - 00002923 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-07-05 12:22 - 2017-07-03 22:10 - 01663672 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT_(8.1.3.0).exe
2017-07-04 23:03 - 2017-06-24 14:37 - 04110280 _____ C:\Users\Administrator\Desktop\adwcleaner_6.047 (6.0.4.7).exe
2017-07-04 22:54 - 2017-07-05 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-04 22:54 - 2017-07-05 12:23 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-04 22:18 - 2017-07-05 12:29 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2017-07-04 22:18 - 2017-07-05 12:23 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-07-04 21:48 - 2017-07-04 21:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.09.3.1001.exe
2017-07-04 20:58 - 2017-07-04 20:58 - 00899584 _____ C:\Users\Administrator\Desktop\RGSA.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 00000004 _____ C:\Users\Administrator\AppData\Roaming\app
2017-07-04 18:33 - 2017-07-04 18:33 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-07-04 18:31 - 2017-07-04 18:33 - 00213530 _____ C:\TDSSKiller.3.1.0.15_04.07.2017_18.31.53_log.txt
2017-07-04 15:18 - 2017-07-04 15:18 - 00084120 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-04 14:47 - 2017-07-05 13:24 - 00010376 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-07-04 14:47 - 2017-07-04 14:52 - 00027079 _____ C:\Users\Administrator\Desktop\Addition.txt
2017-07-02 22:09 - 2017-07-05 13:23 - 01782272 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2017-07-02 22:09 - 2017-07-02 22:09 - 00017195 _____ C:\Users\Administrator\Desktop\mb-check-results.zip
2017-07-02 22:08 - 2017-07-01 13:53 - 02311624 _____ (Malwarebytes Corporation) C:\Users\Administrator\Desktop\mb-check-3.1.2.1001.exe
2017-07-02 17:59 - 2017-07-04 22:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-02 17:59 - 2017-07-03 15:45 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-02 17:59 - 2017-07-02 17:59 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-02 17:59 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-02 03:16 - 2017-07-05 13:24 - 00000000 ____D C:\FRST
2017-07-01 21:45 - 2017-07-01 21:46 - 00001488 _____ C:\Users\Administrator\Desktop\FLVPlayer4Free.lnk
2017-07-01 21:28 - 2017-07-05 13:24 - 00045803 _____ C:\Windows\ZAM.krnl.trace
2017-07-01 21:28 - 2017-07-05 13:24 - 00015837 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00001888 _____ C:\Users\Public\Desktop\Zemana MUST use Internet!.lnk
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-01 12:19 - 2017-07-01 12:19 - 00000000 ____D C:\Compact Tray Meter
2017-06-30 17:02 - 2017-06-30 17:02 - 00001116 _____ C:\Users\Administrator\Desktop\PotPlayer.lnk
2017-06-30 15:17 - 2017-06-30 15:17 - 00000000 ____D C:\Exe Explorer
2017-06-30 15:11 - 2017-06-30 15:11 - 00000000 ____D C:\MSIX
2017-06-30 14:19 - 2017-06-30 14:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PDAppFlex
2017-06-30 13:03 - 2017-06-30 13:03 - 00000000 ____D C:\Program Files\NirSoft
2017-06-30 13:02 - 2017-06-30 13:02 - 00143960 _____ C:\Windows\Minidump\063017-11185-01.dmp
2017-06-30 13:02 - 2017-06-30 13:02 - 00000000 ____D C:\Windows\Minidump
2017-06-29 13:14 - 2017-06-29 13:14 - 00000979 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:04 - 2016-12-05 14:59 - 00401484 ____N (Microsoft Corporation) C:\Windows\system32\msvcrtd.dll
2017-06-29 12:56 - 2016-12-05 14:36 - 01393152 ____N (Microsoft Corporation) C:\Windows\system32\mfc42d.dll
2017-06-29 12:03 - 2017-06-29 12:03 - 00000000 ____D C:\Dependency Walker
2017-06-29 03:23 - 2017-06-09 04:15 - 00148104 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-06-28 22:08 - 2017-07-01 23:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-06-28 22:03 - 2017-06-28 22:07 - 00248746 _____ C:\D06M14.mis
2017-06-28 22:03 - 2017-06-28 22:07 - 00141048 _____ C:\D06M14.BMS
2017-06-28 22:01 - 2013-12-07 16:34 - 05010994 _____ C:\Users\Administrator\Victor Borge - 'Page-turner'-LWqFaGwNCMU.3gp
2017-06-28 21:16 - 2017-06-28 21:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MINE-PC-Windows-7-Professional-(32-bit).dat
2017-06-28 21:16 - 2017-06-28 21:16 - 00000000 ____D C:\RegBackup
2017-06-28 21:05 - 2017-06-28 21:05 - 00000000 ____D C:\Windows\pss
2017-06-28 20:37 - 2017-06-28 20:37 - 00000000 ____D C:\Program Files\PFFEditor
2017-06-28 20:06 - 2017-06-28 20:06 - 00183650 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-06-28 20:06 - 2017-06-28 20:06 - 00002117 _____ C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\Program Files\Tweaking.com
2017-06-28 13:17 - 2009-07-14 13:15 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm60 - Copy.dll
2017-06-27 20:22 - 2017-06-27 20:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ZHP
2017-06-27 20:22 - 2017-06-27 20:22 - 00000790 _____ C:\Users\Administrator\Desktop\ZHPDiag.lnk
2017-06-27 20:22 - 2017-06-27 20:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\ZHP
2017-06-27 17:16 - 2017-07-01 13:09 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-27 17:15 - 2017-06-27 17:31 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-27 12:33 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\system32\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\VBExp.dll
2017-06-26 00:48 - 2017-06-26 00:52 - 00190741 _____ C:\D06M13.mis
2017-06-26 00:48 - 2017-06-26 00:52 - 00110456 _____ C:\D06M13.BMS
2017-06-25 00:13 - 2017-06-25 00:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-25 00:12 - 2017-06-25 00:12 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-25 00:11 - 2017-07-05 12:39 - 00000000 ____D C:\AdwCleaner
2017-06-24 17:50 - 2017-06-24 17:53 - 00334289 _____ C:\D06M12.mis
2017-06-24 17:49 - 2017-06-24 17:53 - 00181112 _____ C:\D06M12.BMS
2017-06-23 00:47 - 2015-04-11 19:59 - 12806046 _____ C:\Users\Administrator\Abbott and Costello at their best.-9b8oEcFmQD0.3gp
2017-06-22 16:25 - 2017-06-22 23:16 - 00442091 _____ C:\D06M11.mis
2017-06-22 16:24 - 2017-06-22 23:16 - 00239576 _____ C:\D06M11.BMS
2017-06-22 16:01 - 2017-06-22 16:01 - 00000928 _____ C:\Users\Public\Desktop\PFF Editor.lnk
2017-06-22 16:01 - 2017-06-22 16:01 - 00000000 ____D C:\Program Files\PFF Editor
2017-06-22 15:44 - 2017-06-26 17:25 - 00000000 ____D C:\PFFEditor
2017-06-22 03:00 - 2017-06-22 03:02 - 00823156 _____ C:\Users\Administrator\Downloads\17-855-565_INC_Personal Tax Summary_20170620.pdf
2017-06-22 02:03 - 2017-07-01 21:41 - 00000000 ____D C:\Program Files\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLVPlayer4Free
2017-06-21 15:51 - 2017-06-21 16:11 - 07157399 _____ C:\Users\Administrator\Downloads\pentium-n3520-j2850-celeron-datasheet.pdf
2017-06-20 15:44 - 2017-06-21 12:58 - 00000000 ____D C:\Program Files\IDA
2017-06-20 15:44 - 2017-06-20 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Internet Download Accelerator
2017-06-20 14:31 - 2017-06-21 12:58 - 00000000 ____D C:\ProgramData\GetRight
2017-06-20 14:30 - 2017-06-21 12:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight Pro
2017-06-20 14:30 - 2017-06-20 14:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight
2017-06-19 21:46 - 2016-10-01 06:57 - 31665488 _____ C:\Users\Administrator\Abbott and Costello Outtakes-ehh6mx4Z3kk.3gp
2017-06-19 16:12 - 2017-06-19 16:19 - 00307616 _____ C:\D06M10.mis
2017-06-19 16:12 - 2017-06-19 16:19 - 00169428 _____ C:\D06M10.BMS
2017-06-19 13:45 - 2017-06-19 13:52 - 00478224 _____ C:\D06M09.mis
2017-06-19 13:45 - 2017-06-19 13:52 - 00254096 _____ C:\D06M09.BMS
2017-06-19 12:05 - 2017-06-19 12:05 - 00002215 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00002164 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00000000 ____D C:\Program Files\Vivaldi
2017-06-14 15:12 - 2017-06-18 21:05 - 00233617 _____ C:\ITEMS.DEF.txt
2017-06-14 15:10 - 2017-06-22 15:46 - 00233701 _____ C:\ITEMS.DEF
2017-06-14 15:10 - 2017-06-14 15:10 - 00233619 _____ C:\ITEMS.DEF.orig
2017-06-14 15:07 - 2017-06-14 15:07 - 00047001 _____ C:\GAME.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00020983 _____ C:\ITEMS.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00015412 _____ C:\WPN.BIN
2017-06-13 15:59 - 2017-06-13 15:59 - 00240681 _____ C:\D06M08.mis
2017-06-13 15:58 - 2017-06-13 15:58 - 00136200 _____ C:\D06M08.BMS
2017-06-13 15:57 - 2017-06-13 15:57 - 00219492 _____ C:\D06M07.mis
2017-06-13 15:57 - 2017-06-13 15:57 - 00127620 _____ C:\D06M07.BMS
2017-06-13 15:52 - 2017-06-13 15:52 - 00456520 _____ C:\D06M06.mis
2017-06-13 15:51 - 2017-06-13 15:51 - 00240948 _____ C:\D06M06.BMS


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-07-05 12:51 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-05 12:51 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-05 12:44 - 2009-07-14 16:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-05 12:43 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2017-07-05 12:43 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-05 12:43 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-05 12:43 - 2016-10-06 23:29 - 00000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-05 12:30 - 2009-07-14 16:52 - 00000000 ____D C:\Windows\addins
2017-07-04 22:43 - 2017-06-01 21:53 - 00000000 ____D C:\ProgramData\Zoom Player
2017-07-04 18:32 - 2017-02-28 17:41 - 00849766 _____ C:\Windows\ntbtlog.txt
2017-07-04 12:57 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\Registration
2017-07-03 16:03 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\CSC
2017-07-03 16:03 - 2009-07-14 16:33 - 00339096 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-03 16:00 - 2010-11-21 09:01 - 00778180 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-03 16:00 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\inf
2017-07-02 14:35 - 2009-07-14 14:04 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-07-01 21:30 - 2017-01-21 19:03 - 00000000 ____D C:\Users\Administrator
2017-07-01 13:34 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_889
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\ProgramData\Adobe
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-30 17:58 - 2017-05-24 20:24 - 00000151 _____ C:\Windows\Settings.ini
2017-06-30 17:02 - 2017-02-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-06-30 14:23 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_875
2017-06-30 14:19 - 2017-01-21 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-06-29 13:14 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2017-06-29 13:14 - 2016-10-07 10:04 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-29 11:20 - 2017-05-27 12:53 - 00000354 _____ C:\Windows\w32dasm8.ini
2017-06-28 21:32 - 2010-11-21 12:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-27 22:18 - 2017-04-29 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-06-25 13:50 - 2017-03-03 14:00 - 00000000 ____D C:\Program Files\TubeDigger
2017-06-25 13:49 - 2017-04-01 14:23 - 00078198 _____ C:\My Bookmarks.bkl
2017-06-25 11:52 - 2017-04-01 15:14 - 00078176 _____ C:\Autobackup of My Bookmarks.bkl
2017-06-25 11:20 - 2017-04-01 20:57 - 00078130 _____ C:\Autobackup (older) of My Bookmarks.bkl
2017-06-24 13:29 - 2009-07-14 16:53 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-22 23:12 - 2017-05-19 16:32 - 00441978 _____ C:\MEDP1BCK.MIS
2017-06-21 14:04 - 2017-02-23 15:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-19 16:38 - 2017-04-02 13:06 - 00078142 _____ C:\Autobackup (oldest) of My Bookmarks.bkl
2017-06-16 22:11 - 2016-10-16 13:50 - 00000000 ____D C:\Program Files\VideoLAN
2017-06-05 12:59 - 2016-11-19 14:18 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-06-05 12:59 - 2016-11-19 14:18 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-06-05 12:59 - 2016-11-19 14:17 - 00000000 ____D C:\Windows\system32\Macromed


==================== Files in the root of some directories =======


2017-02-17 13:40 - 2017-02-17 13:40 - 14086800 _____ (Auslogics Labs Pty Ltd                                      ) C:\Program Files\pc-repair-kit-setup.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 0000004 _____ () C:\Users\Administrator\AppData\Roaming\app
2017-05-17 22:41 - 2017-05-17 22:52 - 0000044 ___SH () C:\ProgramData\.zreglib


Some files in TEMP:
====================
2017-07-03 22:10 - 2017-07-05 12:42 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\parctmp.dll
2017-07-03 22:10 - 2017-07-05 12:42 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\parctmp.exe
2017-01-18 09:12 - 2017-01-18 09:12 - 0012288 _____ () C:\Users\Mine\AppData\Local\Temp\qRlttEQWsnBkpStqVGpo.DLL


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-07-02 00:50


==================== End of FRST.txt ============================

 

Results of FRST Addition scan -

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2017
Ran by Administrator (05-07-2017 13:24:23)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X86) (2016-10-06 11:03:23)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-1002102086-959386047-1437358805-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1002102086-959386047-1437358805-501 - Limited - Disabled)
Mine (S-1-5-21-1002102086-959386047-1437358805-1000 - Administrator - Enabled) => C:\Users\Mine


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)




==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced RAR Repair v1.2 (HKLM\...\Advanced RAR Repair v1.2) (Version:  - )
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM\...\AnyDVD) (Version: 8.0.6.1 - RedFox)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.4.0.0 - Auslogics Labs Pty Ltd)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Bookmark Buddy Unicode (HKLM\...\Bookmark Buddy Unicode) (Version:  - )
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Canvas 14 + GIS (HKLM\...\{C46DC4F2-40EB-42DB-8720-DC2011378FE8}) (Version: 14.1.1618 - ACD Systems of America Inc.)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited)
Delta Force Task Force Dagger (HKLM\...\Delta Force Task Force Dagger) (Version:  - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
DVDFab 9.3.1.0 (29/07/2016) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
FILEminimizer Suite (HKLM\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
FLVPlayer4Free Free FLV Player 8.1.0.0 (HKLM\...\FLVPlayer4Free Free FLV Player_is1) (Version:  - Sakysoft s.r.l. uninominale) <==== ATTENTION
GetDiz (HKLM\...\GetDiz) (Version: 4.91 - Outertech)
HWiNFO32 Version 5.50 (HKLM\...\HWiNFO32_is1) (Version: 5.50 - Martin Malík - REALiX)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
LAV Filters 0.69 (HKLM\...\lavfilters_is1) (Version: 0.69 - Hendrik Leppkes)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
MPC-BE 1.5.0.2235 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.5.0.2235 - MPC-BE Team)
Network Activity Indicator for Windows 7 - 8.1 (HKLM\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PFF Editor 1.2.9 (HKLM\...\PFF Editor_is1) (Version:  - Dfzone.be)
PotPlayer (HKLM\...\PotPlayer) (Version:  - Kakao Corp.)
PowerArchiver 2016 (HKLM\...\{A18ABA31-100B-4650-A221-0C13B08AD585}) (Version: 16.10.07 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM\...\PowerArchiver 2016 16.10.07) (Version: 16.10.07 - ConeXware, Inc.)
RogueKiller version 12.11.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.4.0 - Adlice Software)
Shareaza 2.7.9.0 (HKLM\...\Shareaza_is1) (Version: 2.7.9.0 - Shareaza Development Team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.35 - Tweaking.com)
Vivaldi (HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Vivaldi) (Version: 1.10.867.38 - Vivaldi)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 13.5 - Inmatrix LTD)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-24] (Tonec Inc.)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers01: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files\Zoom Player\zpshlext.dll [2008-08-12] ()
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2014-09-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {31B29146-6D97-4975-BFAE-9C8299167B9D} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {66CC6354-3233-4E6C-B77F-7F9909235C93} - System32\Tasks\{09F44CC2-C40F-4DFC-8D55-2422E2AE8ADD} => C:\Program Files\NovaLogic\Delta Force Task Force Dagger\df2terrains4tfd_(1st_install).exe
Task: {96DD94AD-FEE3-44A4-B292-2309BAD91B2C} - System32\Tasks\{DF7190EA-A566-4524-8251-09C90BA1548A} => pcalua.exe -a C:\Windows\System32\vbrun60sp6.exe -d C:\Windows\System32
Task: {9DF19937-94BC-41C8-81B2-7AD60153CA8A} - System32\Tasks\{D541679C-346E-4C29-8016-18C9D42F6F18} => C:\PFFEditor\PFFEditor.exe [2008-05-05] ()
Task: {CD658633-FE89-493E-8A1A-661E3F675207} - System32\Tasks\{EA9AE737-D290-4AD6-85A7-801C8496CCD4} => C:\PFFEditor\PFFEditor.exe [2008-05-05] ()
Task: {F3BCFD93-A876-4587-9D39-F99BA0EB5F06} - System32\Tasks\{3149641E-2BFD-4AF4-9BEF-E59062A1B82D} => C:\Program Files\NovaLogic\Delta Force Task Force Dagger\df2terrains4tfd_(1st_install).exe


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)




==================== Loaded Modules (Whitelisted) ==============


2017-01-18 09:12 - 2015-04-07 13:44 - 00107472 _____ () C:\Program Files\FILEminimizer Suite\fmshell32.dll
2017-07-01 21:28 - 2017-07-01 21:28 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2017-06-19 12:05 - 2017-06-15 00:38 - 02946680 _____ () C:\Program Files\Vivaldi\Application\1.10.867.38\libglesv2.dll
2017-06-19 12:05 - 2017-06-15 00:38 - 00087160 _____ () C:\Program Files\Vivaldi\Application\1.10.867.38\libegl.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)


AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Compressed:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Documents:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Music:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Programs:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Video:Shareaza.GUID [16]


==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-14 14:04 - 2017-07-03 15:58 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts


127.0.0.1       localhost


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1002102086-959386047-1437358805-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: wuauserv => 2


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CEA3509D-2D89-4743-B9DB-2EB8D5FAD4CF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F95BEA2A-4264-4099-A2F9-DB6A1E29EA0E}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{4A79CB3C-2793-466E-AEDB-AF2D75061D50}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3801B1EA-7423-46AF-A9A8-61399063E227}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{8E5BDA0D-DE01-4132-AB77-447E0D4CFBFF}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{CA13C883-020B-4838-AC49-DBDF69F16D46}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{7F6846EA-84BB-4B04-8DD2-8784201665B5}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{E4B45C25-3148-43F8-AF48-C32B1B3DCA2F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5BAFDBCD-0915-4AD6-AEF7-1F71A124ACB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AF37F63D-A08C-4280-B01A-0D0F254D3331}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{1AA1E3F2-16D1-42E6-8CAC-6DB10449D241}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{92E3DB63-2808-45A4-BA6F-101029E7BA17}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{B6D4835D-9C63-4C90-AD94-E55D0567FC0A}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{FF5C5D59-30FF-41B6-A4FC-A7B8D3DE5587}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe


==================== Restore Points =========================


Could not list restore points
Check "winmgmt" service or repair WMI.




==================== Faulty Device Manager Devices =============


Could not list Devices. Check "winmgmt" service or repair WMI.




==================== Event log errors: =========================


Application errors:
==================
Error: (07/05/2017 12:41:41 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={51D1A588-3C62-44E5-A76D-6716FE489120}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.


Error: (07/05/2017 12:20:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Anti-Malware\BootkitRemoval_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


Error: (07/04/2017 09:48:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Anti-Malware\BootkitRemoval_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


Error: (07/04/2017 08:58:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Anti-Malware\BootkitRemoval_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


Error: (07/04/2017 08:49:19 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={10DE4E1A-9CEC-4EA1-A575-850ED92468B7}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.


Error: (07/04/2017 08:48:50 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A849BA9C-6321-44DB-9F59-6AEA70EA9901}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.


Error: (07/04/2017 08:48:21 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E4CD16F7-B253-4315-9E04-5A2632CF166B}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.


Error: (07/04/2017 08:47:46 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B5747733-9463-4588-80F1-26733B23D430}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.


Error: (07/04/2017 06:31:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Anti-Malware\BootkitRemoval_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


Error: (07/04/2017 02:32:09 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={DDC4BBD8-2F6E-4D2B-8358-201E1BBD71FD}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.




System errors:
=============
Error: (07/05/2017 01:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.


Error: (07/05/2017 01:18:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.


Error: (07/05/2017 01:18:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.


Error: (07/05/2017 01:18:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.


Error: (07/05/2017 01:18:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.


Error: (07/05/2017 01:18:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.


Error: (07/05/2017 01:18:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.


Error: (07/05/2017 01:18:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.


Error: (07/05/2017 01:18:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.


Error: (07/05/2017 01:18:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.




CodeIntegrity:
===================================
  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2017-03-10 14:30:13.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.


  Date: 2017-03-10 14:30:13.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.


  Date: 2017-03-10 14:30:13.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.


  Date: 2017-03-10 14:30:13.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.


  Date: 2017-03-10 14:30:13.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.


  Date: 2017-03-10 14:30:13.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.




==================== Memory info =========================== 


Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 39%
Total physical RAM: 2966.14 MB
Available physical RAM: 1801.24 MB
Total Virtual: 5930.57 MB
Available Virtual: 4454 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:35.91 GB) (Free:12.97 GB) NTFS
Drive d: () (Fixed) (Total:119.73 GB) (Free:6.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:310 GB) (Free:15.98 GB) NTFS
Drive f: () (Fixed) (Total:97.76 GB) (Free:79.8 GB) NTFS
Drive h: () (Fixed) (Total:353.01 GB) (Free:226.65 GB) NTFS
Drive i: () (Fixed) (Total:14.99 GB) (Free:10.94 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)


========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)


==================== End of Addition.txt ============================

 

Results of FRST shortcut scan -

Users shortcut scan result (x86) Version: 04-07-2017
Ran by Administrator (05-07-2017 13:24:28)
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)




Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Buy or Upgrade Zoom Player.lnk -> hxxp://inmatrix.com/shop_relay/buyshortcut.shtm
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Download Skins.lnk -> hxxp://skins.inmatrix.com
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Video Tutorials.lnk -> hxxp://inmatrix.com/tutorial_redir.htm
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Help\Forum.lnk -> hxxp://forum.inmatrix.com
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Help\Frequently Asked Questions.lnk -> hxxp://www.inmatrix.com/zplayer/fa
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Help\Home Page.lnk -> hxxp://www.inmatrix.com
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Help\Online Help.lnk -> hxxp://www.inmatrix.com/zplaye
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Help\Usage Guides.lnk -> hxxp://www.inmatrix.com/articles.shtm
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/display/EBCD




Shortcut: C:\Users\Administrator\Links\Desktop.lnk -> C:\Users\Administrator\Desktop ()
Shortcut: C:\Users\Administrator\Links\Downloads.lnk -> C:\Users\Administrator\Downloads ()
Shortcut: C:\Users\Administrator\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Administrator\Desktop\ARAR.lnk -> C:\Program Files\ARAR\ARAR.exe (DataNumen, Inc.)
Shortcut: C:\Users\Administrator\Desktop\Auslogics Registry Cleaner.lnk -> C:\Program Files\Auslogics\Registry Cleaner\RegistryCleaner.exe (No File)
Shortcut: C:\Users\Administrator\Desktop\Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
Shortcut: C:\Users\Administrator\Desktop\DFTFD.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\DFTFD.exe ()
Shortcut: C:\Users\Administrator\Desktop\dftfdmedv193a.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\dftfdmedv193a.exe ()
Shortcut: C:\Users\Administrator\Desktop\FLVPlayer4Free.lnk -> C:\Program Files\FLVPlayer4Free\FLVPlayer4Free.exe (Sakysoft s.r.l.)
Shortcut: C:\Users\Administrator\Desktop\GetDiz.lnk -> C:\Program Files\GetDiz\GetDiz.exe (Outertech - hxxp://www.outertech.com)
Shortcut: C:\Users\Administrator\Desktop\Internet Download Manager.lnk -> C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\Users\Administrator\Desktop\PotPlayer.lnk -> C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe (Kakao)
Shortcut: C:\Users\Administrator\Desktop\TechPowerUp GPU-Z.lnk -> C:\Program Files\GPU-Z\GPU-Z.exe (techPowerUp (www.techpowerup.com))
Shortcut: C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\Users\Administrator\Desktop\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
Shortcut: C:\Users\Administrator\Desktop\ZHPDiag.lnk -> C:\Users\Administrator\AppData\Roaming\ZHP\ZHPDiag3.exe ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk -> C:\Program Files\Internet Download Manager\grabber.chm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk -> C:\Program Files\Internet Download Manager\idman.chm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk -> C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk -> C:\Program Files\Internet Download Manager\license.txt ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk -> C:\Program Files\Internet Download Manager\tutor.chm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk -> C:\Program Files\Internet Download Manager\Uninstall.exe (Tonec Inc.)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GetDiz\GetDiz Documentation.lnk -> C:\Program Files\GetDiz\GetDiz.chm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GetDiz\GetDiz.lnk -> C:\Program Files\GetDiz\GetDiz.exe (Outertech - hxxp://www.outertech.com)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Delta Force® Task Force Dagger™.lnk -> [LF6"pH,R GFSIMt Delta Force: Task Force Dagger"!(1SPSXFL8C&m]
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\GetDiz.lnk -> C:\Program Files\GetDiz\GetDiz.exe (Outertech - hxxp://www.outertech.com)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\K-Meleon.lnk -> C:\Program Files\K-Meleon\k-meleon.exe (hxxp://kmeleonbrowser.org/)
Shortcut: C:\Users\Administrator\AppData\Local\Microsoft\Windows\GameExplorer\{7D1037B0-8E11-4F2E-923C-D5A6446FABFC}\PlayTasks\0\Play.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\DFTFD.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Install Center.lnk -> C:\Program Files\Zoom Player\Zoom Player Install Center.exe (Inmatrix LTD)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\UnInstall.lnk -> C:\Program Files\Zoom Player\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Zoom Player FREE.lnk -> C:\Program Files\Zoom Player\zplayer.exe (Inmatrix LTD)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Zoom Player Help.lnk -> C:\Program Files\Zoom Player\zplayer.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Help\Restore Default Settings.lnk -> C:\Program Files\Zoom Player\DefaultSettings.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware\Zemana AntiMalware.lnk -> C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Open Windows Repair (WR) Tray Icon.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Tweaking.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Registry Backup.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Windows Repair.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD Help.lnk -> C:\Program Files\RedFox\AnyDVD\HelpLauncher.exe (Elaborate Bytes AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD History.lnk -> C:\Program Files\RedFox\AnyDVD\manual\changes.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD.exe (RedFox)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\Register AnyDVD.lnk -> C:\Program Files\RedFox\AnyDVD\RegAnyDVD.exe (RedFox)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\Uninstall.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD-uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\Delta Force Task Force Dagger.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\DFTFD.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\DFTFD LAN Only.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\DFTFDLC.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\DFTFD Mission Editor Manual.lnk -> G:\MANUALS\DFTFDMED.PDF (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\DFTFD Mission Editor.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\dftfdmed.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\ReadMe.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\README.TXT ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\Update Game.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\Update.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\EasyBCD 2.2.lnk -> C:\Program Files\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Uninstall EasyBCD.lnk -> C:\Program Files\NeoSmart Technologies\EasyBCD\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters\Uninstall LAV Filters.lnk -> C:\Program Files\LAV Filters\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk -> C:\Program Files\Internet Download Manager\grabber.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk -> C:\Program Files\Internet Download Manager\idman.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk -> C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk -> C:\Program Files\Internet Download Manager\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk -> C:\Program Files\Internet Download Manager\tutor.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk -> C:\Program Files\Internet Download Manager\Uninstall.exe (Tonec Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32\HWiNFO32 Program.lnk -> C:\Program Files\HWiNFO32\HWiNFO32.EXE (REALiX)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLVPlayer4Free\FLVPlayer4Free.lnk -> C:\Program Files\FLVPlayer4Free\FLVPlayer4Free.exe (Sakysoft s.r.l.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Suite 8.0\FILEminimizer on the Web.lnk -> C:\Program Files\FILEminimizer Suite\Webpage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Suite 8.0\FILEminimizer Suite.lnk -> C:\Program Files\FILEminimizer Suite\FILEminimizer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Suite 8.0\Uninstall FILEminimizer.lnk -> C:\Program Files\FILEminimizer Suite\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\PotPlayer\PotPlayer.lnk -> C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe (Kakao)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\PotPlayer\Uninstall PotPlayer.lnk -> C:\Program Files\DAUM\PotPlayer\uninstall.exe (Kakao)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative Audio Control Panel.lnk -> C:\Program Files\Creative\AudioCS\CTAudCS.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative Software AutoUpdate.lnk -> C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.ini ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bookmark Buddy Unicode\Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bookmark Buddy Unicode\Help.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair\ARAR.lnk -> C:\Program Files\ARAR\ARAR.exe (DataNumen, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair\Help.lnk -> C:\Program Files\ARAR\ARAR.hlp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair\Uninstall ARAR.lnk -> C:\Program Files\ARAR\UNWISE.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems\Canvas 14.lnk -> C:\Program Files\ACD Systems\Canvas 14\Canvas14.exe (ACD Systems of America Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\Links\Desktop.lnk -> C:\Users\Mine\Desktop ()
Shortcut: C:\Users\Mine\Links\Downloads.lnk -> C:\Users\Mine\Downloads ()
Shortcut: C:\Users\Mine\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Mine\Desktop\ARAR.lnk -> C:\Program Files\ARAR\ARAR.exe (DataNumen, Inc.)
Shortcut: C:\Users\Mine\Desktop\Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
Shortcut: C:\Users\Mine\Desktop\FILEminimizer Suite.lnk -> C:\Program Files\FILEminimizer Suite\FILEminimizer.exe ()
Shortcut: C:\Users\Mine\Desktop\Internet Download Manager.lnk -> C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\Users\Mine\Desktop\IsoPuzzle.lnk -> C:\IsoPuzzle.exe ()
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk -> C:\Program Files\Internet Download Manager\grabber.chm ()
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk -> C:\Program Files\Internet Download Manager\idman.chm ()
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk -> C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk -> C:\Program Files\Internet Download Manager\license.txt ()
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk -> C:\Program Files\Internet Download Manager\tutor.chm ()
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk -> C:\Program Files\Internet Download Manager\Uninstall.exe (Tonec Inc.)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\AnyDVD.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD.exe (RedFox)
Shortcut: C:\Users\Public\Desktop\Canvas 14.lnk -> C:\Program Files\ACD Systems\Canvas 14\Canvas14.exe (ACD Systems of America Inc.)
Shortcut: C:\Users\Public\Desktop\CPUID CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\Users\Public\Desktop\DVDFab 9.lnk -> C:\Program Files\DVDFab 9\DVDFab.exe (FengTao Software Inc.)
Shortcut: C:\Users\Public\Desktop\EasyBCD 2.2.lnk -> C:\Program Files\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies)
Shortcut: C:\Users\Public\Desktop\HxD.lnk -> C:\Program Files\HxD\HxD.exe (Maël Hörz)
Shortcut: C:\Users\Public\Desktop\IrfanView.lnk -> C:\Program Files\IrfanView\i_view32.exe (Irfan Skiljan)
Shortcut: C:\Users\Public\Desktop\K-Meleon.lnk -> C:\Program Files\K-Meleon\k-meleon.exe (hxxp://kmeleonbrowser.org/)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\MPC-BE.lnk -> C:\Program Files\MPC-BE\mpc-be.exe (MPC-BE Team)
Shortcut: C:\Users\Public\Desktop\Network Indicator.lnk -> C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe (ITSamples.com)
Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files\Opera\opera.exe (Opera Software)
Shortcut: C:\Users\Public\Desktop\PFF Editor.lnk -> C:\Program Files\PFF Editor\PFFEditor.exe ()
Shortcut: C:\Users\Public\Desktop\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller.exe ()
Shortcut: C:\Users\Public\Desktop\Shareaza.lnk -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
Shortcut: C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\Users\Public\Desktop\Winamp.lnk -> C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\Public\Desktop\Zemana MUST use Internet!.lnk -> C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
Shortcut: C:\Users\Public\Desktop\Zoom Player FREE.lnk -> C:\Program Files\Zoom Player\zplayer.exe (Inmatrix LTD)




ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Help\Command Line Parameters.lnk -> C:\Windows\notepad.exe (Microsoft Corporation) -> C:\Program Files\Zoom Player\param.txt
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Player\Help\Whats New.lnk -> C:\Windows\notepad.exe (Microsoft Corporation) -> C:\Program Files\Zoom Player\whatsnew.txt
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) ->  /register
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD Image Ripper.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD.exe (RedFox) -> -iso
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD Ripper.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD.exe (RedFox) -> -r
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD System Information.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD.exe (RedFox) -> -syslog
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\Uninstall.lnk -> C:\Windows\IsUninst.exe (InstallShield Software Corporation) -> -f"C:\Program Files\NovaLogic\Delta Force Task Force Dagger\Uninst.isu"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters\LAV Audio Configuration.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\LAV Filters\x86\LAVAudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters\LAV Splitter Configuration.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\LAV Filters\x86\LAVSplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters\LAV Video Configuration.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\LAV Filters\x86\LAVVideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bookmark Buddy Unicode\Uninstall.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh) -> -uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1




InternetURL: C:\Users\Administrator\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GetDiz\Outertech Website.url -> URL: hxxp://www.outertech.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters\Visit LAV Filters Home Page.url -> URL: hxxp://1f0.de/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters\Visit LAV Filters on Doom9.url -> URL: hxxp://forum.doom9.org/showthread.php?t=156191
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems\Canvas 14 Release Notes.url -> URL: hxxp://r.acdsee.com/1Wjlx
InternetURL: C:\Users\Mine\Favorites\The NeoSmart Files.url -> URL: hxxp://neosmart.net/blog/feed/
InternetURL: C:\Users\Mine\Favorites\Windows Live\Get Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Mine\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Mine\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Mine\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSN Autos.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSN Entertainment.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSNBC News.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Mine\Favorites\Microsoft Websites\IE Add-on site.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Mine\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Mine\Favorites\Microsoft Websites\Microsoft At Home.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Mine\Favorites\Microsoft Websites\Microsoft At Work.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Mine\Favorites\Microsoft Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Mine\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Mine\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315


==================== End of Shortcut.txt =============================

Edited by meeshu, 04 July 2017 - 08:47 PM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:41 AM

Posted 05 July 2017 - 01:47 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\RunOnce: [Application Restart #0] => C:\Program Files\Vivaldi\Application\vivaldi.exe [921720 2017-06-15] (Vivaldi Technologies AS)
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{cea530d4-3fbc-47e3-92f6-b2bb03d16922} <==== ATTENTION (Restriction - IP)
SearchScopes: HKU\S-1-5-21-1002102086-959386047-1437358805-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default\user.js [2006-04-07]
R2 WELM; C:\Windows\Fonts\wininit.exe [1428996 2017-07-03] (Microsoft Corporation) [File not signed]
C:\Windows\Fonts\wininit.exe
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Compressed:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Documents:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Music:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Programs:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Video:Shareaza.GUID [16]
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.


How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 meeshu

meeshu
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 05 July 2017 - 04:23 AM

Ran FRST "fixlist" with the following result (fixlog.txt) -

Fix result of Farbar Recovery Scan Tool (x86) Version: 04-07-2017Ran by Administrator (05-07-2017 21:09:01) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Boot Mode: Normal


==============================================


fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\RunOnce: [Application Restart #0] => C:\Program Files\Vivaldi\Application\vivaldi.exe [921720 2017-06-15] (Vivaldi Technologies AS)
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{cea530d4-3fbc-47e3-92f6-b2bb03d16922} <==== ATTENTION (Restriction - IP)
SearchScopes: HKU\S-1-5-21-1002102086-959386047-1437358805-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default\user.js [2006-04-07]
R2 WELM; C:\Windows\Fonts\wininit.exe [1428996 2017-07-03] (Microsoft Corporation) [File not signed]
C:\Windows\Fonts\wininit.exe
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Compressed:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Documents:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Music:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Programs:Shareaza.GUID [16]
AlternateDataStreams: C:\Users\Administrator\Downloads\Video:Shareaza.GUID [16]
End
*****************


Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 => value removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value removed successfully.
HKU\S-1-5-21-1002102086-959386047-1437358805-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default\user.js => moved successfully
HKLM\System\CurrentControlSet\Services\WELM => key removed successfully.
WELM => service removed successfully.
C:\Windows\Fonts\wininit.exe => moved successfully
C:\Users\Administrator\Downloads => ":Shareaza.GUID" ADS could not remove.
C:\Users\Administrator\Downloads\Compressed => ":Shareaza.GUID" ADS removed successfully..
C:\Users\Administrator\Downloads\Documents => ":Shareaza.GUID" ADS removed successfully..
C:\Users\Administrator\Downloads\Music => ":Shareaza.GUID" ADS removed successfully..
C:\Users\Administrator\Downloads\Programs => ":Shareaza.GUID" ADS removed successfully..
C:\Users\Administrator\Downloads\Video => ":Shareaza.GUID" ADS removed successfully..




The system needed a reboot.


==== End of Fixlog 21:09:10 ====

The CPU "idle" load is back to 0%, as it was originally. Good, thanks!

 

Unfortunately MBAM will still not run - "Unable to start"!? Is some malware preventing MBAM from running?

 

Also, I forgot to mention that in the previous cleaning procedure, a legitimate program "Auslogics Registry Cleaner" was removed when I don't think it should have been, unless this program was infected?


Edited by meeshu, 05 July 2017 - 04:24 AM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:41 AM

Posted 05 July 2017 - 04:37 AM

There seems to be no malware that blocks MBAM.
When we have finished here, you could ask for that at the MBAM Forum.

---

http://www.shouldiremoveit.com/programs.aspx?q=Auslogics%20Registry%20Cleaner
It seems to be a PUP (Potentially Unwanted Program)
When we have finished here, you can re-install it at your own risk.

 

***


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


***


ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


Can you tell me how your computer is running now and if there are any remaining malware related problems.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 meeshu

meeshu
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 05 July 2017 - 04:55 PM

OK.

 

Ran RKill, and it didn't seem to find any malware. Here is it's log -

 


Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html


Program started at: 07/05/2017 09:53:38 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1


Checking for Windows services to stop:


 * No malware services found to stop.


Checking for processes to terminate:


 * No malware processes found to kill.


Checking Registry for malware related settings:


 * No issues found in the Registry.


Resetting .EXE, .COM, & .BAT associations in the Windows Registry.


Performing miscellaneous checks:


 * No issues found.


Checking Windows Service Integrity: 


 * Windows Management Instrumentation (Winmgmt) is not Running.
   Startup Type set to: Automatic


 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)


Searching for Missing Digital Signatures: 


 * No issues found.


Checking HOSTS File: 


 * HOSTS file entries found: 


  127.0.0.1       localhost


Program finished at: 07/05/2017 09:53:54 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

Then tried running ESET Online Scanner, but as suspected, ESET failed to update program, and it also failed to complete updating malware database. It then stopped with the option to go back and try updating again. At this stage I cancelled ESET Online Scanner and shutdown my computer.

 

The reason ESET failed to update is probably because I'm on a slow dial-up internet connection , and often when trying to download large files/programs, the downloads stop and often do not resume, probably because of a time-out or time limit on downloading. It is suspected that ESET downloads time out and do not resume, unfortunately.

 

So I can't seem to use ESET Online Scanner. Is there an alternative anti-malware scanner that doesn't require downloading huge files? Or if large files have to be downloaded, can a Download Manger be used to download these files?

 

On starting my computer again, the CPU "idle" load has gone back to 50% again, unfortunately!? And MBAM still fails to run.

 

So there are still some issues with my computer.



#10 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:41 AM

Posted 06 July 2017 - 01:31 AM

Please do not use code tags, when you post logs.
Just copy and paste the content of the logs into your post, thanks.

---

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8/10 users: Accept UAC warning if it is enabled.)

- Go to Step 5. Under 1. Registry backup click Backup.

- Go to Repairs and click Open Repairs. Click on button "Unselect all". Select only the "27 Set Windows Services To Default Startup" repair option, then click Start Repairs.
PGv2vtD.png

---

Please download Zemana AntiMalware and save it to your Desktop.
- Start it...
- Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

- Open Zemana AntiMalware again.
- Click on icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

---

FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the boxes next to Addition.txt and Shortcut.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txt, Shortcut.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.
---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 meeshu

meeshu
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 July 2017 - 05:27 AM

Zemana result -

 

Zemana AntiMalware 2.74.2.76 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/7/7
Operating System       : Windows 7 32-bit
Processor              : 4X Intel® Core™ i5-3570K CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 122AC7E68C3934DE02A807
Scan Type              : System Scan
Duration               : 5m 18s
Scanned Objects        : 43116
Detected Objects       : 1
Excluded Objects       : 1
Read Level             : SCSI
Auto Upload            : Disabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Security Center Disabled
Status             : Scanned
Object             : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\DelayedAutoStart
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Potentially Unwanted Modification
Cleaning Action    : Repair
Related Objects    :
                Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\DelayedAutoStart = disabled
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0
 
 
FRST result -
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2017
Ran by Administrator (administrator) on MINE-PC (07-07-2017 21:23:24)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Windows\mssecsvc.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ACD Systems) C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(ITSamples.com) C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Vivaldi Technologies AS) C:\Program Files\Vivaldi\Application\update_notifier.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(www.dennisbabkin.com) C:\Compact Tray Meter\Compact Tray Meter.exe
(Edward Leigh) C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe
(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CVGW14EN] => C:\Program Files\ACD Systems\Canvas 14\CanvasInTouch2.exe [610424 2012-11-29] (ACD Systems)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [NetworkIndicator] => C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe [376832 2014-12-19] (ITSamples.com)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Vivaldi Update Notifier] => C:\Program Files\Vivaldi\Application\update_notifier.exe [4179576 2017-06-15] (Vivaldi Technologies AS)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6843808 2017-06-13] (SUPERAntiSpyware)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4019312 2017-06-29] (Tonec Inc.)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Run: [Compact Tray Meter] => C:\Compact Tray Meter\Compact Tray Meter.exe [3081672 2014-05-31] (www.dennisbabkin.com)
HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\MountPoints2: {0698c26a-adf2-11e6-a5dc-806e6f6e6963} - G:\autorun\autorun.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bookmark Buddy Unicode.lnk [2017-04-01]
ShortcutTarget: Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{cea530d4-3fbc-47e3-92f6-b2bb03d16922} <==== ATTENTION (Restriction - IP)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\..\Interfaces\{82918AE5-FEF1-4FD4-9414-8D9A196A3FE0}: [NameServer] 203.97.78.43 203.97.78.44
 
Internet Explorer:
==================
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1002102086-959386047-1437358805-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-06-24] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 3b5x35ob.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default [2017-07-01]
FF Extension: (Internet Download Accelerator) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ida@westbyte.com.xpi [2017-05-15]
FF Extension: (Internet Download Accelerator Toolbar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\idabarff@westbyte.com.xpi [2017-02-10]
FF Extension: (Status-4-Evar) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\status4evar@caligonstudios.com.xpi [2017-03-04]
FF Extension: (FlashGot) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-03-04]
FF Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-04]
FF Extension: (No Name) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [not found]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\K-Meleon\30ago2xc.default [2017-07-05]
FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-13] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2017-06-29] [not signed]
FF HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-05] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-06-29]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-06] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 CVShell Service; C:\Program Files\ACD Systems\Canvas 14\CVShellSrv.exe [259192 2012-11-29] (ACD Systems of America Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 mssecsvc2.0; C:\WINDOWS\mssecsvc.exe [3723264 2017-07-05] () [File not signed]
S2 WELM; C:\Windows\Fonts\wininit.exe [1438724 2017-07-06] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139216 2016-07-12] (RedFox)
S3 eapihdrv; C:\Users\Administrator\AppData\Local\Temp\ehdrv.sys [135760 2017-07-05] (ESET)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [46848 2012-02-19] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [68352 2012-02-19] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-04-12] (REALiX™)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSGDIO; C:\Windows\System32\DRIVERS\ssgdio32.sys [12048 2017-04-12] (ATI Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-07-01] ()
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-07-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-07-01] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-07 00:08 - 2017-07-07 00:08 - 14554768 _____ (Copyright 2017.) C:\Users\Administrator\Desktop\Zemana.AntiMalware.Portable.exe
2017-07-06 23:13 - 2017-07-06 23:14 - 00000000 ____D C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair
2017-07-06 12:19 - 2017-07-06 12:19 - 00000000 _____ C:\wtf.txt
2017-07-06 12:03 - 2017-07-06 12:03 - 01782272 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2017-07-06 11:25 - 2017-07-06 11:25 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-06 11:25 - 2017-07-06 11:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-06 11:25 - 2017-07-06 11:25 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-06 11:25 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-06 11:23 - 2017-07-06 11:24 - 00028097 _____ C:\Users\Administrator\Desktop\mb-clean-results.txt
2017-07-06 10:51 - 2017-07-06 10:54 - 00644402 _____ C:\Users\Administrator\Downloads\ht4zl.WinThruster.1.79.69.2469.Multilingual.rar
2017-07-06 10:23 - 2017-07-06 10:23 - 00007605 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-07-05 21:59 - 2017-07-05 21:59 - 00000000 ____D C:\Program Files\ESET
2017-07-05 21:59 - 2017-07-05 21:58 - 02870984 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
2017-07-05 21:55 - 2017-07-05 21:55 - 03723264 ____S C:\Windows\mssecsvc.exe
2017-07-05 21:55 - 2017-07-05 21:55 - 03514368 ____S C:\Windows\tasksche.exe
2017-07-05 21:53 - 2017-07-05 21:53 - 00002476 _____ C:\Users\Administrator\Desktop\Rkill.txt
2017-07-05 21:53 - 2017-07-05 21:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\uSeRiNiT.exe
2017-07-05 21:09 - 2017-07-05 21:09 - 00003011 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2017-07-05 13:24 - 2017-07-05 13:24 - 00047204 _____ C:\Users\Administrator\Desktop\Shortcut.txt
2017-07-05 13:23 - 2017-07-06 11:52 - 00000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2017-07-05 12:43 - 2017-07-05 12:43 - 00002923 _____ C:\Users\Administrator\Desktop\JRT.txt
2017-07-05 12:22 - 2017-07-03 22:10 - 01663672 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT_(8.1.3.0).exe
2017-07-04 23:03 - 2017-06-24 14:37 - 04110280 _____ C:\Users\Administrator\Desktop\adwcleaner_6.047 (6.0.4.7).exe
2017-07-04 22:54 - 2017-07-05 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-04 22:18 - 2017-07-05 12:29 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2017-07-04 21:48 - 2017-07-04 21:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrator\Desktop\mbar-1.09.3.1001.exe
2017-07-04 20:58 - 2017-07-04 20:58 - 00899584 _____ C:\Users\Administrator\Desktop\RGSA.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 00000004 _____ C:\Users\Administrator\AppData\Roaming\app
2017-07-04 18:33 - 2017-07-04 18:33 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-07-04 18:31 - 2017-07-04 18:33 - 00213530 _____ C:\TDSSKiller.3.1.0.15_04.07.2017_18.31.53_log.txt
2017-07-04 15:18 - 2017-07-04 15:18 - 00084120 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-04 14:47 - 2017-07-07 21:23 - 00011733 _____ C:\Users\Administrator\Desktop\FRST.txt
2017-07-04 14:47 - 2017-07-07 20:50 - 00027360 _____ C:\Users\Administrator\Desktop\Addition.txt
2017-07-02 22:09 - 2017-07-07 20:45 - 00017445 _____ C:\Users\Administrator\Desktop\mb-check-results.zip
2017-07-02 22:08 - 2017-07-01 13:53 - 02311624 _____ (Malwarebytes Corporation) C:\Users\Administrator\Desktop\mb-check-3.1.2.1001.exe
2017-07-02 03:16 - 2017-07-07 21:23 - 00000000 ____D C:\FRST
2017-07-01 21:45 - 2017-07-01 21:46 - 00001488 _____ C:\Users\Administrator\Desktop\FLVPlayer4Free.lnk
2017-07-01 21:28 - 2017-07-07 21:23 - 00042553 _____ C:\Windows\ZAM.krnl.trace
2017-07-01 21:28 - 2017-07-07 21:23 - 00012401 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2017-07-01 21:28 - 2017-07-01 21:28 - 00001888 _____ C:\Users\Public\Desktop\Zemana MUST use Internet!.lnk
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-01 21:28 - 2017-07-01 21:28 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-07-01 12:19 - 2017-07-01 12:19 - 00000000 ____D C:\Compact Tray Meter
2017-06-30 17:02 - 2017-06-30 17:02 - 00001116 _____ C:\Users\Administrator\Desktop\PotPlayer.lnk
2017-06-30 15:17 - 2017-06-30 15:17 - 00000000 ____D C:\Exe Explorer
2017-06-30 15:11 - 2017-06-30 15:11 - 00000000 ____D C:\MSIX
2017-06-30 14:19 - 2017-06-30 14:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PDAppFlex
2017-06-30 13:03 - 2017-06-30 13:03 - 00000000 ____D C:\Program Files\NirSoft
2017-06-30 13:02 - 2017-06-30 13:02 - 00143960 _____ C:\Windows\Minidump\063017-11185-01.dmp
2017-06-30 13:02 - 2017-06-30 13:02 - 00000000 ____D C:\Windows\Minidump
2017-06-29 13:14 - 2017-06-29 13:14 - 00000979 _____ C:\Users\Administrator\Desktop\Internet Download Manager.lnk
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:14 - 2017-06-29 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-29 13:04 - 2016-12-05 14:59 - 00401484 ____N (Microsoft Corporation) C:\Windows\system32\msvcrtd.dll
2017-06-29 12:56 - 2016-12-05 14:36 - 01393152 ____N (Microsoft Corporation) C:\Windows\system32\mfc42d.dll
2017-06-29 12:03 - 2017-06-29 12:03 - 00000000 ____D C:\Dependency Walker
2017-06-29 03:23 - 2017-06-09 04:15 - 00148104 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-06-28 22:08 - 2017-07-01 23:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-06-28 22:03 - 2017-06-28 22:07 - 00248746 _____ C:\D06M14.mis
2017-06-28 22:03 - 2017-06-28 22:07 - 00141048 _____ C:\D06M14.BMS
2017-06-28 22:01 - 2013-12-07 16:34 - 05010994 _____ C:\Users\Administrator\Victor Borge - 'Page-turner'-LWqFaGwNCMU.3gp
2017-06-28 21:16 - 2017-06-28 21:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MINE-PC-Windows-7-Professional-(32-bit).dat
2017-06-28 21:16 - 2017-06-28 21:16 - 00000000 ____D C:\RegBackup
2017-06-28 21:05 - 2017-06-28 21:05 - 00000000 ____D C:\Windows\pss
2017-06-28 20:37 - 2017-06-28 20:37 - 00000000 ____D C:\Program Files\PFFEditor
2017-06-28 20:06 - 2017-06-28 20:06 - 00183650 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-06-28 20:06 - 2017-06-28 20:06 - 00002117 _____ C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair.lnk
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-06-28 20:06 - 2017-06-28 20:06 - 00000000 ____D C:\Program Files\Tweaking.com
2017-06-28 13:17 - 2009-07-14 13:15 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm60 - Copy.dll
2017-06-27 20:22 - 2017-06-27 20:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ZHP
2017-06-27 20:22 - 2017-06-27 20:22 - 00000790 _____ C:\Users\Administrator\Desktop\ZHPDiag.lnk
2017-06-27 20:22 - 2017-06-27 20:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\ZHP
2017-06-27 17:16 - 2017-07-01 13:09 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-27 17:15 - 2017-06-27 17:31 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-27 17:15 - 2017-06-27 17:15 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-27 12:33 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\system32\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\Windows\VBExp.dll
2017-06-27 12:32 - 2008-04-05 20:09 - 00102490 _____ () C:\VBExp.dll
2017-06-26 00:48 - 2017-06-26 00:52 - 00190741 _____ C:\D06M13.mis
2017-06-26 00:48 - 2017-06-26 00:52 - 00110456 _____ C:\D06M13.BMS
2017-06-25 00:13 - 2017-06-25 00:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-25 00:12 - 2017-06-25 00:12 - 00001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-06-25 00:12 - 2017-06-25 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-06-25 00:11 - 2017-07-05 13:30 - 00000000 ____D C:\AdwCleaner
2017-06-24 17:50 - 2017-06-24 17:53 - 00334289 _____ C:\D06M12.mis
2017-06-24 17:49 - 2017-06-24 17:53 - 00181112 _____ C:\D06M12.BMS
2017-06-23 00:47 - 2015-04-11 19:59 - 12806046 _____ C:\Users\Administrator\Abbott and Costello at their best.-9b8oEcFmQD0.3gp
2017-06-22 16:25 - 2017-06-22 23:16 - 00442091 _____ C:\D06M11.mis
2017-06-22 16:24 - 2017-06-22 23:16 - 00239576 _____ C:\D06M11.BMS
2017-06-22 16:01 - 2017-06-22 16:01 - 00000928 _____ C:\Users\Public\Desktop\PFF Editor.lnk
2017-06-22 16:01 - 2017-06-22 16:01 - 00000000 ____D C:\Program Files\PFF Editor
2017-06-22 15:44 - 2017-06-26 17:25 - 00000000 ____D C:\PFFEditor
2017-06-22 03:00 - 2017-06-22 03:02 - 00823156 _____ C:\Users\Administrator\Downloads\17-855-565_INC_Personal Tax Summary_20170620.pdf
2017-06-22 02:03 - 2017-07-01 21:41 - 00000000 ____D C:\Program Files\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FLVPlayer4Free
2017-06-22 02:03 - 2017-06-22 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLVPlayer4Free
2017-06-21 15:51 - 2017-06-21 16:11 - 07157399 _____ C:\Users\Administrator\Downloads\pentium-n3520-j2850-celeron-datasheet.pdf
2017-06-20 15:44 - 2017-06-21 12:58 - 00000000 ____D C:\Program Files\IDA
2017-06-20 15:44 - 2017-06-20 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Internet Download Accelerator
2017-06-20 14:31 - 2017-06-21 12:58 - 00000000 ____D C:\ProgramData\GetRight
2017-06-20 14:30 - 2017-06-21 12:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight Pro
2017-06-20 14:30 - 2017-06-20 14:30 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GetRight
2017-06-19 21:46 - 2016-10-01 06:57 - 31665488 _____ C:\Users\Administrator\Abbott and Costello Outtakes-ehh6mx4Z3kk.3gp
2017-06-19 16:12 - 2017-06-19 16:19 - 00307616 _____ C:\D06M10.mis
2017-06-19 16:12 - 2017-06-19 16:19 - 00169428 _____ C:\D06M10.BMS
2017-06-19 13:45 - 2017-06-19 13:52 - 00478224 _____ C:\D06M09.mis
2017-06-19 13:45 - 2017-06-19 13:52 - 00254096 _____ C:\D06M09.BMS
2017-06-19 12:05 - 2017-06-19 12:05 - 00002215 _____ C:\Users\Administrator\Desktop\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00002164 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-06-19 12:05 - 2017-06-19 12:05 - 00000000 ____D C:\Program Files\Vivaldi
2017-06-14 15:12 - 2017-06-18 21:05 - 00233617 _____ C:\ITEMS.DEF.txt
2017-06-14 15:10 - 2017-06-22 15:46 - 00233701 _____ C:\ITEMS.DEF
2017-06-14 15:10 - 2017-06-14 15:10 - 00233619 _____ C:\ITEMS.DEF.orig
2017-06-14 15:07 - 2017-06-14 15:07 - 00047001 _____ C:\GAME.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00020983 _____ C:\ITEMS.BIN
2017-06-14 15:03 - 2017-06-14 15:03 - 00015412 _____ C:\WPN.BIN
2017-06-13 15:59 - 2017-06-13 15:59 - 00240681 _____ C:\D06M08.mis
2017-06-13 15:58 - 2017-06-13 15:58 - 00136200 _____ C:\D06M08.BMS
2017-06-13 15:57 - 2017-06-13 15:57 - 00219492 _____ C:\D06M07.mis
2017-06-13 15:57 - 2017-06-13 15:57 - 00127620 _____ C:\D06M07.BMS
2017-06-13 15:52 - 2017-06-13 15:52 - 00456520 _____ C:\D06M06.mis
2017-06-13 15:51 - 2017-06-13 15:51 - 00240948 _____ C:\D06M06.BMS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-07 21:21 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2017-07-07 21:21 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-07 21:21 - 2016-10-06 23:29 - 00054304 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-07 21:21 - 2016-10-06 23:29 - 00000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-07 21:21 - 2009-07-14 16:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-07 21:16 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-07 21:16 - 2009-07-14 16:34 - 00031408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-07 21:15 - 2017-01-21 19:03 - 00000000 ____D C:\Users\Administrator
2017-07-05 12:30 - 2009-07-14 16:52 - 00000000 ____D C:\Windows\addins
2017-07-04 18:32 - 2017-02-28 17:41 - 00849766 _____ C:\Windows\ntbtlog.txt
2017-07-04 12:57 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\Registration
2017-07-03 16:03 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\CSC
2017-07-03 16:03 - 2009-07-14 16:33 - 00339096 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-03 16:00 - 2010-11-21 09:01 - 00778180 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-03 16:00 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\inf
2017-07-02 14:35 - 2009-07-14 14:04 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_530
2017-07-01 13:34 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_889
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\ProgramData\Adobe
2017-06-30 23:01 - 2016-12-24 12:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-06-30 17:58 - 2017-05-24 20:24 - 00000151 _____ C:\Windows\Settings.ini
2017-06-30 17:02 - 2017-02-19 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-06-30 14:23 - 2009-07-14 14:04 - 00000925 _____ C:\Windows\system32\Drivers\etc\hosts_bak_875
2017-06-30 14:19 - 2017-01-21 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-06-29 13:14 - 2017-02-08 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2017-06-29 13:14 - 2016-10-07 10:04 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-29 11:20 - 2017-05-27 12:53 - 00000354 _____ C:\Windows\w32dasm8.ini
2017-06-28 21:32 - 2010-11-21 12:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-27 22:18 - 2017-04-29 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-06-25 13:50 - 2017-03-03 14:00 - 00000000 ____D C:\Program Files\TubeDigger
2017-06-25 13:49 - 2017-04-01 14:23 - 00078198 _____ C:\My Bookmarks.bkl
2017-06-25 11:52 - 2017-04-01 15:14 - 00078176 _____ C:\Autobackup of My Bookmarks.bkl
2017-06-25 11:20 - 2017-04-01 20:57 - 00078130 _____ C:\Autobackup (older) of My Bookmarks.bkl
2017-06-24 13:29 - 2009-07-14 16:53 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-22 23:12 - 2017-05-19 16:32 - 00441978 _____ C:\MEDP1BCK.MIS
2017-06-21 14:04 - 2017-02-23 15:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-19 16:38 - 2017-04-02 13:06 - 00078142 _____ C:\Autobackup (oldest) of My Bookmarks.bkl
2017-06-16 22:11 - 2016-10-16 13:50 - 00000000 ____D C:\Program Files\VideoLAN
 
==================== Files in the root of some directories =======
 
2017-02-17 13:40 - 2017-02-17 13:40 - 14086800 _____ (Auslogics Labs Pty Ltd                                      ) C:\Program Files\pc-repair-kit-setup.exe
2017-07-04 18:34 - 2017-07-04 20:47 - 0000004 _____ () C:\Users\Administrator\AppData\Roaming\app
2017-07-06 10:23 - 2017-07-06 10:23 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-05-17 22:41 - 2017-05-17 22:52 - 0000044 ___SH () C:\ProgramData\.zreglib
 
Some files in TEMP:
====================
2017-07-03 22:10 - 2017-07-07 00:36 - 0000000 _____ () C:\Users\Administrator\AppData\Local\Temp\parctmp.dll
2017-01-18 09:12 - 2017-01-18 09:12 - 0012288 _____ () C:\Users\Mine\AppData\Local\Temp\qRlttEQWsnBkpStqVGpo.DLL
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-02 00:50
 
==================== End of FRST.txt ============================
 
Addition result -
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2017
Ran by Administrator (07-07-2017 21:23:46)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X86) (2016-10-06 11:03:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1002102086-959386047-1437358805-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1002102086-959386047-1437358805-501 - Limited - Disabled)
Mine (S-1-5-21-1002102086-959386047-1437358805-1000 - Administrator - Enabled) => C:\Users\Mine
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Advanced RAR Repair v1.2 (HKLM\...\Advanced RAR Repair v1.2) (Version:  - )
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM\...\AnyDVD) (Version: 8.0.6.1 - RedFox)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.4.0.0 - Auslogics Labs Pty Ltd)
Bookmark Buddy Unicode (HKLM\...\Bookmark Buddy Unicode) (Version:  - )
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Canvas 14 + GIS (HKLM\...\{C46DC4F2-40EB-42DB-8720-DC2011378FE8}) (Version: 14.1.1618 - ACD Systems of America Inc.)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited)
Delta Force Task Force Dagger (HKLM\...\Delta Force Task Force Dagger) (Version:  - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version:  - )
DVDFab 9.3.1.0 (29/07/2016) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
FILEminimizer Suite (HKLM\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
FLVPlayer4Free Free FLV Player 8.1.0.0 (HKLM\...\FLVPlayer4Free Free FLV Player_is1) (Version:  - Sakysoft s.r.l. uninominale) <==== ATTENTION
GetDiz (HKLM\...\GetDiz) (Version: 4.91 - Outertech)
HWiNFO32 Version 5.50 (HKLM\...\HWiNFO32_is1) (Version: 5.50 - Martin Malík - REALiX)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
MPC-BE 1.5.0.2235 (HKLM\...\{903D098F-DD50-4342-AD23-DA868FCA3126}_is1) (Version: 1.5.0.2235 - MPC-BE Team)
Network Activity Indicator for Windows 7 - 8.1 (HKLM\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PFF Editor 1.2.9 (HKLM\...\PFF Editor_is1) (Version:  - Dfzone.be)
PotPlayer (HKLM\...\PotPlayer) (Version:  - Kakao Corp.)
PowerArchiver 2016 (HKLM\...\{A18ABA31-100B-4650-A221-0C13B08AD585}) (Version: 16.10.07 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM\...\PowerArchiver 2016 16.10.07) (Version: 16.10.07 - ConeXware, Inc.)
RogueKiller version 12.11.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.4.0 - Adlice Software)
Shareaza 2.7.9.0 (HKLM\...\Shareaza_is1) (Version: 2.7.9.0 - Shareaza Development Team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.35 - Tweaking.com)
Vivaldi (HKU\S-1-5-21-1002102086-959386047-1437358805-500\...\Vivaldi) (Version: 1.10.867.38 - Vivaldi)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-24] (Tonec Inc.)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers01: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2014-09-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-07-01] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {31B29146-6D97-4975-BFAE-9C8299167B9D} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {66CC6354-3233-4E6C-B77F-7F9909235C93} - System32\Tasks\{09F44CC2-C40F-4DFC-8D55-2422E2AE8ADD} => C:\Program Files\NovaLogic\Delta Force Task Force Dagger\df2terrains4tfd_(1st_install).exe
Task: {96DD94AD-FEE3-44A4-B292-2309BAD91B2C} - System32\Tasks\{DF7190EA-A566-4524-8251-09C90BA1548A} => pcalua.exe -a C:\Windows\System32\vbrun60sp6.exe -d C:\Windows\System32
Task: {9DF19937-94BC-41C8-81B2-7AD60153CA8A} - System32\Tasks\{D541679C-346E-4C29-8016-18C9D42F6F18} => C:\PFFEditor\PFFEditor.exe [2008-05-05] ()
Task: {CD658633-FE89-493E-8A1A-661E3F675207} - System32\Tasks\{EA9AE737-D290-4AD6-85A7-801C8496CCD4} => C:\PFFEditor\PFFEditor.exe [2008-05-05] ()
Task: {F256754D-96F3-4D87-A8C6-7C70301C1EBF} - \AutoKMS -> No File <==== ATTENTION
Task: {F3BCFD93-A876-4587-9D39-F99BA0EB5F06} - System32\Tasks\{3149641E-2BFD-4AF4-9BEF-E59062A1B82D} => C:\Program Files\NovaLogic\Delta Force Task Force Dagger\df2terrains4tfd_(1st_install).exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-05 21:55 - 2017-07-05 21:55 - 03723264 ____S () C:\WINDOWS\mssecsvc.exe
2017-01-18 09:12 - 2015-04-07 13:44 - 00107472 _____ () C:\Program Files\FILEminimizer Suite\fmshell32.dll
2017-07-01 21:28 - 2017-07-01 21:28 - 00131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2016-10-06 23:28 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 14:04 - 2017-07-03 15:58 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1002102086-959386047-1437358805-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.97.78.43 - 203.97.78.44
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: wuauserv => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CEA3509D-2D89-4743-B9DB-2EB8D5FAD4CF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F95BEA2A-4264-4099-A2F9-DB6A1E29EA0E}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{4A79CB3C-2793-466E-AEDB-AF2D75061D50}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3801B1EA-7423-46AF-A9A8-61399063E227}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{8E5BDA0D-DE01-4132-AB77-447E0D4CFBFF}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{CA13C883-020B-4838-AC49-DBDF69F16D46}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{7F6846EA-84BB-4B04-8DD2-8784201665B5}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe
FirewallRules: [{E4B45C25-3148-43F8-AF48-C32B1B3DCA2F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5BAFDBCD-0915-4AD6-AEF7-1F71A124ACB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AF37F63D-A08C-4280-B01A-0D0F254D3331}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{1AA1E3F2-16D1-42E6-8CAC-6DB10449D241}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{92E3DB63-2808-45A4-BA6F-101029E7BA17}] => (Allow) C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{B6D4835D-9C63-4C90-AD94-E55D0567FC0A}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
FirewallRules: [{FF5C5D59-30FF-41B6-A4FC-A7B8D3DE5587}] => (Allow) C:\Users\Administrator\AppData\Roaming\audiodg.exe
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/07/2017 09:22:38 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={5C76F003-EAE1-4BB1-9C67-5692599AD5E7}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/07/2017 09:12:48 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={51F05E6A-101E-43A8-81E9-E7399AD35184}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/07/2017 09:11:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (07/07/2017 08:20:32 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={20F8BC74-9141-40FF-9BDD-F7F4C29A86D9}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/06/2017 11:43:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (07/06/2017 06:18:59 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={60420BB0-F076-4517-9043-21D27DCCC669}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/06/2017 12:03:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Anti-Malware\BootkitRemoval_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/06/2017 11:55:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\Anti-Malware\BootkitRemoval_x64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/06/2017 09:37:37 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={74109831-A482-47C0-B174-F1B5441C117B}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
Error: (07/06/2017 09:37:08 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={15AE0429-2A65-499A-8908-E737076B53EE}: The user Mine-PC\Administrator dialed a connection named Clear Net which has failed. The error code returned on failure is 691.
 
 
System errors:
=============
Error: (07/07/2017 09:22:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Event Log Management service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/07/2017 09:22:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/07/2017 09:22:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/07/2017 09:22:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/07/2017 09:22:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/07/2017 09:22:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/07/2017 09:22:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/07/2017 09:22:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/07/2017 09:22:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (07/07/2017 09:22:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The executable program that this service is configured to run in does not implement the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-14 10:28:52.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-10 14:30:13.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 14:30:13.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 14:30:13.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 14:30:13.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 14:30:13.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-03-10 14:30:13.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 2966.14 MB
Available physical RAM: 2038.09 MB
Total Virtual: 5930.57 MB
Available Virtual: 4860.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:35.91 GB) (Free:12.64 GB) NTFS
Drive d: () (Fixed) (Total:119.73 GB) (Free:6.23 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:310 GB) (Free:15.89 GB) NTFS
Drive f: () (Fixed) (Total:97.76 GB) (Free:79.8 GB) NTFS
Drive h: () (Fixed) (Total:353.01 GB) (Free:226.65 GB) NTFS
Drive i: () (Fixed) (Total:14.99 GB) (Free:10.94 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Shortcut result -
 
Users shortcut scan result (x86) Version: 05-07-2017
Ran by Administrator (07-07-2017 21:23:57)
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/display/EBCD
 
 
Shortcut: C:\Users\Administrator\Links\Desktop.lnk -> C:\Users\Administrator\Desktop ()
Shortcut: C:\Users\Administrator\Links\Downloads.lnk -> C:\Users\Administrator\Downloads ()
Shortcut: C:\Users\Administrator\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Administrator\Desktop\ARAR.lnk -> C:\Program Files\ARAR\ARAR.exe (DataNumen, Inc.)
Shortcut: C:\Users\Administrator\Desktop\Auslogics Registry Cleaner.lnk -> C:\Program Files\Auslogics\Registry Cleaner\RegistryCleaner.exe (No File)
Shortcut: C:\Users\Administrator\Desktop\Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
Shortcut: C:\Users\Administrator\Desktop\DFTFD.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\DFTFD.exe ()
Shortcut: C:\Users\Administrator\Desktop\dftfdmedv193a.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\dftfdmedv193a.exe ()
Shortcut: C:\Users\Administrator\Desktop\FLVPlayer4Free.lnk -> C:\Program Files\FLVPlayer4Free\FLVPlayer4Free.exe (Sakysoft s.r.l.)
Shortcut: C:\Users\Administrator\Desktop\GetDiz.lnk -> C:\Program Files\GetDiz\GetDiz.exe (Outertech - hxxp://www.outertech.com)
Shortcut: C:\Users\Administrator\Desktop\Internet Download Manager.lnk -> C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\Users\Administrator\Desktop\PotPlayer.lnk -> C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe (Kakao)
Shortcut: C:\Users\Administrator\Desktop\TechPowerUp GPU-Z.lnk -> C:\Program Files\GPU-Z\GPU-Z.exe (techPowerUp (www.techpowerup.com))
Shortcut: C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\Users\Administrator\Desktop\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
Shortcut: C:\Users\Administrator\Desktop\ZHPDiag.lnk -> C:\Users\Administrator\AppData\Roaming\ZHP\ZHPDiag3.exe ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk -> C:\Program Files\Internet Download Manager\grabber.chm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk -> C:\Program Files\Internet Download Manager\idman.chm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk -> C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk -> C:\Program Files\Internet Download Manager\license.txt ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk -> C:\Program Files\Internet Download Manager\tutor.chm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk -> C:\Program Files\Internet Download Manager\Uninstall.exe (Tonec Inc.)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GetDiz\GetDiz Documentation.lnk -> C:\Program Files\GetDiz\GetDiz.chm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GetDiz\GetDiz.lnk -> C:\Program Files\GetDiz\GetDiz.exe (Outertech - hxxp://www.outertech.com)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Delta Force® Task Force Dagger™.lnk -> [LF6"pH,R GFSIMt Delta Force: Task Force Dagger"!(1SPSXFL8C&m]
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\GetDiz.lnk -> C:\Program Files\GetDiz\GetDiz.exe (Outertech - hxxp://www.outertech.com)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\K-Meleon.lnk -> C:\Program Files\K-Meleon\k-meleon.exe (hxxp://kmeleonbrowser.org/)
Shortcut: C:\Users\Administrator\AppData\Local\Microsoft\Windows\GameExplorer\{7D1037B0-8E11-4F2E-923C-D5A6446FABFC}\PlayTasks\0\Play.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\DFTFD.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware\Zemana AntiMalware.lnk -> C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Open Windows Repair (WR) Tray Icon.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Tweaking.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Registry Backup.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Windows Repair.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD Help.lnk -> C:\Program Files\RedFox\AnyDVD\HelpLauncher.exe (Elaborate Bytes AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD History.lnk -> C:\Program Files\RedFox\AnyDVD\manual\changes.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD.exe (RedFox)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\Register AnyDVD.lnk -> C:\Program Files\RedFox\AnyDVD\RegAnyDVD.exe (RedFox)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\Uninstall.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD-uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\Delta Force Task Force Dagger.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\DFTFD.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\DFTFD LAN Only.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\DFTFDLC.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\DFTFD Mission Editor Manual.lnk -> G:\MANUALS\DFTFDMED.PDF (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\DFTFD Mission Editor.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\dftfdmed.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\ReadMe.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\README.TXT ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\Update Game.lnk -> C:\Program Files\NovaLogic\Delta Force Task Force Dagger\Update.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\EasyBCD 2.2.lnk -> C:\Program Files\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Uninstall EasyBCD.lnk -> C:\Program Files\NeoSmart Technologies\EasyBCD\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk -> C:\Program Files\Internet Download Manager\grabber.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk -> C:\Program Files\Internet Download Manager\idman.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk -> C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk -> C:\Program Files\Internet Download Manager\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk -> C:\Program Files\Internet Download Manager\tutor.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk -> C:\Program Files\Internet Download Manager\Uninstall.exe (Tonec Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32\HWiNFO32 Program.lnk -> C:\Program Files\HWiNFO32\HWiNFO32.EXE (REALiX)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLVPlayer4Free\FLVPlayer4Free.lnk -> C:\Program Files\FLVPlayer4Free\FLVPlayer4Free.exe (Sakysoft s.r.l.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Suite 8.0\FILEminimizer on the Web.lnk -> C:\Program Files\FILEminimizer Suite\Webpage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Suite 8.0\FILEminimizer Suite.lnk -> C:\Program Files\FILEminimizer Suite\FILEminimizer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Suite 8.0\Uninstall FILEminimizer.lnk -> C:\Program Files\FILEminimizer Suite\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\PotPlayer\PotPlayer.lnk -> C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe (Kakao)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum\PotPlayer\Uninstall PotPlayer.lnk -> C:\Program Files\DAUM\PotPlayer\uninstall.exe (Kakao)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative Audio Control Panel.lnk -> C:\Program Files\Creative\AudioCS\CTAudCS.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative Software AutoUpdate.lnk -> C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.ini ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bookmark Buddy Unicode\Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bookmark Buddy Unicode\Help.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair\ARAR.lnk -> C:\Program Files\ARAR\ARAR.exe (DataNumen, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair\Help.lnk -> C:\Program Files\ARAR\ARAR.hlp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair\Uninstall ARAR.lnk -> C:\Program Files\ARAR\UNWISE.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems\Canvas 14.lnk -> C:\Program Files\ACD Systems\Canvas 14\Canvas14.exe (ACD Systems of America Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\Links\Desktop.lnk -> C:\Users\Mine\Desktop ()
Shortcut: C:\Users\Mine\Links\Downloads.lnk -> C:\Users\Mine\Downloads ()
Shortcut: C:\Users\Mine\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Mine\Desktop\ARAR.lnk -> C:\Program Files\ARAR\ARAR.exe (DataNumen, Inc.)
Shortcut: C:\Users\Mine\Desktop\Bookmark Buddy Unicode.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh)
Shortcut: C:\Users\Mine\Desktop\FILEminimizer Suite.lnk -> C:\Program Files\FILEminimizer Suite\FILEminimizer.exe ()
Shortcut: C:\Users\Mine\Desktop\Internet Download Manager.lnk -> C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\Users\Mine\Desktop\IsoPuzzle.lnk -> C:\IsoPuzzle.exe ()
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk -> C:\Program Files\Internet Download Manager\grabber.chm ()
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk -> C:\Program Files\Internet Download Manager\idman.chm ()
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk -> C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk -> C:\Program Files\Internet Download Manager\license.txt ()
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk -> C:\Program Files\Internet Download Manager\tutor.chm ()
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk -> C:\Program Files\Internet Download Manager\Uninstall.exe (Tonec Inc.)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Vivaldi.lnk -> C:\Program Files\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
Shortcut: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\AnyDVD.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD.exe (RedFox)
Shortcut: C:\Users\Public\Desktop\Canvas 14.lnk -> C:\Program Files\ACD Systems\Canvas 14\Canvas14.exe (ACD Systems of America Inc.)
Shortcut: C:\Users\Public\Desktop\CPUID CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\Users\Public\Desktop\DVDFab 9.lnk -> C:\Program Files\DVDFab 9\DVDFab.exe (FengTao Software Inc.)
Shortcut: C:\Users\Public\Desktop\EasyBCD 2.2.lnk -> C:\Program Files\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies)
Shortcut: C:\Users\Public\Desktop\HxD.lnk -> C:\Program Files\HxD\HxD.exe (Maël Hörz)
Shortcut: C:\Users\Public\Desktop\IrfanView.lnk -> C:\Program Files\IrfanView\i_view32.exe (Irfan Skiljan)
Shortcut: C:\Users\Public\Desktop\K-Meleon.lnk -> C:\Program Files\K-Meleon\k-meleon.exe (hxxp://kmeleonbrowser.org/)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\MPC-BE.lnk -> C:\Program Files\MPC-BE\mpc-be.exe (MPC-BE Team)
Shortcut: C:\Users\Public\Desktop\Network Indicator.lnk -> C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe (ITSamples.com)
Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files\Opera\opera.exe (Opera Software)
Shortcut: C:\Users\Public\Desktop\PFF Editor.lnk -> C:\Program Files\PFF Editor\PFFEditor.exe ()
Shortcut: C:\Users\Public\Desktop\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller.exe ()
Shortcut: C:\Users\Public\Desktop\Shareaza.lnk -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
Shortcut: C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\Users\Public\Desktop\Winamp.lnk -> C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\Public\Desktop\Zemana MUST use Internet!.lnk -> C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
 
 
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair.lnk -> C:\Program Files\Tweaking.com\Windows Repair (All in One)\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) ->  /register
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD Image Ripper.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD.exe (RedFox) -> -iso
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD Ripper.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD.exe (RedFox) -> -r
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox\AnyDVD\AnyDVD System Information.lnk -> C:\Program Files\RedFox\AnyDVD\AnyDVD.exe (RedFox) -> -syslog
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force Task Force Dagger\Uninstall.lnk -> C:\Windows\IsUninst.exe (InstallShield Software Corporation) -> -f"C:\Program Files\NovaLogic\Delta Force Task Force Dagger\Uninst.isu"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bookmark Buddy Unicode\Uninstall.lnk -> C:\Program Files\Bookmark Buddy Unicode\BmkBuddy.exe (Edward Leigh) -> -uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Mine\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Mine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
 
 
InternetURL: C:\Users\Administrator\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GetDiz\Outertech Website.url -> URL: hxxp://www.outertech.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems\Canvas 14 Release Notes.url -> URL: hxxp://r.acdsee.com/1Wjlx
InternetURL: C:\Users\Mine\Favorites\The NeoSmart Files.url -> URL: hxxp://neosmart.net/blog/feed/
InternetURL: C:\Users\Mine\Favorites\Windows Live\Get Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Mine\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Mine\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Mine\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSN Autos.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSN Entertainment.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Mine\Favorites\MSN Websites\MSNBC News.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Mine\Favorites\Microsoft Websites\IE Add-on site.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Mine\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Mine\Favorites\Microsoft Websites\Microsoft At Home.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Mine\Favorites\Microsoft Websites\Microsoft At Work.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Mine\Favorites\Microsoft Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Mine\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Mine\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
 
==================== End of Shortcut.txt =============================
 
 
MBAM still doesn't run. And CPU still loads (at 'idle') to 50% or up to 100%!


#12 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:41 AM

Posted 07 July 2017 - 05:49 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
Start
CreateRestorePoint:
CloseProcesses:
() C:\Windows\mssecsvc.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{cea530d4-3fbc-47e3-92f6-b2bb03d16922} <==== ATTENTION (Restriction - IP)
SearchScopes: HKU\S-1-5-21-1002102086-959386047-1437358805-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
R2 mssecsvc2.0; C:\WINDOWS\mssecsvc.exe [3723264 2017-07-05] () [File not signed]
S2 WELM; C:\Windows\Fonts\wininit.exe [1438724 2017-07-06] (Microsoft Corporation) [File not signed]
C:\Windows\Fonts\wininit.exe
2017-07-05 21:55 - 2017-07-05 21:55 - 03723264 ____S C:\Windows\mssecsvc.exe
Task: {F256754D-96F3-4D87-A8C6-7C70301C1EBF} - \AutoKMS -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.


***


ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


Can you tell me how your computer is running now and if there are any remaining malware related problems.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 meeshu

meeshu
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 July 2017 - 07:03 PM

FRST crashed when running the fix. First time FRST has crashed!

 

Reran FRST fix and this time the fix was apparently successful -

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2017
Ran by Administrator (07-07-2017 23:22:30) Run:3
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Mine & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() C:\Windows\mssecsvc.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{cea530d4-3fbc-47e3-92f6-b2bb03d16922} <==== ATTENTION (Restriction - IP)
SearchScopes: HKU\S-1-5-21-1002102086-959386047-1437358805-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
R2 mssecsvc2.0; C:\WINDOWS\mssecsvc.exe [3723264 2017-07-05] () [File not signed]
S2 WELM; C:\Windows\Fonts\wininit.exe [1438724 2017-07-06] (Microsoft Corporation) [File not signed]
C:\Windows\Fonts\wininit.exe
2017-07-05 21:55 - 2017-07-05 21:55 - 03723264 ____S C:\Windows\mssecsvc.exe
Task: {F256754D-96F3-4D87-A8C6-7C70301C1EBF} - \AutoKMS -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Administrator\Downloads:Shareaza.GUID [16]
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\mssecsvc.exe
C:\Windows\mssecsvc.exe => No running process found
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value not found.
HKU\S-1-5-21-1002102086-959386047-1437358805-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
mssecsvc2.0 => service not found.
WELM => service not found.
"C:\Windows\Fonts\wininit.exe" => not found.
"C:\Windows\mssecsvc.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F256754D-96F3-4D87-A8C6-7C70301C1EBF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F256754D-96F3-4D87-A8C6-7C70301C1EBF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key not found. 
C:\Users\Administrator\Downloads => ":Shareaza.GUID" ADS could not remove.
 
 
The system needed a reboot.
 
==== End of Fixlog 23:22:35 ====
 
 
But as mentioned in post #9, I am having problems running and updating ESET Online Scanner, probably because of my slow internet connection. So ESET Online Scanner is not really an option at this time. Is there another anti-malware scanner/software that could be used instead of ESET Online Scanner?
 
As of this writing, the CPU idle load is back to 0%, as it should be. So the FRST fix seems to have worked, at least for now. Thank you!
 
MBAM will still not run, however.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:41 AM

Posted 08 July 2017 - 01:26 AM

Does MBAM have a repair install option?
If yes, try it.

If no, uninstall an re-install MBAM.

---


We now will run ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Then Enable your anti virus program(s).

---

ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

***


How the computer is running now?

***


Edited by Jo*, 08 July 2017 - 01:32 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 meeshu

meeshu
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 08 July 2017 - 10:43 PM

ComboFix result -

 

ComboFix 17-05-24.14 - Administrator 09/07/2017  12:48:08.1.4 - x86
Running from: c:\users\Administrator\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\readme.txt
c:\windows\Fonts\Issue.ttf
c:\windows\Fonts\WmiApSrv.exe
c:\windows\system32\W32PATCH.dll
c:\windows\w32dasm8.ini
D:\Autorun.inf
D:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2017-06-09 to 2017-07-09  )))))))))))))))))))))))))))))))
.
.
2017-07-08 16:14 . 2017-07-08 16:14 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D20C2F54-8C24-4188-8CDD-70072A048501}\offreg.640.dll
2017-07-07 09:42 . 2017-07-07 09:42 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-07 09:41 . 2017-07-07 09:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-07-05 23:25 . 2017-06-27 00:06 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-05 23:25 . 2017-07-07 09:43 -------- d-----w- c:\programdata\Malwarebytes
2017-07-05 23:25 . 2017-07-05 23:25 -------- d-----w- c:\program files\Malwarebytes
2017-07-05 09:59 . 2017-07-05 09:59 -------- d-----w- c:\program files\ESET
2017-07-04 10:54 . 2017-07-07 11:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2017-07-04 06:33 . 2017-07-04 06:33 -------- d-----w- C:\TDSSKiller_Quarantine
2017-07-03 04:04 . 2017-07-07 09:21 -------- d-----w- c:\windows\system32\catroot2
2017-07-03 03:56 . 2017-07-03 03:56 -------- d-----w- c:\windows\system32\wbem\repository
2017-07-01 15:16 . 2017-07-07 11:22 -------- d-----w- C:\FRST
2017-07-01 11:10 . 2017-07-01 11:10 -------- d-----w- c:\windows\Migration
2017-07-01 09:28 . 2017-07-01 09:28 181496 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2017-07-01 09:28 . 2017-07-01 09:28 181496 ----a-w- c:\windows\system32\drivers\zam32.sys
2017-07-01 09:28 . 2017-07-01 09:28 -------- d-----w- c:\program files\Zemana AntiMalware
2017-07-01 09:28 . 2017-07-01 09:28 -------- d-----w- c:\users\Administrator\AppData\Local\Zemana
2017-07-01 00:19 . 2017-07-01 00:19 -------- d-----w- C:\Compact Tray Meter
2017-06-30 03:17 . 2017-06-30 03:17 -------- d-----w- C:\Exe Explorer
2017-06-30 03:11 . 2017-06-30 03:11 -------- d-----w- C:\MSIX
2017-06-30 02:19 . 2017-06-30 02:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\PDAppFlex
2017-06-30 01:03 . 2017-06-30 01:03 -------- d-----w- c:\program files\NirSoft
2017-06-29 01:04 . 2016-12-05 02:59 401484 ------w- c:\windows\system32\msvcrtd.dll
2017-06-29 00:56 . 2016-12-05 02:36 1393152 ------w- c:\windows\system32\mfc42d.dll
2017-06-29 00:03 . 2017-06-29 00:03 -------- d-----w- C:\Dependency Walker
2017-06-28 15:23 . 2017-06-08 16:15 148104 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2017-06-28 10:08 . 2017-07-07 11:22 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2017-06-28 09:16 . 2017-06-28 09:16 -------- d-----w- C:\RegBackup
2017-06-28 08:37 . 2017-06-28 08:37 -------- d-----w- c:\program files\PFFEditor
2017-06-28 08:06 . 2017-06-28 08:06 -------- d-----w- c:\program files\Tweaking.com
2017-06-28 01:17 . 2009-07-14 01:15 1386496 ----a-w- c:\windows\system32\msvbvm60 - Copy.dll
2017-06-27 08:22 . 2017-06-27 08:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\ZHP
2017-06-27 08:22 . 2017-06-27 08:22 -------- d-----w- c:\users\Administrator\AppData\Local\ZHP
2017-06-27 05:16 . 2017-07-01 01:09 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-06-27 05:15 . 2017-06-27 05:31 -------- d-----w- c:\programdata\RogueKiller
2017-06-27 05:15 . 2017-06-27 05:15 -------- d-----w- c:\program files\RogueKiller
2017-06-27 00:33 . 2008-04-05 08:09 102490 ----a-w- c:\windows\system32\VBExp.dll
2017-06-27 00:32 . 2008-04-05 08:09 102490 ----a-w- c:\windows\VBExp.dll
2017-06-27 00:32 . 2008-04-05 08:09 102490 ----a-w- C:\VBExp.dll
2017-06-24 12:13 . 2017-06-24 12:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2017-06-24 12:12 . 2017-06-24 12:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2017-06-24 12:12 . 2017-06-24 12:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2017-06-24 12:11 . 2017-07-05 01:30 -------- d-----w- C:\AdwCleaner
2017-06-22 04:01 . 2017-06-22 04:01 -------- d-----w- c:\program files\PFF Editor
2017-06-22 03:44 . 2017-06-26 05:25 -------- d-----w- C:\PFFEditor
2017-06-21 14:03 . 2017-06-21 14:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\FLVPlayer4Free
2017-06-21 14:03 . 2017-07-01 09:41 -------- d-----w- c:\program files\FLVPlayer4Free
2017-06-20 03:44 . 2017-06-20 03:54 -------- d-----w- c:\users\Administrator\AppData\Roaming\Internet Download Accelerator
2017-06-20 03:44 . 2017-06-21 00:58 -------- d-----w- c:\program files\IDA
2017-06-20 02:32 . 2017-06-20 02:32 -------- d-----w- C:\Downloads
2017-06-20 02:31 . 2017-06-21 00:58 -------- d-----w- c:\programdata\GetRight
2017-06-20 02:30 . 2017-06-21 00:58 -------- d-----w- c:\users\Administrator\AppData\Roaming\GetRight Pro
2017-06-20 02:30 . 2017-06-20 02:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\GetRight
2017-06-19 00:05 . 2017-06-19 00:05 -------- d-----w- c:\program files\Vivaldi
2017-06-14 03:07 . 2017-06-14 03:07 47001 ----a-w- C:\GAME.BIN
2017-06-14 03:03 . 2017-06-14 03:03 20983 ----a-w- C:\ITEMS.BIN
2017-06-14 03:03 . 2017-06-14 03:03 15412 ----a-w- C:\WPN.BIN
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-30 10:57 . 2017-06-30 10:57 34 ----a-w- c:\windows\Fonts\history.txt
2017-06-30 04:05 . 2017-06-30 04:05 32 ----a-w- c:\windows\Fonts\id.txt
2017-06-05 00:59 . 2016-11-19 02:18 803320 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-06-05 00:59 . 2016-11-19 02:18 144888 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-24 09:45 . 2017-05-19 11:53 73216 ----a-w- c:\windows\ST6UNST.EXE
2017-05-24 09:45 . 2017-05-19 11:53 249856 ----a-w- c:\windows\Setup1.exe
2017-05-17 11:23 . 2017-05-17 03:06 658 ----a-w- c:\windows\wininit.tmp
2017-04-12 01:11 . 2017-04-12 01:11 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2017-04-12 00:33 . 2017-04-12 00:33 12048 ----a-w- c:\windows\system32\drivers\ssgdio32.sys
2017-02-17 01:40 . 2017-02-17 01:40 14086800 ----a-w- c:\program files\pc-repair-kit-setup.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetworkIndicator"="c:\program files\ITSamples\NetworkIndicator\NetworkIndicator.exe" [2014-12-19 376832]
"Vivaldi Update Notifier"="c:\program files\Vivaldi\Application\update_notifier.exe" [2017-06-14 4179576]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2017-06-12 6843808]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2017-06-28 4019312]
"Compact Tray Meter"="c:\compact tray meter\Compact Tray Meter.exe" [2014-05-31 3081672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-09-15 748256]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"CTxfiHlp"="CTXFIHLP.EXE" [2014-02-28 26112]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CVGW14EN"="c:\program files\ACD Systems\Canvas 14\CanvasInTouch2.exe" [2012-11-29 610424]
"ZAM"="c:\program files\Zemana AntiMalware\ZAM.exe" [2017-06-19 15546512]
"Malwarebytes TrayApp"="c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe" [2017-05-09 3146704]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bookmark Buddy Unicode.lnk - c:\program files\Bookmark Buddy Unicode\BmkBuddy.exe [2017-4-1 1179648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-05-09 3398608]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2016-10-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2014-02-28 173336]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2014-02-28 1326360]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2014-02-28 75032]
R3 CVShell Service;CVShell Service;c:\program files\ACD Systems\Canvas 14\CVShellSrv.exe [2012-11-29 259192]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 eapihdrv;eapihdrv;c:\users\ADMINI~1\AppData\Local\Temp\ehdrv.sys [x]
R3 MaplomL;MaplomL; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 13592]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2017-04-12 23840]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam32.sys [2017-07-01 181496]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard32.sys [2017-07-01 181496]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2017-01-30 143776]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-03-02 2021056]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-09-15 208896]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2017-06-08 148104]
S2 SSGDIO;Showshock Softnology Generic Driver;c:\windows\System32\DRIVERS\ssgdio32.sys [2017-04-12 12048]
S2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [2017-06-19 15546512]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2014-02-28 173336]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2014-02-28 1326360]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2014-02-28 75032]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-02-19 46848]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-02-19 68352]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 348440]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 791832]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-05-09 361000]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
winmgmt REG_MULTI_SZ   winmgmt
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: Download with IDA
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{82918AE5-FEF1-4FD4-9414-8D9A196A3FE0}: NameServer = 203.97.78.43 203.97.78.44
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3b5x35ob.default\
.
- - - - ORPHANS REMOVED - - - -
.
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
SafeBoot-AppXSvc
SafeBoot-ClipSvc
SafeBoot-TweakingRemoveSafeBoot
SafeBoot-WSService
HKLM_ActiveSetup-{9C142C0C-124C-4467-B117-EBCC62801D7B} - c:\program files\Vivaldi\Application\1.8.770.54\Installer\chrmstp.exe
AddRemove-{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1 - c:\program files\Auslogics\Registry Cleaner\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,3b,1b,99,df,47,
   19,b7,d7,74,0b,bc,bc,53,f4,51,84,ef,b7
"{0EEDB912-C5FA-486F-8334-57288578C627}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,a6,ff,
   17,cf,97,00,07,9f,37,13,68,8c,3e,8a,38
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e1,
   ad,14,5c,36,06,a6,21,06,f3,09,c8,4e,e0
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:6a,27,3e,78,8b,8a,d2,01
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,24,47,12,1b,9b,4a,47,9c,88,ea,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,24,47,12,1b,9b,4a,47,9c,88,ea,\
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.669"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AAC"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AIF"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AIFF"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AMF"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AU"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AVR"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.CAF"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.CDA"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.FAR"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.FLAC"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.HTK"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.IFF"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.IT"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ITZ"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.KAR"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.M4A"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mat\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MAT"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MDZ"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MID"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MIDI"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.miz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MIZ"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MOD"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP1"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP2"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP3"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MTM"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NST"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.OGA"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.OGG"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.OKT"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.PAF"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.PTM"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.PVF"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.RAW"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.RF64"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.RMI"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.S3M"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.S3Z"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.SD2"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.SDS"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.SF"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.STM"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.STZ"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ULT"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.VLB"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.VOC"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.W64"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.WAV"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.WMA"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.WVE"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.XI"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.XM"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.XMZ"
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):cf,90,20,47,5b,fc,eb,37,1f,d0,89,f2,11,13,e2,ba,c4,aa,7c,01,2c,
   07,00,ca,d2,49,a7,a4,3a,d4,fc,38,28,f8,2c,dc,a5,ae,1a,a3,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1002102086-959386047-1437358805-500_Classes\CLSID\{aefe1839-5391-4e52-9b34-78e42bff8546}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a1
"Therad"=dword:0000001d
"MData"=hex(0):4a,95,58,4c,a5,98,97,f5,bb,44,2b,81,f7,68,8b,9d,fc,cc,72,59,ef,
   35,97,bb,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_25_0_0_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_25_0_0_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2017-07-09  12:54:46 - machine was rebooted
ComboFix-quarantined-files.txt  2017-07-09 00:54
.
Pre-Run: 14,974,402,560 bytes free
Post-Run: 14,939,996,160 bytes free
.
- - End Of File - - AA28A02683E2714B1EDF396285180EB3
8F558EB6672622401DA993E1E865C861
 
 
EEK result (note that trying to "export" via EEK the text log of scan results only produced a few lines of text, most of the original report text was missing! So I opened the original log text (via Notepad) and "saved it as" to my desktop. It seems EEK report "Export" function is not working properly) -
 

Emsisoft Emergency Kit - Version 2017.6
Last update: 9/07/2017 2:43:58 p.m.
User account: Mine-PC\Administrator
Computer name: MINE-PC
OS version: Windows 7x86 Service Pack 1
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 9/07/2017 3:11:27 p.m.
C:\Program Files\DVDFab 9\BRD.dll detected: Application.Crack.PEY ( B) [krnl.xmd]
C:\Program Files\FLVPlayer4Free\FLVPlayer4Free.exe detected: Application.InstallCore (A) [285490]
C:\Windows\Fonts\wininit.exe0 detected: Trojan.GenericKD.5532087 ( B) [krnl.xmd]
 
Scanned 70215
Found 3
 
Scan end: 9/07/2017 3:13:21 p.m.
Scan time: 0:01:54
 
C:\Windows\Fonts\wininit.exe0 Trojan.GenericKD.5532087 ( B)
C:\Program Files\FLVPlayer4Free\FLVPlayer4Free.exe Application.InstallCore (A)
C:\Program Files\DVDFab 9\BRD.dll Application.Crack.PEY ( B)
 
Quarantined 3
 
 
I rebooted the computer manually, even though EEK didn't ask for it to be done.
 
The CPU load after rebooting had jumped up to 10~15% "idling". But after awhile the load had dropped back to ~ 0%.

 

MBAM still couldn't be started. There is no "repair" function for this program.

 

Used "MBAM Clean" (from MalwareBytes) to remove MBAM.

Rebooted computer (which is required after removing MBAM using MBAM Clean).

Reinstalled MBAM, but once again MBAM will still not run!


Edited by meeshu, 08 July 2017 - 10:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users