Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows defender shuts down before full scan finishes.


  • This topic is locked This topic is locked
3 replies to this topic

#1 disneyjunkie

disneyjunkie

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 10 April 2016 - 10:42 AM

OTL Extras logfile created on: 4/10/2016 11:20:06 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jessi\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.90 Gb Total Physical Memory | 13.93 Gb Available Physical Memory | 87.61% Memory free
18.78 Gb Paging File | 17.18 Gb Available in Paging File | 91.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.69 Gb Total Space | 78.78 Gb Free Space | 66.37% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 448.45 Gb Free Space | 96.28% Space Free | Partition Type: NTFS
Drive E: | 1397.25 Gb Total Space | 1395.51 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-GPDDCON | User Name: jessi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 69 09 70 C1 A9 91 D1 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052685B6-DDD7-4AB1-8055-D5FEA869CDCA}" = dir=in | name=@{microsoft.bingweather_4.8.277.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{0534BAA6-4C31-4E83-9FE5-647E5D3B1D04}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} |
"{06539D3B-AC98-4BC1-8D9C-1B49056186D5}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{112C34F0-57A3-4425-918C-1C8936FD8225}" = dir=out | name=@{microsoft.getstarted_3.5.11.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{11CDA789-5734-4740-BE2F-F7292F78C5F8}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6769.40791.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{156E894F-FCBC-4417-8C6E-5421D7B2F73A}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{16BEC45D-C4C1-49E6-905E-297728BF2D1B}" = dir=out | name=microsoft solitaire collection |
"{188A4214-B437-4DE0-9F2D-C8879B908D78}" = dir=out | name=@{microsoft.windows.photos_16.325.12390.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{2188AA6A-8F27-441B-B826-28AB85703DE1}" = dir=out | name=@{microsoft.lockapp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{265BE2D7-3BCE-45E4-B914-F5ACCD584B16}" = dir=in | name=microsoft solitaire collection |
"{298EA95F-030A-47D5-BF3C-BDBAC6DE1C6E}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} |
"{2B3705C3-1D8C-4166-A555-932BA847491E}" = dir=out | name=@{microsoft.people_10.0.10811.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{36205793-1EA4-4CBF-B77D-FC163B0B47B9}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6769.40791.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{3E3FC70E-27AA-4854-A5C1-4A0A4EADC860}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{461AB23A-3704-442C-B047-EA35A639A111}" = dir=out | name=@{microsoft.accountscontrol_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{4EE29F00-546A-4B1A-838C-465F721146B0}" = dir=out | name=@{microsoft.windowsstore_2016.29.13.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{5449F36D-3BF5-4D8B-84FA-3EDF334A0588}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{57D39828-CC24-4B6C-8B97-FECB86936906}" = dir=out | name=fitbit |
"{5CEBD530-B1A5-4FE9-9B80-A9CD8927B893}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{64754A2D-50A5-4F06-8C38-2F334040DE97}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{65E1538C-D9F2-4FCD-9394-0D315B9523A5}" = dir=in | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{723F5516-83B4-4B21-BF3E-1A7891687AA3}" = dir=in | name=xbox |
"{7A400875-9433-4970-8034-6F5325E4A616}" = dir=out | name=@{microsoft.windowsmaps_4.1601.10150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{8407A272-2B0E-44E1-805A-C937CED8BDE5}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{87EA983B-2B7E-494D-ACBD-8FBAC0114AC5}" = dir=out | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{8B74B587-C349-4073-83E5-4C95BC50365E}" = dir=out | name=adobe photoshop express |
"{8DE5792C-12A6-4701-92B5-3950634B8411}" = dir=out | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{928E267B-D300-49EC-AB2C-42042D906DD0}" = dir=out | name=@{microsoft.bingnews_4.8.268.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{985EFCE8-3007-4AB3-A7D1-4D59B85483A8}" = dir=in | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{9D276331-C77C-4420-A1DC-DEBA7181995E}" = dir=out | name=@{a278ab0d.disneymagickingdoms_1.0.1.4_x86__h6adky7gbf63m?ms-resource://a278ab0d.disneymagickingdoms/resources/applicationname} |
"{9EF516B6-DA06-43B1-AD35-360B2DCEF98B}" = dir=in | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{A2C8B15A-4921-437C-BC6E-470899F52F2D}" = dir=out | name=netflix |
"{AED9D3FC-9207-4E74-8F81-9982036284CD}" = dir=in | name=netflix |
"{AF8CA3B3-9BE8-4587-9F62-C74C93C7EEE7}" = dir=in | name=@{microsoft.windowsstore_2016.29.13.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{B1277F60-F3F7-4059-BC18-9F14785FD01F}" = dir=out | name=@{microsoft.bingweather_4.8.277.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{B6E12CEE-7682-48B0-AC4F-94D01CE2DE63}" = dir=in | name=@{microsoft.bingnews_4.8.268.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{BB2A95B2-5CED-4728-BEBF-A44BA6FFE45A}" = dir=in | name=sway |
"{C2E2049C-D165-4C98-9AC3-164BE4AE0FCA}" = dir=in | name=onenote |
"{C3534261-580C-4D58-B291-2A136B877C38}" = dir=out | name=sway |
"{C5A6AF3E-2D4D-432C-AFF0-03E1EF5E8F8A}" = dir=in | name=@{microsoft.windows.photos_16.325.12390.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{D38C7BE3-0BBB-4441-8599-0DBFFB2DB3DC}" = dir=in | name=adobe photoshop express |
"{D980C63D-88FE-4F7D-8741-D3D7325E9A23}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{DB45C7FB-89E8-40C3-8F2A-B281302EC731}" = dir=out | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{DFDF010A-4008-4919-8EF2-D3DDF5801CEF}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{E5A2B55C-9E17-401B-AB51-FFE91A865B74}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} |
"{E5AE7605-72C9-4820-92EC-D234448AF038}" = dir=out | name=@{microsoft.zunemusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{ECA70B4B-EA48-4FBA-9542-7190C56A7177}" = dir=out | name=xbox |
"{F093719A-265F-4735-BE7E-9AC9DEC5B9E8}" = dir=in | name=@{a278ab0d.disneymagickingdoms_1.0.1.4_x86__h6adky7gbf63m?ms-resource://a278ab0d.disneymagickingdoms/resources/applicationname} |
"{F27C3231-BB04-4445-966A-C3838E8CCD7F}" = dir=out | name=onenote |
"{FAC87157-4279-41DA-A317-DE2C659D461B}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06875F50-592B-63B4-7C06-F2857EEE7C8F}" = AMD Radeon Settings
"{175B4F7D-78B3-C918-0B90-6B0AB08C13C9}" = Catalyst Control Center Next Localization BR
"{22D9A80A-FDD0-604F-EE11-84B9A78D72F7}" = Catalyst Control Center Next Localization EL
"{25EB4D76-20B3-E658-399A-933E70E85FE8}" = Catalyst Control Center Next Localization CS
"{29479D33-D9B9-0FAB-B3F0-7CD16B6B611D}" = Catalyst Control Center Next Localization CHS
"{2DA1063D-FE21-D819-A99C-13C34864CDAD}" = Catalyst Control Center Next Localization DE
"{2ECEDF72-0C28-B694-7149-39F88E899493}" = Catalyst Control Center Next Localization JA
"{341B5E60-B0C9-58FD-BFE8-9A1D524BAB1F}" = Catalyst Control Center Next Localization CHT
"{396FF2B1-6FD6-4BA4-AA6D-3C909E8D12FF}" = FMW 1
"{3DB0C4BA-37EE-A3E1-F80C-3EDB5AA203A2}" = Catalyst Control Center Next Localization NO
"{5A65C20E-F239-A80C-D550-AFE8F88B11B4}" = Catalyst Control Center Next Localization IT
"{5ACE0214-DB28-9ED6-E247-F07CF81AC1AF}" = Catalyst Control Center Next Localization ES
"{78ACE60E-0CB7-4935-BCD4-F33422105607}" = AMD Settings - Branding
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{94BF308C-4DB7-2286-D917-1AA237280A0C}" = Catalyst Control Center Next Localization HU
"{9A9FB48A-EBB1-665E-DB29-B2FECCCD59E8}" = Catalyst Control Center Next Localization DA
"{9F11B70E-FE0B-9830-D5B8-9FD15B980123}" = Catalyst Control Center Next Localization NL
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B03568CA-336E-A0C2-7C15-4AD826D03D88}" = Catalyst Control Center Next Localization TR
"{B0D87120-6049-36ED-C233-229B82474373}" = Catalyst Control Center Next Localization RU
"{BAB5C2A4-59AE-F873-756E-F6E054501D18}" = Catalyst Control Center Next Localization PL
"{C2746832-43BE-8590-3EEE-19984585C101}" = Catalyst Control Center Next Localization FI
"{C8048A0E-274F-1E7B-2DBB-FA290A92DB36}" = Catalyst Control Center Next Localization FR
"{E0727A5E-2374-CC36-71F6-8274E4638588}" = AMD Install Manager
"{E7D4B73C-C643-FEFC-81CA-8F9F1757E668}" = Catalyst Control Center Next Localization SV
"{EB35416E-D6F2-B385-2AA8-B3EF09396085}" = Catalyst Control Center Next Localization TH
"{ECCFBBAA-5D4D-8C5F-83FE-965A6C78F98D}" = Catalyst Control Center Next Localization KO
"8B3D7924-ED89-486B-8322-E8594065D5CB_is1" = RogueKiller version 12
"AMD Catalyst Install Manager" = AMD Install Manager
"CCleaner" = CCleaner
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{26A24AE4-039D-4CA4-87B4-2F83218077F0}" = Java 8 Update 77
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56F20B16-D527-24CE-4EF9-3D7B3E86E929}" = AMD Settings
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{C28E8D4A-C424-71CF-DFBE-597810641712}" = Catalyst Control Center InstallProxy
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"Glyph" = Glyph
"Glyph Devilian Live-US" = Devilian Live-US
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"Mozilla Firefox 45.0.1 (x86 en-GB)" = Mozilla Firefox 45.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.95
"VLC media player" = VLC media player
"WinPcapInst" = WinPcap 4.1.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/8/2016 1:58:17 PM | Computer Name = DESKTOP-GPDDCON | Source = Windows Search Service | ID = 3057
Description =
 
Error - 4/8/2016 1:58:17 PM | Computer Name = DESKTOP-GPDDCON | Source = Windows Search Service | ID = 3029
Description =
 
Error - 4/8/2016 1:58:17 PM | Computer Name = DESKTOP-GPDDCON | Source = Windows Search Service | ID = 3028
Description =
 
Error - 4/8/2016 1:58:17 PM | Computer Name = DESKTOP-GPDDCON | Source = Windows Search Service | ID = 3058
Description =
 
Error - 4/8/2016 1:58:17 PM | Computer Name = DESKTOP-GPDDCON | Source = Windows Search Service | ID = 7010
Description =
 
Error - 4/9/2016 10:20:46 AM | Computer Name = DESKTOP-GPDDCON | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.
 
Error - 4/9/2016 10:20:46 AM | Computer Name = DESKTOP-GPDDCON | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1
 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.
 
Error - 4/9/2016 10:20:46 AM | Computer Name = DESKTOP-GPDDCON | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1
 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.
 
Error - 4/9/2016 10:40:49 AM | Computer Name = DESKTOP-GPDDCON | Source = Application Error | ID = 1000
Description = Faulting application name: _DK_Entrypoint_DLC.exe, version: 0.0.0.0,
 time stamp: 0x5702351b  Faulting module name: msvcr120_app.dll, version: 12.0.21005.1,
 time stamp: 0x524f7cdd  Exception code: 0xc0000409  Fault offset: 0x0007c48b  Faulting
 process id: 0x1a78  Faulting application start time: 0x01d1926b8a4c2ba7  Faulting application
 path: C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_1.0.1.4_x86__h6adky7gbf63m\_DK_Entrypoint_DLC.exe
Faulting
 module path: C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\msvcr120_app.dll
Report
 Id: 70cb9638-6055-4d41-8666-2d8ba0dc2b22  Faulting package full name: A278AB0D.DisneyMagicKingdoms_1.0.1.4_x86__h6adky7gbf63m
Faulting
 package-relative application ID: App
 
Error - 4/10/2016 11:21:04 AM | Computer Name = DESKTOP-GPDDCON | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
[ System Events ]
Error - 4/9/2016 3:03:27 PM | Computer Name = DESKTOP-GPDDCON | Source = DCOM | ID = 10016
Description =
 
Error - 4/9/2016 3:03:27 PM | Computer Name = DESKTOP-GPDDCON | Source = Service Control Manager | ID = 7031
Description = The Sync Host_317f2 service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
Error - 4/9/2016 3:03:27 PM | Computer Name = DESKTOP-GPDDCON | Source = Service Control Manager | ID = 7031
Description = The Contact Data_317f2 service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
Error - 4/9/2016 3:03:27 PM | Computer Name = DESKTOP-GPDDCON | Source = Service Control Manager | ID = 7031
Description = The User Data Storage_317f2 service terminated unexpectedly.  It has
 done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
Error - 4/9/2016 3:03:27 PM | Computer Name = DESKTOP-GPDDCON | Source = Service Control Manager | ID = 7031
Description = The User Data Access_317f2 service terminated unexpectedly.  It has
 done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
Error - 4/9/2016 11:17:12 PM | Computer Name = DESKTOP-GPDDCON | Source = DCOM | ID = 10016
Description =
 
Error - 4/9/2016 11:17:12 PM | Computer Name = DESKTOP-GPDDCON | Source = Service Control Manager | ID = 7031
Description = The Sync Host_963eea service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
Error - 4/9/2016 11:17:12 PM | Computer Name = DESKTOP-GPDDCON | Source = Service Control Manager | ID = 7031
Description = The Contact Data_963eea service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
Error - 4/9/2016 11:17:12 PM | Computer Name = DESKTOP-GPDDCON | Source = Service Control Manager | ID = 7031
Description = The User Data Storage_963eea service terminated unexpectedly.  It
has done this 1 time(s).  The following corrective action will be taken in 10000
 milliseconds: Restart the service.
 
Error - 4/9/2016 11:17:12 PM | Computer Name = DESKTOP-GPDDCON | Source = Service Control Manager | ID = 7031
Description = The User Data Access_963eea service terminated unexpectedly.  It has
 done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds:
 Restart the service.
 
 
< End of report >
the last part is from windows defender shutting pc down, i have no virus's ran trend micro online scanner, also i cant use combofix not capable with windows 10, my pc is clean of any virus's from  trend micro and virus total as i went and scanned most of my files. i have also re installed windows no end in site
 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:57 PM

Posted 10 April 2016 - 08:59 PM

Greetings disneyjunkie and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Edited by Oh My!, 10 April 2016 - 09:01 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:57 PM

Posted 13 April 2016 - 08:47 AM

Greetings,

===================================================

3 Day Bump

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:57 PM

Posted 15 April 2016 - 11:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users