Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2025 Ran by DragonBorn (08-09-2025 23:49:49) Running from C:\Users\DragonBorn\Desktop\FRST Microsoft Windows 7 Ultimate Service Pack 1 (X64) (2024-08-31 17:03:20) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-4041630877-3052751684-3598553497-500 - Administrator - Enabled) => C:\Users\Administrator DragonBorn (S-1-5-21-4041630877-3052751684-3598553497-1000 - Administrator - Enabled) => C:\Users\DragonBorn Guest (S-1-5-21-4041630877-3052751684-3598553497-501 - Limited - Disabled) john (S-1-5-21-4041630877-3052751684-3598553497-1001 - Administrator - Enabled) <==== ATTENTION ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 22.01 (HKLM-x32\...\7-Zip) (Version: 22.01 - Igor Pavlov) Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\Advanced Uninstaller PRO_is1) (Version: 12.21.0.95 - Innovative Solutions) Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.5.1 - Sereby Corporation) Audacity 3.6.3 (HKLM\...\Audacity_is1) (Version: 3.6.3 - Audacity Team) Bandicam (HKLM-x32\...\Bandicam) (Version: 7.1.4.2458 - Bandicam.com) Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com) Battlefield 2 Complete Collection version 1.50 (HKLM-x32\...\{4D3E6550-8792-40F2-9FB8-7C1F100CDF59}_is1) (Version: 1.50 - EA Games) Castle Crashers (HKLM-x32\...\Castle CrashersFinal) (Version: Final - Game-Owl) CCleaner (HKLM\...\CCleaner) (Version: 6.34 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{3CD54938-25C6-4296-96C3-9BECA585386C}) (Version: 4.7.04107 - Microsoft Corporation) Hidden CNC.Generals.DE.REPACK-KaOs (HKLM\...\CNC.Generals.DE.REPACK-KaOs_is1) (Version: - ReMiX) Dead or Alive 5: Last Round (HKLM-x32\...\Dead or Alive 5: Last Round_is1) (Version: 1.10C - Koei Tecmo Games) Door Kickers Action Squad DLC (HKLM-x32\...\1182484277_is1) (Version: 1.2.13 DLC1 RC1 - GOG.com) Door Kickers: Action Squad (HKLM-x32\...\1147957142_is1) (Version: 1.2.13 DLC1 RC1 - GOG.com) Driver Easy 6.1.0 (HKLM\...\DriverEasy_is1) (Version: 6.1.0 - Easeware) Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden Euro Truck Simulator 2 - Scandinavia (HKLM-x32\...\Euro Truck Simulator 2 - Scandinavia_is1) (Version: - ) Fallout Shelter (HKLM-x32\...\Fallout Shelter_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) Faster Than Light (HKLM-x32\...\Faster Than Light_is1) (Version: - GOG.com) Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2024.3.0.26795 - Foxit Software Inc.) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) GiliSoft Screen Recorder (HKLM\...\{2F9CCB8C-8584-45CF-B916-E8C98F6497A4}_is1) (Version: 12.8.0 - GiliSoft International LLC.) Google Chrome (HKLM\...\{1912E5D3-45FB-3C52-9BBB-61BE4361949E}) (Version: 109.0.5414.120 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.) Icecream Screen Recorder version 7.43 (HKLM-x32\...\{CE9603D0-2A7F-4B94-BF4D-BC4B1389888F}_is1) (Version: 7.43 - Icecream Apps) IntelliTraceProfilerProxy (HKLM\...\{5F42C347-0A33-4BCE-B9D7-CCD1082C3187}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.42.15 - Tonec Inc.) James Bond 007(TM) - Blood Stone (HKLM-x32\...\{8A56A332-F833-45CF-9A20-6F3524054843}) (Version: 1.0 - Activision) Hidden James Bond 007(TM) - Blood Stone (HKLM-x32\...\InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}) (Version: 1.0 - Activision) Java 8 Update 251 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180251F0}) (Version: 8.0.2510.8 - Oracle Corporation) Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.19 - PandoraTV) LED Sync (HKLM-x32\...\{417D2425-8783-46D4-97DF-EEF7CD17D656}) (Version: 1.1.1 - EVGA) LOOT version 0.17.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.17.0 - LOOT Team) Mafia II (HKLM-x32\...\Mafia II_is1) (Version: - ) Malwarebytes version 5.1.2.109 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.2.109 - Malwarebytes) Microsoft .NET 8.0 Templates 8.0.413 (x64) (HKLM\...\{ED5AFC20-0E4F-457A-A2E7-60057F74BE94}) (Version: 32.13.63773 - Microsoft Corporation) Hidden Microsoft .NET AppHost Pack - 8.0.19 (x64) (HKLM\...\{3171E3A6-6BB4-470B-A1C2-D3A4FB086791}) (Version: 64.76.37566 - Microsoft Corporation) Hidden Microsoft .NET AppHost Pack - 8.0.19 (x64_arm64) (HKLM\...\{2DC449C9-A7DE-4D58-87C9-0B87E45C77C9}) (Version: 64.76.37566 - Microsoft Corporation) Hidden Microsoft .NET AppHost Pack - 8.0.19 (x64_x86) (HKLM\...\{E66727F6-903D-439B-9EDD-2776EF1A3B57}) (Version: 64.76.37566 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.7.2 (RUS) (HKLM\...\{86A043D5-87F3-38E2-82BB-4B69A528CC3D}) (Version: 4.7.03062 - Корпорация Майкрософт) Hidden Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Microsoft .NET Framework Cumulative Intellisense Pack for Visual Studio (ENU) (HKLM-x32\...\{276CB8F7-CA1E-41FE-8307-A55D95D33D99}) (Version: 4.7.02558 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.6 (x64) (HKLM\...\{F48FB46C-3334-47AA-98ED-D5A47DED33F1}) (Version: 48.27.42327 - Microsoft Corporation) Hidden Microsoft .NET Host - 8.0.19 (x64) (HKLM\...\{B84443A1-BE1B-4C5E-B834-E12133604B12}) (Version: 64.76.37566 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.6 (x64) (HKLM\...\{089493D9-430B-4210-8A47-8F611288F461}) (Version: 48.27.42327 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 8.0.19 (x64) (HKLM\...\{69A17DA9-300A-49B9-97F1-1EB7424570DE}) (Version: 64.76.37566 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.6 (x64) (HKLM\...\{00478901-CD97-4A20-8FF3-3276865A2B44}) (Version: 48.27.42327 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 8.0.19 (x64) (HKLM\...\{B9F7A454-0CCD-410C-A3E0-D1AAC300F150}) (Version: 64.76.37566 - Microsoft Corporation) Hidden Microsoft .NET SDK 8.0.413 (x64) (HKLM-x32\...\{05b3bd37-1519-4186-9992-6d39b60adf3b}) (Version: 8.4.1325.37213 - Microsoft Corporation) Microsoft .NET Standard Targeting Pack - 2.1.0 (x64) (HKLM\...\{A7036CFB-B403-4598-85FF-D397ABB88173}) (Version: 24.0.28113 - Microsoft Corporation) Hidden Microsoft .NET Targeting Pack - 8.0.19 (x64) (HKLM\...\{74A763C6-D637-471C-B472-6B6AC71F09E1}) (Version: 64.76.37566 - Microsoft Corporation) Hidden Microsoft .NET Toolset 8.0.413 (x64) (HKLM\...\{1D532BC1-93A9-44B2-A651-51DD92FB454D}) (Version: 32.11.63773 - Microsoft Corporation) Hidden Microsoft Access MUI (English) 2013 (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Access Setup Metadata MUI (English) 2013 (HKLM\...\{90150000-0117-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft ASP.NET Core 8.0.19 Shared Framework (x64) (HKLM\...\{23AD4455-B98F-3FC8-9FB9-28001FD3DF52}) (Version: 8.0.19.25372 - Microsoft Corporation) Hidden Microsoft ASP.NET Core 8.0.19 Targeting Pack (x64) (HKLM\...\{88A26A0A-6B42-3FF3-BA9A-A62BC53A1031}) (Version: 8.0.19.25372 - Microsoft Corporation) Hidden Microsoft DCF MUI (English) 2013 (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Excel MUI (English) 2013 (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Groove MUI (English) 2013 (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft InfoPath MUI (English) 2013 (HKLM\...\{90150000-0044-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Lync MUI (English) 2013 (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft NetStandard SDK (HKLM-x32\...\{737FDDA7-B944-4CB5-92D9-3D56373BD301}) (Version: 15.0.51105 - Microsoft Corporation) Hidden Microsoft Office 32-bit Components 2013 (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (English) 2013 (HKLM\...\{90150000-00E1-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office OSM UX MUI (English) 2013 (HKLM\...\{90150000-00E2-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Proofing (English) 2013 (HKLM\...\{90150000-002C-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Español (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (English) 2013 (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2013 (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2013 (HKLM\...\{90150000-0115-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft OneNote MUI (English) 2013 (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Outlook MUI (English) 2013 (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft PowerPoint MUI (English) 2013 (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Publisher MUI (English) 2013 (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{4ffaf7b8-a84a-4813-840c-8b1f1343ae54}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{dd1e9bde-2ad6-4e92-8c07-7d4723eab8b8}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.70.2 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.14.2084.208 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.6 (x64) (HKLM\...\{B9E46F95-AC34-4943-AFE2-B72EFD56C6C0}) (Version: 48.27.42342 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.6 (x64) (HKLM-x32\...\{aad3b888-fde2-48c0-95c2-2f7a729283fb}) (Version: 6.0.6.31318 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 8.0.19 (x64) (HKLM\...\{A6EA542C-884C-4FE7-89E4-8C28E14B601C}) (Version: 64.76.37602 - Microsoft Corporation) Hidden Microsoft Windows Desktop Targeting Pack - 8.0.19 (x64) (HKLM\...\{F956477A-6450-4ABF-9C5F-AAAF4EAF6F6D}) (Version: 64.76.37602 - Microsoft Corporation) Hidden Microsoft Word MUI (English) 2013 (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Microsoft.NET.Sdk.Android.Manifest-8.0.100 (x64) (HKLM\...\{B5A57BF9-FC7A-4FA6-BAEB-46E173986DF3}) (Version: 34.0.43 - Microsoft Corporation) Hidden Microsoft.NET.Sdk.Aspire.Manifest-8.0.100 (x64) (HKLM\...\{F3AEB036-4B8A-4C25-B4D2-850944E909C4}) (Version: 64.0.5426 - Microsoft Corporation) Hidden Microsoft.NET.Sdk.iOS.Manifest-8.0.100 (x64) (HKLM\...\{6BF59E75-BE05-4C69-9C48-3532B6DE0EC5}) (Version: 17.0.8478 - Microsoft Corporation) Hidden Microsoft.NET.Sdk.MacCatalyst.Manifest-8.0.100 (x64) (HKLM\...\{8B5384CA-D189-4CFE-8DF0-2D05B4EA8499}) (Version: 17.0.8478 - Microsoft Corporation) Hidden Microsoft.NET.Sdk.macOS.Manifest-8.0.100 (x64) (HKLM\...\{98927287-8779-447A-919E-73028D53F719}) (Version: 14.0.8478 - Microsoft Corporation) Hidden Microsoft.NET.Sdk.Maui.Manifest-8.0.100 (x64) (HKLM\...\{116EF6D0-AE8E-4E6D-B0D8-EFF145CD45DA}) (Version: 8.0.3 - Microsoft Corporation) Hidden Microsoft.NET.Sdk.tvOS.Manifest-8.0.100 (x64) (HKLM\...\{568F99E8-9F2D-48D7-A05D-D64C512B3AFD}) (Version: 17.0.8478 - Microsoft Corporation) Hidden Microsoft.NET.Workload.Emscripten.Current.Manifest (x64) (HKLM\...\{D0A94A45-5F14-4915-9F95-0B58D3D1B4A2}) (Version: 64.76.37362 - Microsoft Corporation) Hidden Microsoft.NET.Workload.Emscripten.net6.Manifest (x64) (HKLM\...\{B546B86F-9CE7-4ED9-9AB7-B0E1D0626801}) (Version: 64.76.37362 - Microsoft Corporation) Hidden Microsoft.NET.Workload.Emscripten.net7.Manifest (x64) (HKLM\...\{E825D5E5-0D02-484E-BB9B-1251E106979B}) (Version: 64.76.37362 - Microsoft Corporation) Hidden Microsoft.NET.Workload.Mono.Toolchain.Current.Manifest (x64) (HKLM\...\{09F7A9FC-D5D9-4D66-B8D1-E5AF348D3434}) (Version: 64.76.37566 - Microsoft Corporation) Hidden Microsoft.NET.Workload.Mono.Toolchain.net6.Manifest (x64) (HKLM\...\{3D449DAE-40E6-4B5B-AF5D-38D774C647E4}) (Version: 64.76.37566 - Microsoft Corporation) Hidden Microsoft.NET.Workload.Mono.Toolchain.net7.Manifest (x64) (HKLM\...\{0AE366B6-16F9-4838-9202-663F124BB684}) (Version: 64.76.37566 - Microsoft Corporation) Hidden Minecraft1.12.2 (HKLM-x32\...\Minecraft1.12.2) (Version: - ) Mini Ninjas (HKLM-x32\...\Mini Ninjas_is1) (Version: - R.G. Mechanics, spider91) MSI Afterburner 4.6.5 Beta 2 (HKLM-x32\...\Afterburner) (Version: 4.6.5 Beta 2 - MSI Co., LTD) Need for Speed Most Wanted 2005 version 1.3 (HKLM-x32\...\Need for Speed Most Wanted 2005_is1) (Version: 1.3 - EA Games) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5 - Notepad++ Team) NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd) Pro Evolution Soccer 2017 Update 2019 (HKLM-x32\...\Pro Evolution Soccer 2017 Update 2019_is1) (Version: 3.0 - Gerdoo) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.) Python 3.8.0 (64-bit) (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\{06afee40-d856-48c5-8ff2-bd1c3655edca}) (Version: 3.8.150.0 - Python Software Foundation) Python 3.8.0 Add to Path (64-bit) (HKLM\...\{5A2EADD1-0723-47C5-A156-C8E6A922BC72}) (Version: 3.8.150.0 - Python Software Foundation) Hidden Python 3.8.0 Core Interpreter (64-bit) (HKLM\...\{0AD20F5D-4228-48F6-9314-F42EBD9DCBC8}) (Version: 3.8.150.0 - Python Software Foundation) Hidden Python 3.8.0 Development Libraries (64-bit) (HKLM\...\{700DB3F0-C5C0-4160-A513-C33B5B20F877}) (Version: 3.8.150.0 - Python Software Foundation) Hidden Python 3.8.0 Documentation (64-bit) (HKLM\...\{7B7ED49A-2149-4035-BFB1-910BE25D799E}) (Version: 3.8.150.0 - Python Software Foundation) Hidden Python 3.8.0 Executables (64-bit) (HKLM\...\{A8C1C406-A3AF-41CC-81BD-217FDF1668B2}) (Version: 3.8.150.0 - Python Software Foundation) Hidden Python 3.8.0 pip Bootstrap (64-bit) (HKLM\...\{F31907FF-A97B-402E-A629-2BD98D30AC4F}) (Version: 3.8.150.0 - Python Software Foundation) Hidden Python 3.8.0 Standard Library (64-bit) (HKLM\...\{682627D4-757B-42BE-B2D3-94AB0F3D08FF}) (Version: 3.8.150.0 - Python Software Foundation) Hidden Python 3.8.0 Tcl/Tk Support (64-bit) (HKLM\...\{2DE0FB10-3895-4887-BD32-36CCFD3189CE}) (Version: 3.8.150.0 - Python Software Foundation) Hidden Python 3.8.0 Test Suite (64-bit) (HKLM\...\{FFE5B55B-7ED0-4E24-85C3-AB9BCD6881EE}) (Version: 3.8.150.0 - Python Software Foundation) Hidden Python 3.8.0 Utility Scripts (64-bit) (HKLM\...\{4420515A-062F-40AF-BFA6-04631B60ED22}) (Version: 3.8.150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{7DBA9B7D-924F-4CE8-8AE8-65977EF62744}) (Version: 3.8.6860.0 - Python Software Foundation) Rage (HKLM-x32\...\Rage_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9151.1 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 7.3.4 Beta 3 (HKLM-x32\...\RTSS) (Version: 7.3.4 Beta 3 - Unwinder) SegmentStrengthener (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c336104f}) (Version: - Software Publisher) <==== ATTENTION Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C5D14A1B-6E3E-491A-96C6-ABDEEEC4E97D}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1931508C-C004-4983-81E3-70BE6252904B}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E4F470B2-3601-4E1C-B291-D6B580F53136}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0115-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0117-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden Stronghold 1-2 (HKLM-x32\...\Stronghold 1-2_is1) (Version: - hooyad) Stronghold Legends (HKLM-x32\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.00.0000 - Firefly Studios) Telegram Desktop (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 6.0 - Telegram FZ-LLC) The Banner Saga 2 (HKLM-x32\...\The Banner Saga 2_is1) (Version: - ) The Promised Land (HKLM-x32\...\The Promised Land) (Version: - Alawar Entertainment Inc.) The Sims™ 3 [anadius Repack] (HKLM-x32\...\The Sims™ 3_is1) (Version: 1.67.2.024037 - ) Titan Quest Anniversary Edition Ragnarok (HKLM-x32\...\Titan Quest Anniversary Edition Ragnarok_is1) (Version: 1.47 - THE KNIGHT) TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - ) UltraISO Premium V9.7 (HKLM-x32\...\UltraISO_is1) (Version: - ) vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden WebCatalog 61.1.0 (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\b01e1943-3cfe-5544-b2f5-e3a47fbf35a6) (Version: 61.1.0 - WebCatalog, Inc.) WebM Project Directshow Filters (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\webmdshow) (Version: 1.0.4.1 - WebM Project) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{E63F47A7-9DBA-4154-A52F-36653BFB4028}) (Version: 10.1.0.0 - Microsoft Corporation) WinRAR 7.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.10.0 - win.rar GmbH) Накопительный пакет обновления Microsoft .NET Framework Intellisense для Visual Studio (Русский) (HKLM-x32\...\{694ED65F-4C12-4339-B86D-F9C829D2265A}) (Version: 4.7.02558 - Microsoft Corporation) Hidden Пакет SDK Microsoft .NET Framework 4.6.1 (Русский) (HKLM-x32\...\{76380480-8AA4-454B-B063-3EB82302CFEE}) (Version: 4.6.01055 - Microsoft Corporation) Hidden Chrome apps: ============ ChatGPT (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\0e494a3ca05f12ab3e33192ec9faf326) (Version: 1.0 - Google\Chrome) Copilot (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\51ff20584d1b60da5bbadd25c538a36f) (Version: 1.0 - Google\Chrome) DeepSeek (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\d40986d8eaee0fdf5fcfcb8b9575c27b) (Version: 1.0 - Google\Chrome) edclub (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\d59245c6392cc37f4b828b4df5e997eb) (Version: 1.0 - Google\Chrome) Eitaa (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\efcf8e57bed215dd76e690c3c766fb78) (Version: 1.0 - Google\Chrome) Grok (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\44857dc45b1b61388a7c7a31049f5f17) (Version: 1.0 - Google\Chrome) iGap Messenger (HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\...\ba9df4f7228949531f59daa8f28a81be) (Version: 1.0 - Google\Chrome) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\ExternalApps\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\ExternalApps\Notepad++\NppShell_06.dll [2017-08-15] (Notepad++ -> ) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd -> Power Software Ltd) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\ExternalApps\WinRAR\rarext.dll [2025-02-12] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\ExternalApps\WinRAR\rarext32.dll [2025-02-12] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\ExternalApps\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File2025-09-08 (Access Denied) [File not signed?] ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd -> Power Software Ltd) ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\ExternalApps\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File2025-09-08 (Access Denied) [File not signed?] ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd -> Power Software Ltd) ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\ExternalApps\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\ExternalApps\WinRAR\rarext.dll [2025-02-12] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\ExternalApps\WinRAR\rarext32.dll [2025-02-12] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed] HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] Shortcut: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\DragonBorn\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat () ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\ChatGPT.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=ohomlfndpckfpjcpjjbnlnkdcngdlcom ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Copilot.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=nnhkheihphjdjpphidmibgjgokedhglk ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\DeepSeek.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=hmjcdonmhijmnefklekckjkeoknbiipb ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\edclub.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=gfioekabbekdgemhgleclpdbjbakcafg ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Eitaa.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=kopnjmenfomaphnjmbfhifebnlebolcm ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Grok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=ggjocahimgaohmigbfhghnlfcnjemagj ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\iGap Messenger.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=acdfhmlcaeemkklkkgendkniammcbekm ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Copilot.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=nnhkheihphjdjpphidmibgjgokedhglk ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DeepSeek.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=hmjcdonmhijmnefklekckjkeoknbiipb ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\edclub.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=gfioekabbekdgemhgleclpdbjbakcafg ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Eitaa.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=kopnjmenfomaphnjmbfhifebnlebolcm ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Grok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=ggjocahimgaohmigbfhghnlfcnjemagj ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iGap Messenger.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=acdfhmlcaeemkklkkgendkniammcbekm ShortcutWithArgument: C:\Users\DragonBorn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\pooya - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============= 2025-09-08 09:02 - 2025-09-08 20:48 - 001754008 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 004672344 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 002263200 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ActionsShim.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 004027864 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\AEControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 003985448 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ArwControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 005649632 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 002255408 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLLShim.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 006871024 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 004993504 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 005019312 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 003197432 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMShim.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 005995656 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 000117088 _____ (Access Denied) [File not signed?] C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 004394648 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 004558504 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\RTPControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 005302080 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 003123968 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 002591424 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionShim.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 003013928 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SPControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 003756600 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Swissarmy.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 002318976 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SwissarmyShim.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 005376736 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\TelemetryControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 004532536 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll 2025-09-08 09:02 - 2025-09-08 20:48 - 003453184 _____ (Access Denied) [File not signed?] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\VPNControllerImpl.dll 2009-08-18 11:24 - 2009-08-18 11:24 - 000167424 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll 2019-12-25 12:27 - 2019-12-25 12:27 - 002651136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll 2025-09-08 07:50 - 2025-09-08 07:50 - 000116736 ___SH (Stas'M Corp.) [File not signed] c:\program files\rdp wrapper\rdpwrap.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Version 11) (Whitelisted) ============= BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\ExternalApps\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2024-09-01] (Oracle America, Inc. -> Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2024-09-01] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\ExternalApps\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2024-09-01] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2024-09-01] (Oracle America, Inc. -> Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 06:04 - 2024-08-31 23:41 - 000001438 __RSH C:\Windows\system32\drivers\etc\hosts 127.0.0.1 license.piriform.com 127.0.0.1 www.license.piriform.com 127.0.0.1 speccy.piriform.com 127.0.0.1 www.speccy.piriform.com 127.0.0.1 recuva.piriform.com 127.0.0.1 www.recuva.piriform.com 127.0.0.1 defraggler.piriform.com 127.0.0.1 www.defraggler.piriform.com 127.0.0.1 ccleaner.piriform.com 127.0.0.1 www.ccleaner.piriform.com 127.0.0.1 license-api.ccleaner.com 2025-09-08 08:53 - 2025-09-08 08:55 - 000000722 _____ C:\Windows\system32\drivers\etc\hosts.ics 127.0.0.1 keystone.mwbsys.com 127.0.0.1 cloud-keystone.mwbsys-prod.com 127.0.0.1 holocron.mwbsys.com 127.0.0.1 cloud-holocron.mwbsys-prod.com 127.0.0.1 telemetry.malwarebytes.com 127.0.0.1 hubble.mb-cosmos.com 127.0.0.1 links.malwarebytes.com 127.0.0.1 subscribe-staging.mwbsys.com ==================== Network =========================== (Currently there is no automatic fix for this section.) DNS Servers: 192.168.43.1 Windows Firewall is enabled. ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\ HKU\S-1-5-21-4041630877-3052751684-3598553497-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DragonBorn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-4041630877-3052751684-3598553497-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: Bluetooth Device Monitor => 2 MSCONFIG\Services: Bluetooth Media Service => 2 MSCONFIG\Services: Bluetooth OBEX Service => 2 MSCONFIG\Services: CCleanerPerformanceOptimizerService => 3 MSCONFIG\Services: FoxitReaderUpdateService => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iBtSiva => 2 MSCONFIG\Services: InnovativeSolutions_monitor => 3 MSCONFIG\Services: ReviverSoft Smart Monitor Service => 2 MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\ExternalApps\Bluetooth\btmshellex.dll",TrayApp MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\ExternalApps\Internet Download Manager\IDMan.exe /onboot MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{29B3F357-1A07-4C8C-8B0C-DD20E2AEA1B3}] => (Allow) F:\bin\tools\aria2c.exe => No File FirewallRules: [{65D660B5-13BE-4FE0-82B3-55DC7933B444}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{020F005F-17B2-4D27-B676-CBD9B8C1F63F}E:\games\ravenfield\ravenfield.exe] => (Block) E:\games\ravenfield\ravenfield.exe () [File not signed] FirewallRules: [UDP Query User{83E1DE11-2E1D-4D20-A36E-11AF7052A7E7}E:\games\ravenfield\ravenfield.exe] => (Block) E:\games\ravenfield\ravenfield.exe () [File not signed] FirewallRules: [{1F874BA7-7E20-4DF5-9955-71D292FA278E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0C7C9E90-34FC-4D8F-A391-725C12D8F115}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3067A8EB-B589-4720-ABA6-4027800DCE8A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E5F350A9-E17E-4924-B83C-D939407E23D7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{EEC6D5D9-9F92-4834-BF4F-C09D94D2693B}E:\games\stronghold2\stronghold 2\stronghold2.exe] => (Block) E:\games\stronghold2\stronghold 2\stronghold2.exe (Firefly Studios) [File not signed] FirewallRules: [UDP Query User{35BDAB5B-FD35-4F35-B847-F47B37F187F8}E:\games\stronghold2\stronghold 2\stronghold2.exe] => (Block) E:\games\stronghold2\stronghold 2\stronghold2.exe (Firefly Studios) [File not signed] FirewallRules: [TCP Query User{70414582-5C2A-4B21-A5D2-E4A96CF65B93}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_251\bin\javaw.exe FirewallRules: [UDP Query User{8C62A2AB-931F-4CB0-A8F9-04347039E3DF}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_251\bin\javaw.exe FirewallRules: [{63E97641-1844-4EC6-898C-5622A319BD2F}] => (Block) C:\Program Files\ExternalApps\Screen Recorder\ScreenRecorder.exe (Guang Dong Ji Tong Zhi Neng Ke Ji You Xian Gong Si -> ) FirewallRules: [TCP Query User{CD19A680-E973-4855-BE9F-494657FAEE78}E:\games\tsev skyrim le\creationkit.exe] => (Block) E:\games\tsev skyrim le\creationkit.exe (Bethesda Softworks) [File not signed] FirewallRules: [UDP Query User{14D0BA92-1E57-4821-80C5-0F4FC7E0F4FE}E:\games\tsev skyrim le\creationkit.exe] => (Block) E:\games\tsev skyrim le\creationkit.exe (Bethesda Softworks) [File not signed] FirewallRules: [{B4A8F84F-3E8F-416D-B5F1-CD1FD2C8B367}] => (Allow) E:\Games\ZvsP\PlantsVsZombies.exe (PopCap Games -> ) FirewallRules: [{12902F24-D60B-4B6B-B5D0-0832E1531A9F}] => (Allow) E:\Games\ZvsP\PlantsVsZombies.exe (PopCap Games -> ) FirewallRules: [TCP Query User{02D08DE5-29EC-4FB2-96E8-B862B47ACB33}E:\games\battlefield 2 complete collection\bf2.exe] => (Block) E:\games\battlefield 2 complete collection\bf2.exe () [File not signed] FirewallRules: [UDP Query User{3597BE7A-1A2E-4AC9-9DA1-41C36EEBC7ED}E:\games\battlefield 2 complete collection\bf2.exe] => (Block) E:\games\battlefield 2 complete collection\bf2.exe () [File not signed] FirewallRules: [TCP Query User{0443A3CC-E515-4B8D-8CFA-2E48B9A7514E}C:\program files\java\jre1.8.0_251\bin\java.exe] => (Block) C:\program files\java\jre1.8.0_251\bin\java.exe FirewallRules: [UDP Query User{6406C9C4-2AFA-440F-AF6D-9BD36950D290}C:\program files\java\jre1.8.0_251\bin\java.exe] => (Block) C:\program files\java\jre1.8.0_251\bin\java.exe FirewallRules: [{25608579-F077-4A57-9A2D-6B368D900ED0}] => (Allow) E:\Games\StrongholdLegends\StrongholdLegends.exe (Firefly Studios) [File not signed] FirewallRules: [{76552A8D-01F6-43CD-981D-6EBFC4EE851B}] => (Allow) E:\Games\StrongholdLegends\StrongholdLegends.exe (Firefly Studios) [File not signed] FirewallRules: [TCP Query User{6E210596-2825-40F8-99EC-8BD79B7C8930}E:\games\dead or alive 5\game\game.exe] => (Block) E:\games\dead or alive 5\game\game.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.) [File not signed] FirewallRules: [UDP Query User{6E95E4EE-9CA2-4CC0-9695-20033B1C6D80}E:\games\dead or alive 5\game\game.exe] => (Block) E:\games\dead or alive 5\game\game.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.) [File not signed] FirewallRules: [{792B5F7E-1135-4157-B254-933725D1879C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{2BB693B4-B509-49DC-9B9B-AC5124A68BE1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{111CF7F4-0ED6-4356-B83E-9A3127F19F32}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{8DA6BFAA-BF5B-4534-80BE-8F29B8D270B8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{DDC5D5DF-855B-47F9-B04F-63542FD70808}] => (Allow) C:\ProgramData\Windows\rutserv.exe () [File not signed] FirewallRules: [{58A20F1B-B414-43CB-8F3B-CF3D74E2F298}] => (Block) LPort=139 FirewallRules: [{A55E773E-6268-4A5F-8AAE-24957C602398}] => (Block) LPort=445 FirewallRules: [{E67412A5-9F5C-4A6A-99D1-123C5FD6FA2D}] => (Block) LPort=139 FirewallRules: [{FFCF5619-821F-4F0B-B6CE-DA7B3EB7B738}] => (Block) LPort=445 FirewallRules: [{BA2DC1E8-C1F4-4BC5-8F94-BD9D22BAC0BD}] => (Allow) LPort=3389 FirewallRules: [{3D58EBDB-7F84-4471-AAC8-D3D4F60DBE81}] => (Allow) LPort=3389 FirewallRules: [{6984C919-0088-4E2B-9803-1D5E2DBE7559}] => (Allow) E:\Games\James Bond 007 BS\Bond.exe () [File not signed] FirewallRules: [{17040CB7-1729-4DA3-ACF4-EA370C464453}] => (Allow) E:\Games\James Bond 007 BS\Bond.exe () [File not signed] ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (09/08/2025 11:53:39 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, The specified service does not exist as an installed service. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (09/08/2025 11:53:39 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (09/08/2025 11:48:59 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, The specified service does not exist as an installed service. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator Error: (09/08/2025 11:48:59 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator Error: (09/08/2025 11:48:59 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, The specified service does not exist as an installed service. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Check If Volume Is Supported by Provider Add a Volume to a Shadow Copy Set Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 29 Snapshot Context: 29 Execution Context: Coordinator Provider ID: {00000000-0000-0000-0000-000000000000} Volume Name: \\?\Volume{ffa7ace0-67b9-11ef-8b4a-806e6f6e6963}\ Execution Context: Coordinator Error: (09/08/2025 11:48:59 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Check If Volume Is Supported by Provider Add a Volume to a Shadow Copy Set Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 29 Snapshot Context: 29 Execution Context: Coordinator Provider ID: {00000000-0000-0000-0000-000000000000} Volume Name: \\?\Volume{ffa7ace0-67b9-11ef-8b4a-806e6f6e6963}\ Execution Context: Coordinator Error: (09/08/2025 11:48:59 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, The specified service does not exist as an installed service. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator Error: (09/08/2025 11:48:59 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator System errors: ============= Error: (09/08/2025 11:53:26 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout. Error: (09/08/2025 11:46:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (09/08/2025 11:45:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (09/08/2025 11:45:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (09/08/2025 11:43:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (09/08/2025 11:40:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (09/08/2025 11:40:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (09/08/2025 11:40:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Windows Defender: ================ Date: 2025-09-08 08:41:43.910 Description: Windows Defender scan has been stopped before completion. Scan Type:AntiSpyware Scan Parameters:Full Scan Date: 2025-07-14 05:19:49.993 Description: Windows Defender scan has been stopped before completion. Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2024-09-13 21:57:27.951 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Diplugem&threatid=213571 Name:BrowserModifier:Win32/Diplugem Severity:High Category:Browser Modifier Path Found:file:c:\Program Files (x86)\SegmentStrengthener\SegmentStrengthener.dll;process:pid:1508,ProcessStart:133707216900996261;process:pid:1564,ProcessStart:133707216904596266;service:c336104f Detection Type:Concrete Detection Source:System Status:Unknown Process Name:C:\Windows\System32\svchost.exe Date: 2024-09-13 21:46:48.714 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Diplugem&threatid=213571 Name:BrowserModifier:Win32/Diplugem Severity:High Category:Browser Modifier Path Found:file:c:\Program Files (x86)\SegmentStrengthener\SegmentStrengthener.dll;process:pid:1508,ProcessStart:133707216900996261;process:pid:1564,ProcessStart:133707216904596266 Detection Type:Concrete Detection Source:System Status:Unknown Process Name:C:\Windows\System32\svchost.exe Event[0]: Date: 2024-09-10 03:05:14.768 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted:Current Error Code:0x80070002 Error description:The system cannot find the file specified. Signature version:0.0.0.0 Engine version:0.0.0.0 ==================== Memory info =========================== BIOS: American Megatrends Inc. 0509 08/26/2009 Motherboard: ASUSTeK Computer INC. P5KPL-SE Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 64% Total physical RAM: 3583.18 MB Available physical RAM: 1266.34 MB Total Virtual: 22013.32 MB Available Virtual: 19585.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:99.51 GB) (Free:17.17 GB) (Model: TOSHIBA DT01ACA050 ATA Device) NTFS Drive d: (Family&Media) (Fixed) (Total:150 GB) (Free:2.81 GB) (Model: TOSHIBA DT01ACA050 ATA Device) NTFS Drive e: (Games) (Fixed) (Total:215.76 GB) (Free:56.88 GB) (Model: TOSHIBA DT01ACA050 ATA Device) NTFS \\?\Volume{ffa7acdf-67b9-11ef-8b4a-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5EE99D3D) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=99.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=215.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================