Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.10.2018 01 Ran by Abdul (04-10-2018 14:26:48) Running from E:\ Windows 7 Ultimate Service Pack 1 (X64) (2018-08-13 10:36:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Abdul (S-1-5-21-2685662787-1516377248-208156778-1001 - Administrator - Enabled) => C:\Users\Abdul Administrator (S-1-5-21-2685662787-1516377248-208156778-500 - Administrator - Disabled) Guest (S-1-5-21-2685662787-1516377248-208156778-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2685662787-1516377248-208156778-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.05 (HKLM-x32\...\7-Zip) (Version: 18.05 - Igor Pavlov) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) AirLive 802.11G Wireless Utility (HKLM-x32\...\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}) (Version: 1.5.6.0 - Ovislink) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.9.3 - Advanced Micro Devices, Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology) Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden Brother MFL-Pro Suite MFC-L2720DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform) Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU) CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0544 - Disc Soft Ltd) EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.) Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.37.7258 - FreeDownloadManager.ORG) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden GRID (HKLM-x32\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.30.0000 - Codemasters) GRID 2 (c) Codemasters version 1 (HKLM-x32\...\R1JJRDI=_is1) (Version: 1 - ) GRID Autosport (HKLM-x32\...\GRID Autosport_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm) Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.01 - Janos Mathe) IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan) K-Lite Mega Codec Pack 14.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP) LS-USBMX 1/2/3 Steering Wheel W/Vibration (HKLM-x32\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: V4.3a - ) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 10.4.137.0 - Microsoft Corporation) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation) Mozilla Firefox 62.0 (x64 pl) (HKLM\...\Mozilla Firefox 62.0 (x64 pl)) (Version: 62.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0 - Mozilla) Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Need for Speed™ Payback (HKLM-x32\...\{F4CF3D08-565C-40B7-B351-D3033DE2172B}) (Version: 1.0.51.41148 - Electronic Arts) OCCT 4.5.1 (HKLM-x32\...\OCCT) (Version: 4.5.1 - Ocbase.com) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 10.5.27.11381 - Electronic Arts, Inc.) PremiumOs4 (HKLM-x32\...\PremiumOs4) (Version: 35.59.5 - ) Project CARS 2 (HKLM-x32\...\Project CARS 2_is1) (Version: - ) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation) Skype version 8.29 (HKLM-x32\...\Skype_is1) (Version: 8.29 - Skype Technologies S.A.) SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH) USB Dual-core Game Controller (HKLM-x32\...\{EE3F507D-7C47-4AB7-B535-4829ACDFA147}) (Version: v3.61 - Dragon rise) USB Vibration Joystick (BM) (HKLM-x32\...\{61A994FF-DF9B-4937-9DB9-87EC4FF1B31F}) (Version: 1.00.0000 - ShanWan) WinRAR 5.50 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) WRC 6 FIA Word Rally Championship (HKLM\...\WRC 6 FIA Word Rally Championship_is1) (Version: 1.0 - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Windows\7z\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-09-13] (Alexander Roshal) ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-09-13] (Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-08-10] (Disc Soft Ltd) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-08-10] (Disc Soft Ltd) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Windows\7z\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-09-25] (Advanced Micro Devices, Inc.) ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Windows\7z\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-09-13] (Alexander Roshal) ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-09-13] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {202A4568-8253-42B1-91C8-E2BE5098F758} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {20303074-3EAA-4041-ABB4-D8F0F742E79B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd) Task: {20FFCDCF-CCB4-4855-B356-00A89B19C520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-13] (Google Inc.) Task: {26901FEF-77AD-444B-833C-3293CFA60ABC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2018-07-19] (Microsoft Corporation) Task: {287A0224-3406-4FDE-A6A6-49A2D7605BFD} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2018-05-28] (FreeDownloadManager.org) Task: {30AD088C-58D6-4758-8CEA-2459EBEFCC22} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2018-07-19] (Microsoft) Task: {33A96AA2-524A-4F5A-91CA-1297D667FDDA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {73E50146-7B30-43E6-8447-744D2D91CE95} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {89B318D4-9BC8-4DD4-BBF6-7B4CC5970546} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2018-07-19] (Microsoft Corporation) Task: {A12CB7FD-723D-41AC-9AEB-1FED5DE9E690} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-13] (Google Inc.) Task: {AC34EEE1-55F9-4F00-A9DE-4F94ED486457} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-09-25] (Advanced Micro Devices, Inc.) Task: {B055D9D5-B3A1-4940-B213-58F3809D3CC6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd) Task: {B4A6FBC1-55D3-4BFA-BD36-72E46CC52D6C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {C93D37E3-4E65-4768-AAE5-36F06F1E5CC7} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-09-25] (Advanced Micro Devices, Inc.) Task: {D3CD6B1A-1863-41C3-BF47-6A43FC8DA481} - System32\Tasks\AdobeAAMUpdater-1.0-Abdul-PC-Abdul => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated) Task: {DD0C107C-8C4C-4DF9-8B26-5F7C9C25FAE8} - System32\Tasks\EVEREST AutoStart => C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe [2010-03-31] (Lavalys, Inc.) Task: {F71307D5-5D2B-462F-B985-3532625962A8} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-03-19] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Abdul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-extensions ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-extensions ==================== Loaded Modules (Whitelisted) ============== 2018-08-13 13:45 - 2018-05-28 18:05 - 000037376 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll 2018-04-24 22:07 - 2018-04-24 22:07 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL 2018-04-24 22:07 - 2018-04-24 22:07 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2018-08-14 03:19 - 2018-08-14 03:19 - 004565504 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\DiscSoft.NET.Common\35a32d2fdea9f6e6bdc2924ce7609b81\DiscSoft.NET.Common.ni.dll 2018-08-14 03:21 - 2018-08-14 03:21 - 003156992 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\DotNetCommon\a2b26280cd49d4bb1343783ea5ab8611\DotNetCommon.ni.dll 2018-08-10 13:56 - 2018-08-10 13:56 - 000067584 _____ () C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dll 2018-08-13 13:45 - 2017-04-13 12:42 - 002158592 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avformat-57.dll 2018-08-13 13:45 - 2017-04-13 12:42 - 012242432 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avcodec-57.dll 2018-08-13 13:45 - 2017-04-13 12:42 - 000138752 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swresample-2.dll 2018-08-13 13:45 - 2017-04-13 12:42 - 000485376 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avutil-55.dll 2018-08-13 13:45 - 2017-04-13 12:42 - 001825792 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avfilter-6.dll 2018-08-13 13:45 - 2017-04-13 12:42 - 000662016 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swscale-4.dll 2018-08-13 13:45 - 2017-04-13 12:46 - 069740544 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libcef.dll 2018-08-13 13:45 - 2017-11-30 18:02 - 002521088 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libglesv2.dll 2018-08-13 13:45 - 2017-11-30 18:02 - 000015360 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libegl.dll 2018-08-13 14:33 - 2005-04-22 06:36 - 000143360 _____ () C:\Windows\system32\BrSNMP64.dll 2018-10-02 01:59 - 2018-10-02 01:59 - 000021824 _____ () D:\Origin\QtWebEngineProcess.exe 2018-09-20 20:15 - 2018-09-15 10:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll 2018-09-20 20:15 - 2018-09-15 10:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll 2018-08-13 13:45 - 2018-05-28 18:06 - 000729600 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe 2018-10-01 10:11 - 2018-09-26 05:17 - 000373640 _____ () C:\Windows\SysWOW64\GameManager32.dll 2018-09-24 11:37 - 2018-09-05 22:14 - 000876320 _____ () D:\Steam\SDL2.dll 2018-09-24 11:36 - 2016-09-01 03:02 - 004969248 _____ () D:\Steam\v8.dll 2018-09-24 11:36 - 2016-09-01 03:02 - 001563936 _____ () D:\Steam\icui18n.dll 2018-09-24 11:36 - 2016-09-01 03:02 - 001195296 _____ () D:\Steam\icuuc.dll 2018-09-24 11:36 - 2018-09-08 22:31 - 002646304 _____ () D:\Steam\video.dll 2018-09-24 11:36 - 2017-12-20 03:43 - 005137696 _____ () D:\Steam\libavcodec-57.dll 2018-09-24 11:36 - 2017-12-20 03:43 - 000847136 _____ () D:\Steam\libavutil-55.dll 2018-09-24 11:36 - 2017-12-20 03:43 - 000695584 _____ () D:\Steam\libavformat-57.dll 2018-09-24 11:36 - 2017-12-20 03:43 - 000351520 _____ () D:\Steam\libavresample-3.dll 2018-09-24 11:36 - 2017-12-20 03:43 - 000783648 _____ () D:\Steam\libswscale-4.dll 2018-09-24 11:37 - 2018-09-08 22:31 - 001015584 _____ () D:\Steam\bin\chromehtml.DLL 2018-09-24 11:36 - 2016-07-05 00:17 - 000266560 _____ () D:\Steam\openvr_api.dll 2018-08-13 17:20 - 2010-06-19 15:04 - 000092704 _____ () C:\Windows\USB_Vibration\3331\EZFRD32.dll 2018-10-02 01:59 - 2018-10-02 01:59 - 000015360 _____ () D:\Origin\libEGL.DLL 2018-10-02 01:59 - 2018-10-02 01:59 - 003090944 _____ () D:\Origin\libGLESv2.dll 2018-08-13 14:34 - 2018-03-15 12:00 - 000288768 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\libbluray.dll 2018-08-13 14:32 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2018-09-24 11:36 - 2018-09-05 22:14 - 000876320 _____ () D:\Steam\bin\cef\cef.win7\SDL2.dll 2018-09-24 11:36 - 2018-08-27 22:52 - 083524896 _____ () D:\Steam\bin\cef\cef.win7\libcef.dll 2018-09-24 11:36 - 2018-08-27 22:52 - 003732256 _____ () D:\Steam\bin\cef\cef.win7\libglesv2.dll 2018-09-24 11:36 - 2018-08-27 22:52 - 000086304 _____ () D:\Steam\bin\cef\cef.win7\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2018-09-24 22:18 - 000001899 _____ C:\Windows\system32\Drivers\etc\hosts 80.241.222.139 1l-hit.mail.ru 80.241.222.139 www.1l-hit.mail.ru 80.241.222.139 ad.mail.ru 80.241.222.139 www.ad.mail.ru 80.241.222.139 adservice.google.com 80.241.222.139 www.adservice.google.com 80.241.222.139 ajax.googleapis.com 80.241.222.139 www.ajax.googleapis.com 80.241.222.139 apis.google.com 80.241.222.139 www.apis.google.com 80.241.222.139 c1.popads.net 80.241.222.139 www.c1.popads.net 80.241.222.139 c2.popads.net 80.241.222.139 www.c2.popads.net 80.241.222.139 codex.nflxext.com 80.241.222.139 www.codex.nflxext.com 80.241.222.139 completion.amazon.com 80.241.222.139 www.completion.amazon.com 80.241.222.139 connect.facebook.net 80.241.222.139 www.connect.facebook.net 80.241.222.139 consent.cmp.oath.com 80.241.222.139 www.consent.cmp.oath.com 80.241.222.139 google-analytics.com 80.241.222.139 www.google-analytics.com 80.241.222.139 googletagmanager.com 80.241.222.139 www.googletagmanager.com 80.241.222.139 googletagservices.com 80.241.222.139 www.googletagservices.com 80.241.222.139 gstatic.com 80.241.222.139 www.gstatic.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2685662787-1516377248-208156778-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Abdul\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 172.98.193.42 - 192.99.85.244 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\startupreg: Google Update Manager => C:\Windows\gmda.exe MSCONFIG\startupreg: XboxStat => "C:\Program Files (x86)\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D59D9F24-600E-43B3-9FB8-0B271524AF38}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe FirewallRules: [{E944D897-8B12-413D-BFA1-90F84CDEB121}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{82A76C39-F6AF-4AFD-906A-3312C7049CDB}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{40386B65-C92D-43DB-8716-3E2BC9E9B3DB}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{16D12BEC-38AB-4C36-870C-126145F828D8}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{CCEB9F07-5F5D-49D8-B107-AE924E98BFCD}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe FirewallRules: [{7CA4515E-0788-4A21-9B6C-B00E37AB0427}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe FirewallRules: [{FF6C0D92-C309-4528-A4A5-3B225E8FA091}] => (Allow) C:\Program Files (x86)\Brother\Brmfl14d\FAXRX.EXE FirewallRules: [{3EF7102A-346D-48A0-86EC-018D2D70844C}] => (Allow) LPort=54925 FirewallRules: [TCP Query User{DCFADCFF-8850-4596-994C-BE6753EC7547}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe FirewallRules: [UDP Query User{00A28D0D-A755-4848-866C-431FA24845E5}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe FirewallRules: [TCP Query User{9A983C54-A5AF-487D-B44E-2599B931EAAF}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe FirewallRules: [UDP Query User{919EAE60-A328-4E5F-A630-B9C92470BB6D}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe FirewallRules: [{E445D826-C961-40C0-995B-8B5F6D151E61}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{AB30D8F3-114C-4B88-92E3-C2F484E3D7E3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{6554DA0C-5CFD-48BA-B8A8-88C6ABFB34E1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{2068355E-CF1C-45DD-9A39-A7C2F9069715}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{95B2AB47-4A8E-4B5C-A07A-ACE607A04A11}] => (Allow) D:\Grid\GRID.exe FirewallRules: [{FDAD5D7C-D9F2-460E-9703-2B78996F029A}] => (Allow) D:\Grid\GRID.exe FirewallRules: [{AA86C46F-1B2F-40E3-92CB-A20571411E91}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{39152D32-C253-456E-82A7-1CB7AE17E801}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D6FB2AEE-5FCE-4A80-9A8C-9188A48258B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9DED877C-E07D-4D82-8F62-B4014A22070D}] => (Allow) D:\Steam\Steam.exe FirewallRules: [{C3A6731C-7E40-4692-86BB-F1EB755003A8}] => (Allow) D:\Steam\Steam.exe FirewallRules: [{A9AF8859-4883-4159-929F-2A5E6DC9089A}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{F5EA3105-6F61-42A1-BD00-C2EEE83C7AB2}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{F6D2F386-3507-4C45-BF5E-6FAF1136D6E3}] => (Allow) D:\Steam\steamapps\common\WRC 7\WRC7.exe FirewallRules: [{9FB212B6-B4C0-4CC1-91D6-1759A42DD403}] => (Allow) D:\Steam\steamapps\common\WRC 7\WRC7.exe FirewallRules: [TCP Query User{72CEAA3F-E3DD-441A-BC27-3B35E4447F96}D:\wolfenstein - the new order\wolfneworder_x64.exe] => (Block) D:\wolfenstein - the new order\wolfneworder_x64.exe FirewallRules: [UDP Query User{8B5C69D4-ABB4-4EA3-9652-B40F83979D7C}D:\wolfenstein - the new order\wolfneworder_x64.exe] => (Block) D:\wolfenstein - the new order\wolfneworder_x64.exe FirewallRules: [{F061A9D4-1406-4E88-9B67-BDB42A890E78}] => (Allow) D:\NFS Payback\Need for Speed Payback\NeedForSpeedPaybackTrial.exe FirewallRules: [{7DA81971-5E10-426C-8226-1D4CFE56F9CB}] => (Allow) D:\NFS Payback\Need for Speed Payback\NeedForSpeedPaybackTrial.exe FirewallRules: [{D3F8CF42-A4D4-4620-BB38-9D7250BA18B2}] => (Allow) D:\NFS Payback\Need for Speed Payback\NeedForSpeedPayback.exe FirewallRules: [{8AAA66B3-213D-45C4-9660-77C307BBAD08}] => (Allow) D:\NFS Payback\Need for Speed Payback\NeedForSpeedPayback.exe ==================== Restore Points ========================= 30-09-2018 17:00:26 Windows Update 01-10-2018 10:12:13 Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters 01-10-2018 22:53:09 Installed DirectX 01-10-2018 22:54:32 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 01-10-2018 22:54:38 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 02-10-2018 12:45:48 Installed DirectX 02-10-2018 12:47:11 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 02-10-2018 12:47:16 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 04-10-2018 13:51:52 Windows Update ==================== Faulty Device Manager Devices ============= Name: ASInsHelp Description: ASInsHelp Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ASInsHelp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: iocbios2 Description: iocbios2 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: iocbios2 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/04/2018 01:51:30 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/04/2018 01:43:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/03/2018 04:11:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/03/2018 01:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/03/2018 09:49:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/03/2018 05:46:24 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/03/2018 05:37:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/02/2018 06:46:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (10/04/2018 01:41:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/04/2018 01:41:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The iocbios2 service failed to start due to the following error: The system cannot find the path specified. Error: (10/04/2018 01:41:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ASInsHelp service failed to start due to the following error: The system cannot find the file specified. Error: (10/03/2018 04:09:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/03/2018 04:09:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The iocbios2 service failed to start due to the following error: The system cannot find the path specified. Error: (10/03/2018 04:09:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ASInsHelp service failed to start due to the following error: The system cannot find the file specified. Error: (10/03/2018 01:11:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/03/2018 01:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The iocbios2 service failed to start due to the following error: The system cannot find the path specified. CodeIntegrity: =================================== Date: 2018-08-21 15:48:38.542 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\AsInsHelp64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-21 15:48:38.508 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\AsInsHelp64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-21 15:48:03.330 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\AsInsHelp64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-21 15:48:03.296 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\AsInsHelp64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz Percentage of memory in use: 35% Total physical RAM: 8191.12 MB Available physical RAM: 5298.12 MB Total Virtual: 16380.42 MB Available Virtual: 11858.74 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:57.78 GB) NTFS Drive d: (Nowy) (Fixed) (Total:223.58 GB) (Free:18.73 GB) NTFS Drive e: (Seagate 1TB) (Fixed) (Total:931.51 GB) (Free:66.75 GB) NTFS \\?\Volume{1621d53f-9ee4-11e8-97b4-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 8F175926) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 8D695392) Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 000281F7) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================