Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious activity and lots of svchost tasks


  • This topic is locked This topic is locked
31 replies to this topic

#1 DannyBoyRP

DannyBoyRP

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 09 May 2017 - 02:17 PM

I posted this on Am I infected? What do I do? but I was asked to post this here, so I'll try to write down most of the the important stuff in the thread!

So,

 

 Hi, few days ago I was working on my computer, and I found that my task manager contains a lot of windows processes,  which it used to be just a few just like on any other machine

I dont recall opening any suspecious files or installing any programs., i was mostly just playing overwatch.

I had to stop playing because my trusty partner with basic knowledge in computer sent me an image and skype made a popout message "Not enough storage is available to process this command" although I have about 60gb left on my hard drive, then skype quitted itself and i couldnt login because skype was accusing me of already being logged on my computer.

I applied an new firmware on skype which fixed it and I was able to log in.

Then i saw the large archive of running services on my task manager and a lot of them are related to remote desktop despite having remote control turned off

I regularly check my task manager because im a security freak and I usually have about  around 10 all related svchost windows tasks, not until few days ago

Along with the new huge list of windows processes that appeared out of the blue, I can tell by the title what some of them do and plenty of others I dont, and I suspect that someone is trying to backdoor attack me and is using all necessary network file sharing and remote tasks to manipulate my computer
I havent really installed any new programs or opened any untrusty files nor seen any new installed software, unless I acted too fast.

I had still a fair number of windows processes even after updating my computer to the creators update and it might only added a task or two but not about 30 of them.

 

heres screenshots of the windows processes:

x

x

x

 

I am currently using Safe Mode,

I was trying to use Windows Defender, but when I try to access Update & Security through the settings, the page just crashes.

I was trying to independently search for windows Defender through the search bar, and once I would click on Defender, I would get this message:

 

tumblr_ophtq16Vm11rbrh4ro4_r1_1280.png

 

Despite being the only user on my operating system

 

I do understand the concept of svchosts and I am reporting this because I feel like I have an unusual 

I feel like I am infected or someone found a way to access my computer without alerting any anti viruses

 

Update:

I have asked a friend who has the creators update to share screenshots of his Task Manager, and it seems that he has many processes too, which puts me in ease, but the only difference between my process and his are that I have Remote Desktop process running while they don't.
I also ran Rkill and I got some results involving incorrect ServiceDLL, Incorrect ImagePath and about 12 missing services, I think the files have been altered?

 

I also took screenshots of my services during normal boot of reference:

http://pasteboard.co/34gCkyJ30.png

http://pasteboard.co/34gY2dIuj.png

http://pasteboard.co/34heOJI3I.png

http://pasteboard.co/34htbGatB.png

http://pasteboard.co/34hKLs6c3.png

http://pasteboard.co/34j0MTVj3.png

 

I also make sure to disable remote everytime I flash a new OS, just like that

34P5nXaW2.png

 

So I dont understand why remote would still be running on my computer (it hasnt before, it is now)

 

I feel like someone is trying to find way to access my computer without alerting any programs, or steal my files or take any kind of control 

 

I have scanned with Malwarebytes, Hitman Pro, ESET, Junkware removel, but they found nothing 

 

I also did scan with Rkill, MTB, SecurityCheck, AdwCleaner so I will post their logs in the next comment! 

Attached Files



BC AdBot (Login to Remove)

 


#2 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 09 May 2017 - 02:20 PM

All of the scans have been performed in Safe Mode

 

 

Rkill log:

 

 

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)

Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/05/2017 10:01:46 PM in x64 mode. (Safe Mode)
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * agp440 [Missing Service]
 * DcpSvc [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
* No issues found.
 
Program finished at: 05/05/2017 10:04:16 PM
Execution time: 0 hours(s), 2 minute(s), and 30 seconds(s)
 

 

MTB

 

 

MiniToolBox by Farbar  Version: 17-06-2016

Ran by Dan (administrator) on 06-05-2017 at 03:02:00
Running from "C:\Users\Dan\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: H97M-D3H Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Network
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
0.0.0.0 keystone.mwbsys.com
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Bluetooth Network Connection 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : ExtraDan
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : FC-AA-14-82-5A-90
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ddea:1541:dd9b:c6c5%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, May 5, 2017 8:29:33 PM
   Lease Expires . . . . . . . . . . : Saturday, May 6, 2017 3:53:52 AM
   Default Gateway . . . . . . . . . : 10.0.0.138
   DHCP Server . . . . . . . . . . . : 10.0.0.138
   DHCPv6 IAID . . . . . . . . . . . : 66890260
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-DA-78-86-FC-AA-14-82-5A-90
   DNS Servers . . . . . . . . . . . : 10.0.0.138
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  10.0.0.138
 
Name:    google.com
Addresses:  2a00:1450:400a:804::200e
 81.218.16.222
 81.218.16.217
 81.218.16.236
 81.218.16.237
 81.218.16.241
 81.218.16.242
 81.218.16.212
 81.218.16.246
 81.218.16.221
 81.218.16.226
 81.218.16.247
 81.218.16.227
 81.218.16.216
 81.218.16.251
 81.218.16.232
 81.218.16.231
 
 
Pinging google.com [212.179.154.247] with 32 bytes of data:
Reply from 212.179.154.247: bytes=32 time=10ms TTL=59
Reply from 212.179.154.247: bytes=32 time=9ms TTL=59
 
Ping statistics for 212.179.154.247:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 10ms, Average = 9ms
Server:  UnKnown
Address:  10.0.0.138
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=160ms TTL=50
Reply from 98.139.183.24: bytes=32 time=153ms TTL=50
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 153ms, Maximum = 160ms, Average = 156ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...fc aa 14 82 5a 90 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.0.0.138         10.0.0.4     35
         10.0.0.0    255.255.255.0         On-link          10.0.0.4    291
         10.0.0.4  255.255.255.255         On-link          10.0.0.4    291
       10.0.0.255  255.255.255.255         On-link          10.0.0.4    291
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link          10.0.0.4    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link          10.0.0.4    291
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 11    291 fe80::/64                On-link
 11    291 fe80::ddea:1541:dd9b:c6c5/128
                                    On-link
  1    331 ff00::/8                 On-link
 11    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/05/2017 08:51:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: EXTRADAN)
Description: Activation of app Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/05/2017 08:29:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/05/2017 10:42:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/05/2017 10:35:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: EXTRADAN)
Description: Activation of app Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/05/2017 10:25:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: EXTRADAN)
Description: Activation of app Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/05/2017 05:39:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/05/2017 05:39:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/05/2017 05:33:55 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (05/05/2017 05:29:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: EXTRADAN)
Description: Activation of app Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/05/2017 05:27:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: HitmanPro_x64.exe, version: 3.7.18.284, time stamp: 0x58b7ed45
Faulting module name: HitmanPro_x64.exe, version: 3.7.18.284, time stamp: 0x58b7ed45
Exception code: 0xc0000005
Fault offset: 0x00000000002bfb49
Faulting process id: 0x1270
Faulting application start time: 0xHitmanPro_x64.exe0
Faulting application path: HitmanPro_x64.exe1
Faulting module path: HitmanPro_x64.exe2
Report Id: HitmanPro_x64.exe3
Faulting package full name: HitmanPro_x64.exe4
Faulting package-relative application ID: HitmanPro_x64.exe5
 
 
System errors:
=============
Error: (05/06/2017 03:01:33 AM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%646 = The driver was not loaded because the system is booting into safe mode.
 
 
Error: (05/06/2017 03:01:03 AM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%646 = The driver was not loaded because the system is booting into safe mode.
 
 
Error: (05/06/2017 03:00:47 AM) (Source: DCOM) (User: EXTRADAN)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/06/2017 03:00:19 AM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%646 = The driver was not loaded because the system is booting into safe mode.
 
 
Error: (05/06/2017 03:00:11 AM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%646 = The driver was not loaded because the system is booting into safe mode.
 
 
Error: (05/06/2017 02:59:38 AM) (Source: DCOM) (User: EXTRADAN)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/06/2017 02:57:24 AM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%646 = The driver was not loaded because the system is booting into safe mode.
 
 
Error: (05/06/2017 02:57:19 AM) (Source: DCOM) (User: EXTRADAN)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (05/06/2017 02:57:19 AM) (Source: DCOM) (User: EXTRADAN)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/06/2017 02:57:14 AM) (Source: DCOM) (User: EXTRADAN)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
Microsoft Office Sessions:
=========================
Error: (05/05/2017 08:51:23 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: EXTRADAN)
Description: Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI-2144927149
 
Error: (05/05/2017 08:29:36 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Pixologic\ZBrush 4R7 Trial\ZBrush64.exe
 
Error: (05/05/2017 10:42:16 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Pixologic\ZBrush 4R7 Trial\ZBrush64.exe
 
Error: (05/05/2017 10:35:04 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: EXTRADAN)
Description: Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI-2144927149
 
Error: (05/05/2017 10:25:24 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: EXTRADAN)
Description: Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI-2144927149
 
Error: (05/05/2017 05:39:09 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Pixologic\ZBrush 4R7 Trial\ZBrush64.exe
 
Error: (05/05/2017 05:39:08 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.OpenMP,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Pixologic\ZBrush 4R7 Trial\ZBrush64.exe
 
Error: (05/05/2017 05:33:55 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (05/05/2017 05:29:23 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: EXTRADAN)
Description: Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI-2144927149
 
Error: (05/05/2017 05:27:02 AM) (Source: Application Error)(User: )
Description: HitmanPro_x64.exe3.7.18.28458b7ed45HitmanPro_x64.exe3.7.18.28458b7ed45c000000500000000002bfb49127001d2c543fd9c65ffC:\Users\Dan\Downloads\HitmanPro_x64.exeC:\Users\Dan\Downloads\HitmanPro_x64.exe527a0bda-3f58-45e1-b18e-4c0d88023681
 
 
CodeIntegrity Errors:
===================================
  Date: 2017-05-06 02:57:12.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-06 02:57:12.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-05 21:30:51.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-05 21:30:51.790
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-05 05:28:18.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-05 05:28:18.584
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-05 04:37:15.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-05 04:37:15.787
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-05 02:03:15.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-05 02:03:15.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
3DMark (HKLM\...\{603713C3-7D7C-4819-AC94-958733273DE5}) (Version: 2.0.1979.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{e53b11bf-1f8b-4f59-a41d-d393c76d1dd8}) (Version: 2.0.1979.0 - Futuremark)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.1 - Adobe Systems Incorporated)
Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_1) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Arma 3 (HKLM-x32\...\Arma 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.9 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\{5AAB972C-FF31-4B01-8445-50C42860EC02}) (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk DirectConnect 2014 64-bit (HKLM\...\{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}) (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2016 64-bit (HKLM\...\{7A12802C-4864-423D-9732-3A22577CE006}) (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Maya 2014 (HKLM\...\{7FA8BC5D-7CE4-42F3-8EAE-32DF5BAB53A7}) (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
AutoSizer (HKLM-x32\...\AutoSizer) (Version:  - )
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{EC626F6F-3526-C80C-3CC9-EB3F3B20B8C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{72A0BB4A-ED3B-ABCE-707E-855A2833424B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{6EF76511-DB53-EF97-A67F-C510F0D3A607}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A883BFFF-7D24-0348-6DA5-E058AB32C74C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{FBE51802-F5C4-6173-3898-6316E851AEE3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{2292D603-AA12-4E90-9BA5-006A89BE4DFA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{78656F93-DC4D-8A9E-EF4B-C3E9966AEB71}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{18DABEF2-7BCC-DD00-75AF-5CED3E98BC03}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{21C7203C-7553-C842-76B4-28121B764AF2}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{54E0ECAE-2493-C060-50FC-FB76362E244B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{FD00C0C9-931A-B3A5-B447-064712B75464}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{869023C0-6C59-DE29-E784-5C17FF437D58}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{52DD3B69-6A64-4490-19D0-1D74E95548B7}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{054227D7-02E0-6851-702F-278C8A691B62}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{4D8D4C57-922B-DDE5-69B6-306C73095A92}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CB72D097-6809-3190-0673-FF8C0C35FF5A}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{C7CAF070-C770-102B-047F-DBF64A070404}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{F41BD959-2B8C-F95F-C154-0370087F8675}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{AC16BF96-A751-98D1-C17F-B054CABC82BE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{B3E4AE50-8C3E-5AFB-BBB4-8E58AECCC3F6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8D897819-1CEE-46A4-3445-AE1F61A22AEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
CLIP STUDIO 1.6.2 (HKLM-x32\...\{D10EA45D-4594-4405-90C6-9E9ADD1192CA}) (Version: 1.6.2 - CELSYS)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.4.1 - CELSYS)
CLIP STUDIO PAINT 1.6.2 (HKLM-x32\...\{88B5A062-DDA1-4F62-A4DD-95D0C4F19979}) (Version: 1.6.2 - CELSYS)
Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)
Components Setup (HKLM-x32\...\{BDDEE95D-0671-4A38-AAF3-2A7D5801B323}) (Version: 1.00.0000 - Vimicro Corporation) Hidden
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Darksiders Warmastered Edition (HKLM-x32\...\1430901154_is1) (Version: 2.0.0.2 - GOG.com)
DesignDoll (HKCU\...\a94d3e1b3ab3bea6) (Version: 1.4.0.0 - Terawell)
Discord (HKCU\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Dragon Age Inquisition v.1.11.u10 (HKLM-x32\...\Dragon Age Inquisition_is1) (Version:  - )
DRAGON BALL XENOVERSE 2 (HKLM-x32\...\DRAGON BALL XENOVERSE 2_is1) (Version:  - )
Drawpile 1.0.2 (HKLM-x32\...\{DC47B534-E365-4054-85F0-2E7C6CCB76CC}_is1) (Version: 1.0.2 - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 25.4.28 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FaceRig (HKLM\...\Steam App 274920) (Version:  - Holotech Studios)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Flash Decompiler Trillix (HKLM-x32\...\Flash Decompiler Trillix_is1) (Version: 5.3 - Eltima Software)
Franz Ferdinand's Chinese Food Anxiety Disorder (HKLM-x32\...\Steam App 445730) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{5052D282-C9AE-48CC-A9F5-17058BEEAA50}) (Version: 4.45.590.0 - Futuremark)
Geeks3D FurMark 1.15.2.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GitHub (HKCU\...\5f7eb300e2ea4ebf) (Version: 3.3.3.0 - GitHub, Inc.)
Google Chrome Canary (HKCU\...\Google Chrome SxS) (Version: 60.0.3089.0 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoPro App (HKLM-x32\...\{F521FF84-E690-40CF-977C-4103A4D8E5D0}) (Version: 5.7.549 - GoPro, Inc.) Hidden
GoPro Studio 2.5.7 (HKLM-x32\...\{b996dca2-156c-4d2c-b9a3-59fac08cef33}) (Version: 2.5.7.549 - GoPro, Inc.)
Grand Theft Auto V version v.1.0.350.1 (HKLM-x32\...\Grand Theft Auto V_is1) (Version: v.1.0.350.1 - GMT-MAX.ORG)
GUILTY GEAR Xrd SIGN (HKLM-x32\...\GUILTY GEAR Xrd SIGN_is1) (Version:  - )
Hash Tool (HKLM\...\Hash Tool_is1) (Version: 1.1 - DigitalVolcano)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.18.284 - SurfRight B.V.)
HP Deskjet 4640 series Basic Device Software (HKLM\...\{81DC7FEB-87CF-4E3E-8A1C-83C837215DC7}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 4640 series Help (HKLM-x32\...\{8DF1C066-BBD8-4B9F-A5BC-AC555C9A872F}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Hyper Light Drifter (HKLM\...\aHlwZXJsaWdodGRyaWZ0ZXI_is1) (Version: 1 - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iFunbox (v3.0.3109.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3109.1352 - iFunbox DevTeam)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IM Magician (HKLM-x32\...\{A5742726-2180-4253-83A7-53558486A7A2}) (Version: 1.00.0001 - Vimisoft Studio)
InklingSketchManager (HKLM-x32\...\{EE64C6B1-C1D2-4034-9E1F-A3B641E0C7A0}) (Version: 1.03.05 - Wacom  Co. Ltd.)
InstantStorm 2.0.1 (HKLM-x32\...\InstantStorm_is1) (Version: 2.0.1 - Jan Kolarik and Ondrej Vaverka)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel® Driver Update Utility 2.2.0.5 (HKLM-x32\...\{C4FB3CF4-C845-4746-A9F5-476908266433}) (Version: 2.2.0.1 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Jack (HKLM-x32\...\Jack) (Version:  - )
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
join.me (HKCU\...\JoinMe) (Version: 2.15.1.2601 - LogMeIn, Inc.)
join.me.launcher (HKLM-x32\...\{910ECE43-4D0D-4FAB-BE1F-6992F0495624}) (Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 7.1.2 - JPEXS)
Krita Desktop (x64) 2.99.89.0 (HKLM\...\{350B584A-B4D2-497A-9932-D39CFE9BFB77}) (Version: 2.99.89.0 - Krita Foundation)
Leap Motion plug-in for Autodesk Maya 2014 (HKLM\...\{35B63B2E-4C62-3A40-FA01-6AAAC81BB534}) (Version: 1.0.4 - Autodesk)
Leap Motion Software (HKLM-x32\...\Leap Services) (Version: 2.3.1.31549 - Leap Motion)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LG AirDrive (HKLM-x32\...\{101E5DB3-07FA-4E52-8923-05068C94CF43}) (Version: 1.2.60617.11 - LG Electronics)
LG Bridge (HKLM-x32\...\LG Bridge) (Version: 1.2.34 - LG Electronics)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
LGThemePark (HKLM-x32\...\{0D161183-225A-4ED0-9A10-2D3BE621A86D}) (Version: 1.0.8 - LG Electronics)
LGUP for Store (HKLM-x32\...\{27FDA0D1-5BEA-427A-913C-FF050C211674}) (Version: 1.14.3 - LG Electronics)
Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version:  - )
LIGHTNING RETURNS FINAL FANTASY XIII (HKLM-x32\...\LIGHTNING RETURNS FINAL FANTASY XIII_is1) (Version:  - )
Mafia III v.1.010 (HKLM-x32\...\Mafia III_is1) (Version:  - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.6 - Smith Micro)
Mass Effect Andromeda version [build_170404] (HKLM-x32\...\Mass Effect Andromeda_is1) (Version: [build_170404] - RePack by SEYTER)
MediBang Paint Pro 5.2 (HKLM\...\MediBang Paint Pro_is1) (Version: 5.2 - Medibang)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
Metal Gear Solid V: The Phantom Pain (HKLM-x32\...\{48397BFF-7C01-4B64-8F1A-0D468DDE5D73}_is1) (Version:  - Kojima Productions)
Microphone Pass-through(Playback) Emulator 1.5.1 (HKLM-x32\...\{9AD0C1EE-A944-43D6-97A5-D8BB7BCAF2F8}_is1) (Version: 1.5.1 - Majiastic Computer)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version:  - )
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
MKVCleaver x64 (HKLM\...\{1256E11A-B91F-4869-9DC3-EBCC7466314C}) (Version: 6.0.7 - Ilia Bakhmoutski)
MKVToolNix 9.0.1 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 9.0.1 - Moritz Bunkus)
MorphVOX Pro (HKLM-x32\...\{d92c88d7-75c9-461f-a55e-1f4f66e82bfe}) (Version: 4.4.25.18818 - Screaming Bee)
MorphVOX Pro (HKLM-x32\...\{F9E1E22B-B7AB-4E7B-B6F6-C2F365E8EA22}) (Version: 4.4.25.18818 - Screaming Bee) Hidden
Mozilla Firefox 40.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSI DragonEye (HKLM\...\{7116875E-F251-4C33-AB3F-37DE05B15595}_is1) (Version: 0.0.2.4 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.0.0.30 - MSI)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.5 - Black Tree Gaming)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA Apollo 11 Demo (HKLM-x32\...\Apollo 11) (Version: 1.03 - NVIDIA Corporation)
NVIDIA FaceWorks: Real-time Performance Capture Demo (HKLM-x32\...\FaceWorks) (Version: 1.0 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 44.0.2510.857 (HKLM-x32\...\Opera 44.0.2510.857) (Version: 44.0.2510.857 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.4.6.33873 - Electronic Arts, Inc.)
Outlast 2 (HKLM-x32\...\Outlast 2_is1) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Peridot (HKLM-x32\...\Peridot_is1) (Version:  - )
Peridot Dance (HKLM-x32\...\Peridot Dance_is1) (Version:  - )
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.18.0-r120084-release - Plays.tv, LLC)
Popcorn Time (HKCU\...\Popcorn Time) (Version:  - Popcorn Official)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Product Improvement Study for HP Deskjet 4640 series (HKLM\...\{D4AE800D-93CD-4F38-8897-ED2FCF6FF8F3}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Project CARS v.6.0 (HKLM-x32\...\Project CARS_is1) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.5.2 (32-bit) (HKCU\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.8-r120085-release - Raptr, Inc)
RavKavOnline (HKLM\...\{640D6E6A-DA93-40E8-A108-69FD556E8F0A}) (Version: 0.1.4 - Pcentra)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.14.2 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.302 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)
Shantae and the Pirate's Curse (HKLM\...\Steam App 345820) (Version:  - WayForward)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.3.0 - ShareX Team)
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.9.0.16 - GOG.com)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)
Skullgirls ∞Endless Beta∞ (HKLM-x32\...\Steam App 208610) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.102 - Skype Technologies S.A.)
Sonic Adventure DX (HKLM-x32\...\Steam App 71250) (Version:  - SEGA)
SONIC THE HEDGEHOG 4 Episode I (HKLM-x32\...\Steam App 202530) (Version:  - SEGA)
SONIC THE HEDGEHOG 4 Episode II (HKLM-x32\...\Steam App 203650) (Version:  - SEGA)
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Speakonia (HKLM-x32\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR Performance Test (HKLM\...\Steam App 323910) (Version:  - Valve)
Syncplay (HKLM-x32\...\Syncplay) (Version: 1.4.0 - Syncplay)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.1 - Synthesia LLC)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Toon Boom Harmony 12.2 Premium (HKLM-x32\...\{37A0270E-F94F-493C-800A-50FCB2C186FF}) (Version: 12.2.0 - Toon Boom Animation)
Toon Boom Harmony 14.0 Premium (HKLM-x32\...\{4F638DCC-7080-43DF-BF56-3089A743EAF1}) (Version: 14.0.0 - Toon Boom Animation)
Trespasser (HKLM-x32\...\DreamWorks Interactive: Trespasser) (Version:  - )
TumblRipper (HKLM-x32\...\{39CCA8F3-19C1-4246-B4BA-8174D665407C}_is1) (Version: 2.17 - TumblRipper)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{E51EAA08-F838-4CCE-B011-A82469BE6CC5}) (Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.6.3.0 (HKLM-x32\...\{da31aa25-410a-4c1b-9ec0-114dd8dff786}) (Version: 1.6.23313.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 17.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VFW_Codec32 (HKLM-x32\...\{FD85BB37-D0AD-4684-B052-4CE9DF72455A}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{68413D4F-C3C9-4B6F-9B39-AC7444C8C05C}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 1.23 - NCH Software)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.21-10 - Wacom Technology Corp.)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebM Project Directshow Filters (HKCU\...\webmdshow) (Version:  - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WhatsApp (HKCU\...\WhatsApp) (Version: 0.2.776 - WhatsApp)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
WinRAR 5.50 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.1 - win.rar GmbH)
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
Wondershare Dr.Fone for iOS(Build 7.0.1.9) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 7.0.1.9 - Wondershare Software Co.,Ltd.)
Xilisoft HD Video Converter (HKLM-x32\...\Xilisoft HD Video Converter) (Version: 7.8.10.20150812 - Xilisoft)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit Broadcaster (HKLM-x32\...\{6EB8DF46-3227-40E5-A215-50E1C9620B7C}) (Version: 2.5.1509.0807 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{083E9AF8-1900-4D7A-AB08-0B4BB98D2848}) (Version: 2.7.1512.1839 - SplitmediaLabs)
Yooka-Laylee (HKLM-x32\...\1445853962_is1) (Version: 1.0 - GOG.com)
ZBrush 4R7 Trial (HKLM-x32\...\ZBrush 4R7 Trial 4R7 Trial) (Version: 4R7 Trial - Pixologic)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 48%
Total physical RAM: 12153 MB
Available physical RAM: 6207.89 MB
Total Virtual: 16761 MB
Available Virtual: 10748.55 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:465.32 GB) (Free:62.73 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:232.54 GB) (Free:44.82 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\EXTRADAN
 
Administrator            Dan                      DefaultAccount           
Guest                    
 
========================= Restore Points ==================================
 
20-04-2017 23:05:20 Scheduled Checkpoint
01-05-2017 22:23:46 Scheduled Checkpoint
 
**** End of log ****

 

SecurityCheck

 

 

Results of screen317's Security Check version 1.014 --- 12/23/15  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Microsoft VisualStudio JavaScript Project System 
 Java 8 Update 121  
 Microsoft VisualStudio JavaScript Language Service 
 Java version 32-bit out of Date!
 Adobe Flash Player 9 Flash Player out of Date!
 Adobe Flash Player 25.0.0.148  
 Mozilla Firefox (40.0) 
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

 

JunkWare:

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64 
Ran by Dan (Limited) on Sun 05/07/2017 at  2:59:42.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/07/2017 at  3:01:50.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ADWCleaner:

 

Quote

 

 

 

# AdwCleaner v6.046 - Logfile created 07/05/2017 at 03:04:59

# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-05.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Dan - *********
# Running from : C:\Users\Dan\Downloads\adwcleaner_6.046 (1).exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Dan\Documents\Tongbu (tis safe)
Folder Found:  C:\Users\Dan\Documents\vShare (safe too)
Folder Found:  C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp (APNG extension)
 
 
***** [ Files ] *****
 
File Found:  C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehkepjiconegkhpodgoaeamnpckdbblp_0.localstorage
File Found:  C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehkepjiconegkhpodgoaeamnpckdbblp_0.localstorage-journal
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  Chrome Cleanup Tool logs upload retry
 
 
***** [ Registry ] *****
 
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ehkepjiconegkhpodgoaeamnpckdbblp
Chrome pref Found:  [C:\Users\Dan\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences ] - ehkepjiconegkhpodgoaeamnpckdbblp (its an apng extension)
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2868 Bytes] - [05/05/2017 05:33:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [4456 Bytes] - [13/12/2015 03:52:43]
C:\AdwCleaner\AdwCleaner[S2].txt - [2869 Bytes] - [05/04/2017 18:40:50]
C:\AdwCleaner\AdwCleaner[S3].txt - [2831 Bytes] - [05/05/2017 05:29:56]
C:\AdwCleaner\AdwCleaner[S4].txt - [2310 Bytes] - [07/05/2017 03:04:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2383 Bytes] ##########
 
 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:32 AM

Posted 09 May 2017 - 04:54 PM

Welcome :)

 

Please remove Popcorn Time from your programs. It is an Potentially Undesired Program.

 

 

  • Highlight the entire content of the quote box below.

 

Start::  
FirewallRules: [{11CC0481-2979-4EF6-B3AE-FFE536B8CF2B}] => (Allow) LPort=26789
FirewallRules: [{A1AA00C5-BBE7-4E0F-927E-05E4A691E3C8}] => (Allow) LPort=5357
FirewallRules: [{3BA1C1F1-7651-49F4-9FA7-E0CC60113AD6}] => (Allow) LPort=49833
FirewallRules: [{1DE7E987-F972-45DB-A2AD-FE98928C4748}] => (Allow) LPort=5000
GroupPolicy: Restriction <======= ATTENTION
S3 cpuz140; \??\C:\Users\Dan\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
C:\Users\Dan\AppData\Local\Temp\cpuz140
Task: {2893D639-1CF6-4CE4-845F-E3DDB36C12B5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {369D30D4-12F0-4CFD-9BB1-1CD4387242E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {41B1616A-88AF-4114-B9A3-E0D31E347547} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6430A0D3-D118-48A6-9010-AB666E6FA396} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8C1702C4-D47A-49EA-AB75-4A273A77FFAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AAC889DE-50D5-4C15-B799-519E9EB5385F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4AED3FB-AEF9-413F-8D1F-DBDE0B5DA8BC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BA3FEAB3-C333-4C0D-B27E-1DE39DE2941D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D2B66430-F02B-47F3-BCF3-BCF24DEF2F9E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DFEFE7B1-08F9-41E5-9F9D-D27B693E1042} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FCE55197-3B40-4F99-93D0-863A709AFCFE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5C31BD0DDE64}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
Task: {2893D639-1CF6-4CE4-845F-E3DDB36C12B5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {369D30D4-12F0-4CFD-9BB1-1CD4387242E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {41B1616A-88AF-4114-B9A3-E0D31E347547} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6430A0D3-D118-48A6-9010-AB666E6FA396} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8C1702C4-D47A-49EA-AB75-4A273A77FFAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AAC889DE-50D5-4C15-B799-519E9EB5385F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4AED3FB-AEF9-413F-8D1F-DBDE0B5DA8BC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BA3FEAB3-C333-4C0D-B27E-1DE39DE2941D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D2B66430-F02B-47F3-BCF3-BCF24DEF2F9E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DFEFE7B1-08F9-41E5-9F9D-D27B693E1042} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FCE55197-3B40-4F99-93D0-863A709AFCFE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
S3 cpuz140; \??\C:\Users\Dan\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
C:\Users\Dan\AppData\Local\Temp\cpuz140
2017-05-01 01:57 - 2017-05-01 01:57 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign91cd148bffccca8a
2017-05-01 01:57 - 2017-05-01 01:57 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign78591a125d8950c6
2017-05-01 01:57 - 2017-05-01 01:57 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign4b058f35bc1cef40
2017-04-29 06:44 - 2017-04-29 06:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsigndae346f8ac31b21d
2017-04-29 06:44 - 2017-04-29 06:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign5fe7db1ce7e2a527
2017-04-29 06:44 - 2017-04-29 06:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign4e1c21983eaf72ee
2017-04-26 01:23 - 2017-04-26 01:23 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignbd612215ddecc323
2017-04-26 01:23 - 2017-04-26 01:23 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignae44be2165211eb3
2017-04-26 01:23 - 2017-04-26 01:23 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign40806f9318440d1e
2017-04-25 21:44 - 2017-04-25 21:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign50f1621b42d4dfd8
2017-04-25 21:44 - 2017-04-25 21:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign40a12f9ea021f902
2017-04-25 21:44 - 2017-04-25 21:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign152d936a6d4f142f
2017-04-23 00:53 - 2017-04-23 00:53 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignfceb55a1015ffe3c
2017-04-23 00:53 - 2017-04-23 00:53 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign9673a6b24755a437
2017-04-23 00:51 - 2017-04-23 00:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignd70c8108f37d4c78
2017-04-23 00:51 - 2017-04-23 00:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignca67eb5549d7bc0b
2017-04-23 00:51 - 2017-04-23 00:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign1b8620fd2defd84c
2017-04-21 21:30 - 2017-04-21 21:30 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignd2b3d6b6cb432ca7
2017-04-21 21:29 - 2017-04-21 21:29 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign98c4b9bf11036718
2017-04-21 21:29 - 2017-04-21 21:29 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign6287939b807bba03
2017-04-14 06:38 - 2017-04-14 06:38 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsigna4be9e2a738c676a
2017-04-14 06:38 - 2017-04-14 06:38 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign012c71025ad8d483
2017-04-14 06:37 - 2017-04-14 06:37 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignf7980987393f7c39
2017-04-14 06:37 - 2017-04-14 06:37 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsigne4ea28d243449529
2017-04-14 06:37 - 2017-04-14 06:37 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign776956f4ad3cd041
2017-04-13 02:41 - 2017-04-13 02:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignd1addcd5ed7d35f3
2017-04-13 02:41 - 2017-04-13 02:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignc53f63bedfa4c464
2017-04-13 02:41 - 2017-04-13 02:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign3d0e94b9bde484e7
2017-04-13 02:41 - 2017-04-13 02:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign12223771b562d96c
2017-04-13 02:40 - 2017-04-13 02:40 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsigndda6f3adc95b6aa1
2017-04-13 02:40 - 2017-04-13 02:40 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign70976262e7c4547b
2017-04-13 02:40 - 2017-04-13 02:40 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign1ddcc8d188704d94
2017-04-13 02:40 - 2017-04-13 02:40 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign093a22681b726953
2017-04-08 23:41 - 2017-04-08 23:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign64044eb96666f495
2017-04-08 23:41 - 2017-04-08 23:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign206edb6d2a2aabc0
2017-04-18 02:02 - 2017-03-01 23:11 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-03-01 23:11 - 2017-04-18 02:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
2015-03-26 14:48 - 2015-03-26 14:48 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2016-10-21 17:26 - 2016-12-23 23:57 - 0001067 _____ () C:\Users\Dan\AppData\Roaming\syncplay.ini
2016-11-05 17:43 - 2016-11-05 17:43 - 0001456 _____ () C:\Users\Dan\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-13 22:57 - 2016-04-13 22:57 - 0000063 _____ () C:\Users\Dan\AppData\Local\emaildefaults
2016-04-13 22:55 - 2016-04-14 00:25 - 0019871 _____ () C:\Users\Dan\AppData\Local\kritarc
2017-05-04 21:47 - 2017-05-04 21:47 - 0000717 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel
2015-11-14 04:19 - 2017-05-01 02:27 - 0007648 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2015-05-13 03:56 - 2015-05-13 03:56 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-04-06 21:48 - 2017-04-06 21:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-01 00:51 - 2016-11-01 01:11 - 0000030 _____ () C:\ProgramData\droidcam-settings
2017-03-01 23:11 - 2017-04-18 02:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
FirewallRules: [TCP Query User{ABBC418A-F7AA-40D7-BB24-5708E89BC68B}C:\users\dan\appdata\local\temp\joi7aa.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi7aa.tmp\join.me.exe
FirewallRules: [UDP Query User{E4102B65-7641-46A1-BA93-FD09C60F83F5}C:\users\dan\appdata\local\temp\joi7aa.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi7aa.tmp\join.me.exe
FirewallRules: [TCP Query User{333C7A28-8482-4949-B567-9A0C14CF7F4D}C:\users\dan\appdata\local\temp\joi5dc4.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi5dc4.tmp\join.me.exe
FirewallRules: [UDP Query User{7AAED1A1-2F32-43F5-AFC1-4EDDC3C5C0AF}C:\users\dan\appdata\local\temp\joi5dc4.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi5dc4.tmp\join.me.exe
FirewallRules: [TCP Query User{D980341A-2B7C-4D53-B6DD-EFEEEAA352DF}C:\users\dan\appdata\local\temp\joi94cd.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi94cd.tmp\join.me.exe
FirewallRules: [UDP Query User{EE0C9D20-5ED9-4DC1-82E6-B9A47D9753BE}C:\users\dan\appdata\local\temp\joi94cd.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi94cd.tmp\join.me.exe
HOSTS:
CMD: Dir /a:d C:\Users\Dan\AppData\Local\TEMPZXP*
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

 

Please download Zemana AntiMalware and save it to your Desktop.

  • Right-click on the icon and select Run as administrator to install the program.
  • Click Yes to accept the security warning.
  • Once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Click on the Back button.
  • On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.
  • Now click File > Save As, then choose your Desktop and click the Save button.
  • Please attach the saved report in your next reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 09 May 2017 - 09:03 PM

Popcorn Time, removed 

 

Fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017

Ran by Dan (10-05-2017 02:51:21) Run:1
Running from C:\Users\Dan\Downloads
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
  
FirewallRules: [{11CC0481-2979-4EF6-B3AE-FFE536B8CF2B}] => (Allow) LPort=26789
FirewallRules: [{A1AA00C5-BBE7-4E0F-927E-05E4A691E3C8}] => (Allow) LPort=5357
FirewallRules: [{3BA1C1F1-7651-49F4-9FA7-E0CC60113AD6}] => (Allow) LPort=49833
FirewallRules: [{1DE7E987-F972-45DB-A2AD-FE98928C4748}] => (Allow) LPort=5000
GroupPolicy: Restriction <======= ATTENTION
S3 cpuz140; \??\C:\Users\Dan\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
C:\Users\Dan\AppData\Local\Temp\cpuz140
Task: {2893D639-1CF6-4CE4-845F-E3DDB36C12B5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {369D30D4-12F0-4CFD-9BB1-1CD4387242E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {41B1616A-88AF-4114-B9A3-E0D31E347547} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6430A0D3-D118-48A6-9010-AB666E6FA396} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8C1702C4-D47A-49EA-AB75-4A273A77FFAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AAC889DE-50D5-4C15-B799-519E9EB5385F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4AED3FB-AEF9-413F-8D1F-DBDE0B5DA8BC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BA3FEAB3-C333-4C0D-B27E-1DE39DE2941D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D2B66430-F02B-47F3-BCF3-BCF24DEF2F9E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DFEFE7B1-08F9-41E5-9F9D-D27B693E1042} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FCE55197-3B40-4F99-93D0-863A709AFCFE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5C31BD0DDE64}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2016 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
Task: {2893D639-1CF6-4CE4-845F-E3DDB36C12B5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {369D30D4-12F0-4CFD-9BB1-1CD4387242E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {41B1616A-88AF-4114-B9A3-E0D31E347547} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6430A0D3-D118-48A6-9010-AB666E6FA396} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8C1702C4-D47A-49EA-AB75-4A273A77FFAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AAC889DE-50D5-4C15-B799-519E9EB5385F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4AED3FB-AEF9-413F-8D1F-DBDE0B5DA8BC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BA3FEAB3-C333-4C0D-B27E-1DE39DE2941D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D2B66430-F02B-47F3-BCF3-BCF24DEF2F9E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DFEFE7B1-08F9-41E5-9F9D-D27B693E1042} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FCE55197-3B40-4F99-93D0-863A709AFCFE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
S3 cpuz140; \??\C:\Users\Dan\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
C:\Users\Dan\AppData\Local\Temp\cpuz140
2017-05-01 01:57 - 2017-05-01 01:57 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign91cd148bffccca8a
2017-05-01 01:57 - 2017-05-01 01:57 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign78591a125d8950c6
2017-05-01 01:57 - 2017-05-01 01:57 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign4b058f35bc1cef40
2017-04-29 06:44 - 2017-04-29 06:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsigndae346f8ac31b21d
2017-04-29 06:44 - 2017-04-29 06:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign5fe7db1ce7e2a527
2017-04-29 06:44 - 2017-04-29 06:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign4e1c21983eaf72ee
2017-04-26 01:23 - 2017-04-26 01:23 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignbd612215ddecc323
2017-04-26 01:23 - 2017-04-26 01:23 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignae44be2165211eb3
2017-04-26 01:23 - 2017-04-26 01:23 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign40806f9318440d1e
2017-04-25 21:44 - 2017-04-25 21:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign50f1621b42d4dfd8
2017-04-25 21:44 - 2017-04-25 21:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign40a12f9ea021f902
2017-04-25 21:44 - 2017-04-25 21:44 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign152d936a6d4f142f
2017-04-23 00:53 - 2017-04-23 00:53 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignfceb55a1015ffe3c
2017-04-23 00:53 - 2017-04-23 00:53 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign9673a6b24755a437
2017-04-23 00:51 - 2017-04-23 00:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignd70c8108f37d4c78
2017-04-23 00:51 - 2017-04-23 00:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignca67eb5549d7bc0b
2017-04-23 00:51 - 2017-04-23 00:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign1b8620fd2defd84c
2017-04-21 21:30 - 2017-04-21 21:30 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignd2b3d6b6cb432ca7
2017-04-21 21:29 - 2017-04-21 21:29 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign98c4b9bf11036718
2017-04-21 21:29 - 2017-04-21 21:29 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign6287939b807bba03
2017-04-14 06:38 - 2017-04-14 06:38 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsigna4be9e2a738c676a
2017-04-14 06:38 - 2017-04-14 06:38 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign012c71025ad8d483
2017-04-14 06:37 - 2017-04-14 06:37 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignf7980987393f7c39
2017-04-14 06:37 - 2017-04-14 06:37 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsigne4ea28d243449529
2017-04-14 06:37 - 2017-04-14 06:37 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign776956f4ad3cd041
2017-04-13 02:41 - 2017-04-13 02:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignd1addcd5ed7d35f3
2017-04-13 02:41 - 2017-04-13 02:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsignc53f63bedfa4c464
2017-04-13 02:41 - 2017-04-13 02:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign3d0e94b9bde484e7
2017-04-13 02:41 - 2017-04-13 02:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign12223771b562d96c
2017-04-13 02:40 - 2017-04-13 02:40 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsigndda6f3adc95b6aa1
2017-04-13 02:40 - 2017-04-13 02:40 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign70976262e7c4547b
2017-04-13 02:40 - 2017-04-13 02:40 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign1ddcc8d188704d94
2017-04-13 02:40 - 2017-04-13 02:40 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign093a22681b726953
2017-04-08 23:41 - 2017-04-08 23:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign64044eb96666f495
2017-04-08 23:41 - 2017-04-08 23:41 - 00000000 ____D C:\Users\Dan\AppData\Local\Tempzxpsign206edb6d2a2aabc0
2017-04-18 02:02 - 2017-03-01 23:11 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-03-01 23:11 - 2017-04-18 02:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
2015-03-26 14:48 - 2015-03-26 14:48 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2016-10-21 17:26 - 2016-12-23 23:57 - 0001067 _____ () C:\Users\Dan\AppData\Roaming\syncplay.ini
2016-11-05 17:43 - 2016-11-05 17:43 - 0001456 _____ () C:\Users\Dan\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-13 22:57 - 2016-04-13 22:57 - 0000063 _____ () C:\Users\Dan\AppData\Local\emaildefaults
2016-04-13 22:55 - 2016-04-14 00:25 - 0019871 _____ () C:\Users\Dan\AppData\Local\kritarc
2017-05-04 21:47 - 2017-05-04 21:47 - 0000717 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel
2015-11-14 04:19 - 2017-05-01 02:27 - 0007648 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2015-05-13 03:56 - 2015-05-13 03:56 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-04-06 21:48 - 2017-04-06 21:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-01 00:51 - 2016-11-01 01:11 - 0000030 _____ () C:\ProgramData\droidcam-settings
2017-03-01 23:11 - 2017-04-18 02:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
FirewallRules: [TCP Query User{ABBC418A-F7AA-40D7-BB24-5708E89BC68B}C:\users\dan\appdata\local\temp\joi7aa.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi7aa.tmp\join.me.exe
FirewallRules: [UDP Query User{E4102B65-7641-46A1-BA93-FD09C60F83F5}C:\users\dan\appdata\local\temp\joi7aa.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi7aa.tmp\join.me.exe
FirewallRules: [TCP Query User{333C7A28-8482-4949-B567-9A0C14CF7F4D}C:\users\dan\appdata\local\temp\joi5dc4.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi5dc4.tmp\join.me.exe
FirewallRules: [UDP Query User{7AAED1A1-2F32-43F5-AFC1-4EDDC3C5C0AF}C:\users\dan\appdata\local\temp\joi5dc4.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi5dc4.tmp\join.me.exe
FirewallRules: [TCP Query User{D980341A-2B7C-4D53-B6DD-EFEEEAA352DF}C:\users\dan\appdata\local\temp\joi94cd.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi94cd.tmp\join.me.exe
FirewallRules: [UDP Query User{EE0C9D20-5ED9-4DC1-82E6-B9A47D9753BE}C:\users\dan\appdata\local\temp\joi94cd.tmp\join.me.exe] => (Allow) C:\users\dan\appdata\local\temp\joi94cd.tmp\join.me.exe
HOSTS:
CMD: Dir /a:d C:\Users\Dan\AppData\Local\TEMPZXP*
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11CC0481-2979-4EF6-B3AE-FFE536B8CF2B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1AA00C5-BBE7-4E0F-927E-05E4A691E3C8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3BA1C1F1-7651-49F4-9FA7-E0CC60113AD6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DE7E987-F972-45DB-A2AD-FE98928C4748} => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\cpuz140 => key removed successfully
cpuz140 => service removed successfully
"C:\Users\Dan\AppData\Local\Temp\cpuz140" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2893D639-1CF6-4CE4-845F-E3DDB36C12B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2893D639-1CF6-4CE4-845F-E3DDB36C12B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{369D30D4-12F0-4CFD-9BB1-1CD4387242E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{369D30D4-12F0-4CFD-9BB1-1CD4387242E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41B1616A-88AF-4114-B9A3-E0D31E347547} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41B1616A-88AF-4114-B9A3-E0D31E347547} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6430A0D3-D118-48A6-9010-AB666E6FA396} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6430A0D3-D118-48A6-9010-AB666E6FA396} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C1702C4-D47A-49EA-AB75-4A273A77FFAE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C1702C4-D47A-49EA-AB75-4A273A77FFAE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AAC889DE-50D5-4C15-B799-519E9EB5385F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAC889DE-50D5-4C15-B799-519E9EB5385F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4AED3FB-AEF9-413F-8D1F-DBDE0B5DA8BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4AED3FB-AEF9-413F-8D1F-DBDE0B5DA8BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA3FEAB3-C333-4C0D-B27E-1DE39DE2941D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA3FEAB3-C333-4C0D-B27E-1DE39DE2941D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2B66430-F02B-47F3-BCF3-BCF24DEF2F9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2B66430-F02B-47F3-BCF3-BCF24DEF2F9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFEFE7B1-08F9-41E5-9F9D-D27B693E1042} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFEFE7B1-08F9-41E5-9F9D-D27B693E1042} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCE55197-3B40-4F99-93D0-863A709AFCFE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCE55197-3B40-4F99-93D0-863A709AFCFE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741} => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5C31BD0DDE64} => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3} => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKU\S-1-5-21-1985521723-1916319597-3533961473-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2893D639-1CF6-4CE4-845F-E3DDB36C12B5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{369D30D4-12F0-4CFD-9BB1-1CD4387242E9} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41B1616A-88AF-4114-B9A3-E0D31E347547} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6430A0D3-D118-48A6-9010-AB666E6FA396} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C1702C4-D47A-49EA-AB75-4A273A77FFAE} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAC889DE-50D5-4C15-B799-519E9EB5385F} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4AED3FB-AEF9-413F-8D1F-DBDE0B5DA8BC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA3FEAB3-C333-4C0D-B27E-1DE39DE2941D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2B66430-F02B-47F3-BCF3-BCF24DEF2F9E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFEFE7B1-08F9-41E5-9F9D-D27B693E1042} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCE55197-3B40-4F99-93D0-863A709AFCFE} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
cpuz140 => service not found.
"C:\Users\Dan\AppData\Local\Temp\cpuz140" => not found.
C:\Users\Dan\AppData\Local\Tempzxpsign91cd148bffccca8a => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign78591a125d8950c6 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign4b058f35bc1cef40 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigndae346f8ac31b21d => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign5fe7db1ce7e2a527 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign4e1c21983eaf72ee => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignbd612215ddecc323 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignae44be2165211eb3 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign40806f9318440d1e => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign50f1621b42d4dfd8 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign40a12f9ea021f902 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign152d936a6d4f142f => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignfceb55a1015ffe3c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign9673a6b24755a437 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignd70c8108f37d4c78 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignca67eb5549d7bc0b => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign1b8620fd2defd84c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignd2b3d6b6cb432ca7 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign98c4b9bf11036718 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign6287939b807bba03 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigna4be9e2a738c676a => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign012c71025ad8d483 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignf7980987393f7c39 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigne4ea28d243449529 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign776956f4ad3cd041 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignd1addcd5ed7d35f3 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignc53f63bedfa4c464 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign3d0e94b9bde484e7 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign12223771b562d96c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigndda6f3adc95b6aa1 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign70976262e7c4547b => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign1ddcc8d188704d94 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign093a22681b726953 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign64044eb96666f495 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign206edb6d2a2aabc0 => moved successfully
C:\ProgramData\SoftwareUpdateTemp.xml => moved successfully
"C:\ProgramData\SoftwareUpdateTemp.xml" => not found.
C:\Program Files (x86)\Common Files\atimpenc.dll => moved successfully
C:\Users\Dan\AppData\Roaming\syncplay.ini => moved successfully
C:\Users\Dan\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Users\Dan\AppData\Local\emaildefaults => moved successfully
C:\Users\Dan\AppData\Local\kritarc => moved successfully
C:\Users\Dan\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Dan\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\droidcam-settings => moved successfully
"C:\ProgramData\SoftwareUpdateTemp.xml" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{ABBC418A-F7AA-40D7-BB24-5708E89BC68B}C:\users\dan\appdata\local\temp\joi7aa.tmp\join.me.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E4102B65-7641-46A1-BA93-FD09C60F83F5}C:\users\dan\appdata\local\temp\joi7aa.tmp\join.me.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{333C7A28-8482-4949-B567-9A0C14CF7F4D}C:\users\dan\appdata\local\temp\joi5dc4.tmp\join.me.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7AAED1A1-2F32-43F5-AFC1-4EDDC3C5C0AF}C:\users\dan\appdata\local\temp\joi5dc4.tmp\join.me.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D980341A-2B7C-4D53-B6DD-EFEEEAA352DF}C:\users\dan\appdata\local\temp\joi94cd.tmp\join.me.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EE0C9D20-5ED9-4DC1-82E6-B9A47D9753BE}C:\users\dan\appdata\local\temp\joi94cd.tmp\join.me.exe => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= Dir /a:d C:\Users\Dan\AppData\Local\TEMPZXP* =========
 
 Volume in drive C has no label.
 Volume Serial Number is E47B-663F
 
 Directory of C:\Users\Dan\AppData\Local
 
02/16/2017  04:57 AM    <DIR>          Tempzxpsign004422882614ddd5
02/18/2017  11:51 PM    <DIR>          Tempzxpsign03183bf3e2afbd1e
04/07/2017  12:37 AM    <DIR>          Tempzxpsign03811f3fca5c8081
03/01/2017  11:13 PM    <DIR>          Tempzxpsign03c9876970554620
03/24/2017  10:05 PM    <DIR>          Tempzxpsign0491261380df38d1
03/02/2017  04:06 AM    <DIR>          Tempzxpsign098e11ed179bc0bb
03/23/2017  11:10 PM    <DIR>          Tempzxpsign0bc01c3097224fa7
03/06/2017  01:07 AM    <DIR>          Tempzxpsign0bcf27694c609591
04/06/2017  11:09 PM    <DIR>          Tempzxpsign0c831327e2d77e51
02/20/2017  05:42 AM    <DIR>          Tempzxpsign0ddb2ac04ac20c96
03/07/2017  04:51 AM    <DIR>          Tempzxpsign0ec27f221b80ded4
03/21/2017  06:58 PM    <DIR>          Tempzxpsign1647c8043457469a
03/24/2017  10:05 PM    <DIR>          Tempzxpsign190bd08d400aa1d2
03/01/2017  11:13 PM    <DIR>          Tempzxpsign19b8b3b7a0772369
03/07/2017  07:54 AM    <DIR>          Tempzxpsign19d45d59edeb78fc
02/13/2017  09:15 AM    <DIR>          Tempzxpsign231b4b10b542587d
03/24/2017  10:05 PM    <DIR>          Tempzxpsign27866ba84d145be8
03/24/2017  10:05 PM    <DIR>          Tempzxpsign29fa0a008b369d12
03/06/2017  02:24 AM    <DIR>          Tempzxpsign2c287d6f6f84555a
03/21/2017  06:59 PM    <DIR>          Tempzxpsign2c601420b9045500
03/02/2017  04:06 AM    <DIR>          Tempzxpsign2cd80b8ea01404fc
04/07/2017  07:07 PM    <DIR>          Tempzxpsign2e9a0a80fe3e1109
04/06/2017  11:09 PM    <DIR>          Tempzxpsign3030689c7f4c04ff
03/07/2017  07:54 AM    <DIR>          Tempzxpsign315648c276953675
02/13/2017  02:54 AM    <DIR>          Tempzxpsign31749a4850f76ea8
03/11/2017  11:09 PM    <DIR>          Tempzxpsign322a609015b2a07c
03/01/2017  11:13 PM    <DIR>          Tempzxpsign33a0473c79a48d63
03/06/2017  01:07 AM    <DIR>          Tempzxpsign33a24d55f47e5d29
03/06/2017  07:27 AM    <DIR>          Tempzxpsign33ff4a2cdd02ef15
03/11/2017  12:40 AM    <DIR>          Tempzxpsign350e0c3dfe04207b
02/18/2017  11:50 PM    <DIR>          Tempzxpsign38814986a76762ee
03/23/2017  11:11 PM    <DIR>          Tempzxpsign3896601efe302462
02/18/2017  11:50 PM    <DIR>          Tempzxpsign39829977896e1cd2
03/24/2017  10:05 PM    <DIR>          Tempzxpsign3eca8f97d42f034d
02/26/2017  05:44 AM    <DIR>          Tempzxpsign40827d0edb1dd4cb
03/03/2017  10:25 PM    <DIR>          Tempzxpsign434e5f3fb9861d45
03/07/2017  04:51 AM    <DIR>          Tempzxpsign44d89a8ce4e69073
03/06/2017  07:27 AM    <DIR>          Tempzxpsign4c8b68da17f6324b
02/13/2017  02:54 AM    <DIR>          Tempzxpsign4c9ce9f91af694d6
03/07/2017  04:51 AM    <DIR>          Tempzxpsign55d100be82fc09d5
03/11/2017  12:39 AM    <DIR>          Tempzxpsign56ed5eb91a827eb8
02/13/2017  02:55 AM    <DIR>          Tempzxpsign584e85cea66eb2dc
02/13/2017  02:55 AM    <DIR>          Tempzxpsign597e52aa1c23256c
03/07/2017  07:54 AM    <DIR>          Tempzxpsign59fc4f3f2d8f5d20
02/26/2017  05:44 AM    <DIR>          Tempzxpsign5bc33c2022ffab06
03/01/2017  11:13 PM    <DIR>          Tempzxpsign5ce6a511fc7077af
03/07/2017  07:54 AM    <DIR>          Tempzxpsign633ddb6b66e6501c
02/15/2017  12:13 AM    <DIR>          Tempzxpsign6464acdda6dbbb47
03/11/2017  11:09 PM    <DIR>          Tempzxpsign65b17623a3127ad2
03/07/2017  07:55 AM    <DIR>          Tempzxpsign69ee44316bb3cebe
02/15/2017  08:08 AM    <DIR>          Tempzxpsign6b34b6ca6b81972b
04/07/2017  12:37 AM    <DIR>          Tempzxpsign6cea323cef8bdba3
03/11/2017  11:09 PM    <DIR>          Tempzxpsign711db14c2e5550d8
03/06/2017  02:24 AM    <DIR>          Tempzxpsign728bf56b474660ec
03/11/2017  11:09 PM    <DIR>          Tempzxpsign77bca58e1f82d300
03/06/2017  07:27 AM    <DIR>          Tempzxpsign7a760e9f529777c9
04/07/2017  12:37 AM    <DIR>          Tempzxpsign7b125e82286dbd2e
02/15/2017  08:07 AM    <DIR>          Tempzxpsign7e81e14cd13deca7
04/07/2017  07:07 PM    <DIR>          Tempzxpsign7e992d22c838a511
03/17/2017  12:54 AM    <DIR>          Tempzxpsign816edd5ca87bb743
02/13/2017  09:15 AM    <DIR>          Tempzxpsign81ced61aeaa1dc95
02/18/2017  02:44 AM    <DIR>          Tempzxpsign8223127468a6695c
02/18/2017  02:44 AM    <DIR>          Tempzxpsign871313aa4e32caa6
02/18/2017  02:44 AM    <DIR>          Tempzxpsign8739006557e2ab5c
03/11/2017  11:10 PM    <DIR>          Tempzxpsign88fd9022755cb656
02/13/2017  09:15 AM    <DIR>          Tempzxpsign8e935b7358986d1b
03/07/2017  07:54 AM    <DIR>          Tempzxpsign8f11c6471d8df481
02/26/2017  05:44 AM    <DIR>          Tempzxpsign934b5aa40af772cc
02/18/2017  02:44 AM    <DIR>          Tempzxpsign94cfb66170b843f9
03/03/2017  10:24 PM    <DIR>          Tempzxpsign963fad2d5058bdaa
04/06/2017  11:09 PM    <DIR>          Tempzxpsign98baf1440b6bb4c6
02/16/2017  03:19 AM    <DIR>          Tempzxpsign993b3ef1bf512ef5
03/02/2017  04:06 AM    <DIR>          Tempzxpsign9a0bb33a1ede6ace
02/18/2017  11:51 PM    <DIR>          Tempzxpsigna07b280d96747cef
04/06/2017  11:09 PM    <DIR>          Tempzxpsigna5ebd748b9a52b8a
02/15/2017  08:07 AM    <DIR>          Tempzxpsigna810071646d74b0d
02/15/2017  12:13 AM    <DIR>          Tempzxpsigna8d9cb8496ac5f77
03/21/2017  06:58 PM    <DIR>          Tempzxpsignae7a81a84458ef3c
03/06/2017  01:07 AM    <DIR>          Tempzxpsignae85f23580672a2b
03/11/2017  12:39 AM    <DIR>          Tempzxpsignb2e96c5c95114d8c
03/02/2017  04:06 AM    <DIR>          Tempzxpsignb3ea5ebeb041d718
03/21/2017  06:59 PM    <DIR>          Tempzxpsignb55ba511c0df683e
03/17/2017  12:54 AM    <DIR>          Tempzxpsignbaaef2e04d10580c
02/16/2017  03:19 AM    <DIR>          Tempzxpsignc1c406efa1f5e207
03/06/2017  01:07 AM    <DIR>          Tempzxpsignc364046ab4fda095
02/20/2017  05:42 AM    <DIR>          Tempzxpsignc5825ee9cc030391
02/13/2017  02:54 AM    <DIR>          Tempzxpsignc6aeb8160085c5c8
02/20/2017  05:43 AM    <DIR>          Tempzxpsignc86fb441c3a9e6e9
03/11/2017  12:39 AM    <DIR>          Tempzxpsignc9cf7520833f8a01
03/23/2017  11:10 PM    <DIR>          Tempzxpsigncda4b1991981821d
03/02/2017  04:06 AM    <DIR>          Tempzxpsigncf6d4c0e946aa43a
03/07/2017  05:15 AM    <DIR>          Tempzxpsignd181132658520574
04/07/2017  12:37 AM    <DIR>          Tempzxpsigndc01e687c08e894b
03/01/2017  11:13 PM    <DIR>          Tempzxpsigndd604a00d50496a8
02/13/2017  09:15 AM    <DIR>          Tempzxpsigne1a2ce14f85ce5d2
03/03/2017  10:24 PM    <DIR>          Tempzxpsigne214c7e37ae9af2c
03/07/2017  07:54 AM    <DIR>          Tempzxpsigne26dbc45c53143fe
03/17/2017  12:54 AM    <DIR>          Tempzxpsigne38fdeff776d8847
02/18/2017  11:50 PM    <DIR>          Tempzxpsigne54b16b2c4956764
03/21/2017  06:58 PM    <DIR>          Tempzxpsigned3591921ceb3afb
03/11/2017  12:39 AM    <DIR>          Tempzxpsignef39993bbf61c694
               0 File(s)              0 bytes
             101 Dir(s)  68,240,490,496 bytes free
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x8007043c
This service cannot be started in Safe Mode
 
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 352805560 B
Java, Flash, Steam htmlcache => 382200088 B
Windows/system/drivers => 157386965 B
Edge => 38792788 B
Chrome => 873298712 B
Firefox => 228171711 B
Opera => 43349324 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 15982 B
NetworkService => 15427374 B
Dan => 297905007 B
 
RecycleBin => 22740648 B
EmptyTemp: => 2.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 02:54:56 ====

 

I had to reboot to normal boot and maintain internet connection to run Zemana, so anything could happen during the scan process 

 

 

 

Zemana AntiMalware 2.72.2.388 (Installed)

 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/5/10
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-4770 CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 1229E6E79524260699FD2B
Scan Type              : System Scan
Duration               : 60m 24s
Scanned Objects        : 438105
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
adwcleaner_5.024.exe
Status             : Scanned
Object             : %userprofile%\downloads\adwcleaner_5.024.exe
MD5                : 5F9F1E107FCB71AA200C16CE17FF8730
Publisher          : -
Size               : 1738240
Version            : 5.0.2.4
Detection          : Heur.Malicious!Pa
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\adwcleaner_5.024.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0
 

 

I am not quite sure why its infected, other programs like Hitman recocnized FRST as a virus, possible virus injection?



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:32 AM

Posted 10 May 2017 - 03:44 PM

  • Highlight the entire content of the quote box below.

Start::
C:\Users\Dan\AppData\Local\Tempzxpsign004422882614ddd5
C:\Users\Dan\AppData\Local\Tempzxpsign03183bf3e2afbd1e
C:\Users\Dan\AppData\Local\Tempzxpsign03811f3fca5c8081
C:\Users\Dan\AppData\Local\Tempzxpsign03c9876970554620
C:\Users\Dan\AppData\Local\Tempzxpsign0491261380df38d1
C:\Users\Dan\AppData\Local\Tempzxpsign098e11ed179bc0bb
C:\Users\Dan\AppData\Local\Tempzxpsign0bc01c3097224fa7
C:\Users\Dan\AppData\Local\Tempzxpsign0bcf27694c609591
C:\Users\Dan\AppData\Local\Tempzxpsign0c831327e2d77e51
C:\Users\Dan\AppData\Local\Tempzxpsign0ddb2ac04ac20c96
C:\Users\Dan\AppData\Local\Tempzxpsign0ec27f221b80ded4
C:\Users\Dan\AppData\Local\Tempzxpsign1647c8043457469a
C:\Users\Dan\AppData\Local\Tempzxpsign190bd08d400aa1d2
C:\Users\Dan\AppData\Local\Tempzxpsign19b8b3b7a0772369
C:\Users\Dan\AppData\Local\Tempzxpsign19d45d59edeb78fc
C:\Users\Dan\AppData\Local\Tempzxpsign231b4b10b542587d
C:\Users\Dan\AppData\Local\Tempzxpsign27866ba84d145be8
C:\Users\Dan\AppData\Local\Tempzxpsign29fa0a008b369d12
C:\Users\Dan\AppData\Local\Tempzxpsign2c287d6f6f84555a
C:\Users\Dan\AppData\Local\Tempzxpsign2c601420b9045500
C:\Users\Dan\AppData\Local\Tempzxpsign2cd80b8ea01404fc
C:\Users\Dan\AppData\Local\Tempzxpsign2e9a0a80fe3e1109
C:\Users\Dan\AppData\Local\Tempzxpsign3030689c7f4c04ff
C:\Users\Dan\AppData\Local\Tempzxpsign315648c276953675
C:\Users\Dan\AppData\Local\Tempzxpsign31749a4850f76ea8
C:\Users\Dan\AppData\Local\Tempzxpsign322a609015b2a07c
C:\Users\Dan\AppData\Local\Tempzxpsign33a0473c79a48d63
C:\Users\Dan\AppData\Local\Tempzxpsign33a24d55f47e5d29
C:\Users\Dan\AppData\Local\Tempzxpsign33ff4a2cdd02ef15
C:\Users\Dan\AppData\Local\Tempzxpsign350e0c3dfe04207b
C:\Users\Dan\AppData\Local\Tempzxpsign38814986a76762ee
C:\Users\Dan\AppData\Local\Tempzxpsign3896601efe302462
C:\Users\Dan\AppData\Local\Tempzxpsign39829977896e1cd2
C:\Users\Dan\AppData\Local\Tempzxpsign3eca8f97d42f034d
C:\Users\Dan\AppData\Local\Tempzxpsign40827d0edb1dd4cb
C:\Users\Dan\AppData\Local\Tempzxpsign434e5f3fb9861d45
C:\Users\Dan\AppData\Local\Tempzxpsign44d89a8ce4e69073
C:\Users\Dan\AppData\Local\Tempzxpsign4c8b68da17f6324b
C:\Users\Dan\AppData\Local\Tempzxpsign4c9ce9f91af694d6
C:\Users\Dan\AppData\Local\Tempzxpsign55d100be82fc09d5
C:\Users\Dan\AppData\Local\Tempzxpsign56ed5eb91a827eb8
C:\Users\Dan\AppData\Local\Tempzxpsign584e85cea66eb2dc
C:\Users\Dan\AppData\Local\Tempzxpsign597e52aa1c23256c
C:\Users\Dan\AppData\Local\Tempzxpsign59fc4f3f2d8f5d20
C:\Users\Dan\AppData\Local\Tempzxpsign5bc33c2022ffab06
C:\Users\Dan\AppData\Local\Tempzxpsign5ce6a511fc7077af
C:\Users\Dan\AppData\Local\Tempzxpsign633ddb6b66e6501c
C:\Users\Dan\AppData\Local\Tempzxpsign6464acdda6dbbb47
C:\Users\Dan\AppData\Local\Tempzxpsign65b17623a3127ad2
C:\Users\Dan\AppData\Local\Tempzxpsign69ee44316bb3cebe
C:\Users\Dan\AppData\Local\Tempzxpsign6b34b6ca6b81972b
C:\Users\Dan\AppData\Local\Tempzxpsign6cea323cef8bdba3
C:\Users\Dan\AppData\Local\Tempzxpsign711db14c2e5550d8
C:\Users\Dan\AppData\Local\Tempzxpsign728bf56b474660ec
C:\Users\Dan\AppData\Local\Tempzxpsign77bca58e1f82d300
C:\Users\Dan\AppData\Local\Tempzxpsign7a760e9f529777c9
C:\Users\Dan\AppData\Local\Tempzxpsign7b125e82286dbd2e
C:\Users\Dan\AppData\Local\Tempzxpsign7e81e14cd13deca7
C:\Users\Dan\AppData\Local\Tempzxpsign7e992d22c838a511
C:\Users\Dan\AppData\Local\Tempzxpsign816edd5ca87bb743
C:\Users\Dan\AppData\Local\Tempzxpsign81ced61aeaa1dc95
C:\Users\Dan\AppData\Local\Tempzxpsign8223127468a6695c
C:\Users\Dan\AppData\Local\Tempzxpsign871313aa4e32caa6
C:\Users\Dan\AppData\Local\Tempzxpsign8739006557e2ab5c
C:\Users\Dan\AppData\Local\Tempzxpsign88fd9022755cb656
C:\Users\Dan\AppData\Local\Tempzxpsign8e935b7358986d1b
C:\Users\Dan\AppData\Local\Tempzxpsign8f11c6471d8df481
C:\Users\Dan\AppData\Local\Tempzxpsign934b5aa40af772cc
C:\Users\Dan\AppData\Local\Tempzxpsign94cfb66170b843f9
C:\Users\Dan\AppData\Local\Tempzxpsign963fad2d5058bdaa
C:\Users\Dan\AppData\Local\Tempzxpsign98baf1440b6bb4c6
C:\Users\Dan\AppData\Local\Tempzxpsign993b3ef1bf512ef5
C:\Users\Dan\AppData\Local\Tempzxpsign9a0bb33a1ede6ace
C:\Users\Dan\AppData\Local\Tempzxpsigna07b280d96747cef
C:\Users\Dan\AppData\Local\Tempzxpsigna5ebd748b9a52b8a
C:\Users\Dan\AppData\Local\Tempzxpsigna810071646d74b0d
C:\Users\Dan\AppData\Local\Tempzxpsigna8d9cb8496ac5f77
C:\Users\Dan\AppData\Local\Tempzxpsignae7a81a84458ef3c
C:\Users\Dan\AppData\Local\Tempzxpsignae85f23580672a2b
C:\Users\Dan\AppData\Local\Tempzxpsignb2e96c5c95114d8c
C:\Users\Dan\AppData\Local\Tempzxpsignb3ea5ebeb041d718
C:\Users\Dan\AppData\Local\Tempzxpsignb55ba511c0df683e
C:\Users\Dan\AppData\Local\Tempzxpsignbaaef2e04d10580c
C:\Users\Dan\AppData\Local\Tempzxpsignc1c406efa1f5e207
C:\Users\Dan\AppData\Local\Tempzxpsignc364046ab4fda095
C:\Users\Dan\AppData\Local\Tempzxpsignc5825ee9cc030391
C:\Users\Dan\AppData\Local\Tempzxpsignc6aeb8160085c5c8
C:\Users\Dan\AppData\Local\Tempzxpsignc86fb441c3a9e6e9
C:\Users\Dan\AppData\Local\Tempzxpsignc9cf7520833f8a01
C:\Users\Dan\AppData\Local\Tempzxpsigncda4b1991981821d
C:\Users\Dan\AppData\Local\Tempzxpsigncf6d4c0e946aa43a
C:\Users\Dan\AppData\Local\Tempzxpsignd181132658520574
C:\Users\Dan\AppData\Local\Tempzxpsigndc01e687c08e894b
C:\Users\Dan\AppData\Local\Tempzxpsigndd604a00d50496a8
C:\Users\Dan\AppData\Local\Tempzxpsigne1a2ce14f85ce5d2
C:\Users\Dan\AppData\Local\Tempzxpsigne214c7e37ae9af2c
C:\Users\Dan\AppData\Local\Tempzxpsigne26dbc45c53143fe
C:\Users\Dan\AppData\Local\Tempzxpsigne38fdeff776d8847
C:\Users\Dan\AppData\Local\Tempzxpsigne54b16b2c4956764
C:\Users\Dan\AppData\Local\Tempzxpsigned3591921ceb3afb
C:\Users\Dan\AppData\Local\Tempzxpsignef39993bbf61c694
End::

  • Right click on it and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 10 May 2017 - 04:19 PM

Log:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017

Ran by Dan (11-05-2017 00:16:57) Run:2
Running from C:\Users\Dan\Downloads
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
 
C:\Users\Dan\AppData\Local\Tempzxpsign004422882614ddd5
C:\Users\Dan\AppData\Local\Tempzxpsign03183bf3e2afbd1e
C:\Users\Dan\AppData\Local\Tempzxpsign03811f3fca5c8081
C:\Users\Dan\AppData\Local\Tempzxpsign03c9876970554620
C:\Users\Dan\AppData\Local\Tempzxpsign0491261380df38d1
C:\Users\Dan\AppData\Local\Tempzxpsign098e11ed179bc0bb
C:\Users\Dan\AppData\Local\Tempzxpsign0bc01c3097224fa7
C:\Users\Dan\AppData\Local\Tempzxpsign0bcf27694c609591
C:\Users\Dan\AppData\Local\Tempzxpsign0c831327e2d77e51
C:\Users\Dan\AppData\Local\Tempzxpsign0ddb2ac04ac20c96
C:\Users\Dan\AppData\Local\Tempzxpsign0ec27f221b80ded4
C:\Users\Dan\AppData\Local\Tempzxpsign1647c8043457469a
C:\Users\Dan\AppData\Local\Tempzxpsign190bd08d400aa1d2
C:\Users\Dan\AppData\Local\Tempzxpsign19b8b3b7a0772369
C:\Users\Dan\AppData\Local\Tempzxpsign19d45d59edeb78fc
C:\Users\Dan\AppData\Local\Tempzxpsign231b4b10b542587d
C:\Users\Dan\AppData\Local\Tempzxpsign27866ba84d145be8
C:\Users\Dan\AppData\Local\Tempzxpsign29fa0a008b369d12
C:\Users\Dan\AppData\Local\Tempzxpsign2c287d6f6f84555a
C:\Users\Dan\AppData\Local\Tempzxpsign2c601420b9045500
C:\Users\Dan\AppData\Local\Tempzxpsign2cd80b8ea01404fc
C:\Users\Dan\AppData\Local\Tempzxpsign2e9a0a80fe3e1109
C:\Users\Dan\AppData\Local\Tempzxpsign3030689c7f4c04ff
C:\Users\Dan\AppData\Local\Tempzxpsign315648c276953675
C:\Users\Dan\AppData\Local\Tempzxpsign31749a4850f76ea8
C:\Users\Dan\AppData\Local\Tempzxpsign322a609015b2a07c
C:\Users\Dan\AppData\Local\Tempzxpsign33a0473c79a48d63
C:\Users\Dan\AppData\Local\Tempzxpsign33a24d55f47e5d29
C:\Users\Dan\AppData\Local\Tempzxpsign33ff4a2cdd02ef15
C:\Users\Dan\AppData\Local\Tempzxpsign350e0c3dfe04207b
C:\Users\Dan\AppData\Local\Tempzxpsign38814986a76762ee
C:\Users\Dan\AppData\Local\Tempzxpsign3896601efe302462
C:\Users\Dan\AppData\Local\Tempzxpsign39829977896e1cd2
C:\Users\Dan\AppData\Local\Tempzxpsign3eca8f97d42f034d
C:\Users\Dan\AppData\Local\Tempzxpsign40827d0edb1dd4cb
C:\Users\Dan\AppData\Local\Tempzxpsign434e5f3fb9861d45
C:\Users\Dan\AppData\Local\Tempzxpsign44d89a8ce4e69073
C:\Users\Dan\AppData\Local\Tempzxpsign4c8b68da17f6324b
C:\Users\Dan\AppData\Local\Tempzxpsign4c9ce9f91af694d6
C:\Users\Dan\AppData\Local\Tempzxpsign55d100be82fc09d5
C:\Users\Dan\AppData\Local\Tempzxpsign56ed5eb91a827eb8
C:\Users\Dan\AppData\Local\Tempzxpsign584e85cea66eb2dc
C:\Users\Dan\AppData\Local\Tempzxpsign597e52aa1c23256c
C:\Users\Dan\AppData\Local\Tempzxpsign59fc4f3f2d8f5d20
C:\Users\Dan\AppData\Local\Tempzxpsign5bc33c2022ffab06
C:\Users\Dan\AppData\Local\Tempzxpsign5ce6a511fc7077af
C:\Users\Dan\AppData\Local\Tempzxpsign633ddb6b66e6501c
C:\Users\Dan\AppData\Local\Tempzxpsign6464acdda6dbbb47
C:\Users\Dan\AppData\Local\Tempzxpsign65b17623a3127ad2
C:\Users\Dan\AppData\Local\Tempzxpsign69ee44316bb3cebe
C:\Users\Dan\AppData\Local\Tempzxpsign6b34b6ca6b81972b
C:\Users\Dan\AppData\Local\Tempzxpsign6cea323cef8bdba3
C:\Users\Dan\AppData\Local\Tempzxpsign711db14c2e5550d8
C:\Users\Dan\AppData\Local\Tempzxpsign728bf56b474660ec
C:\Users\Dan\AppData\Local\Tempzxpsign77bca58e1f82d300
C:\Users\Dan\AppData\Local\Tempzxpsign7a760e9f529777c9
C:\Users\Dan\AppData\Local\Tempzxpsign7b125e82286dbd2e
C:\Users\Dan\AppData\Local\Tempzxpsign7e81e14cd13deca7
C:\Users\Dan\AppData\Local\Tempzxpsign7e992d22c838a511
C:\Users\Dan\AppData\Local\Tempzxpsign816edd5ca87bb743
C:\Users\Dan\AppData\Local\Tempzxpsign81ced61aeaa1dc95
C:\Users\Dan\AppData\Local\Tempzxpsign8223127468a6695c
C:\Users\Dan\AppData\Local\Tempzxpsign871313aa4e32caa6
C:\Users\Dan\AppData\Local\Tempzxpsign8739006557e2ab5c
C:\Users\Dan\AppData\Local\Tempzxpsign88fd9022755cb656
C:\Users\Dan\AppData\Local\Tempzxpsign8e935b7358986d1b
C:\Users\Dan\AppData\Local\Tempzxpsign8f11c6471d8df481
C:\Users\Dan\AppData\Local\Tempzxpsign934b5aa40af772cc
C:\Users\Dan\AppData\Local\Tempzxpsign94cfb66170b843f9
C:\Users\Dan\AppData\Local\Tempzxpsign963fad2d5058bdaa
C:\Users\Dan\AppData\Local\Tempzxpsign98baf1440b6bb4c6
C:\Users\Dan\AppData\Local\Tempzxpsign993b3ef1bf512ef5
C:\Users\Dan\AppData\Local\Tempzxpsign9a0bb33a1ede6ace
C:\Users\Dan\AppData\Local\Tempzxpsigna07b280d96747cef
C:\Users\Dan\AppData\Local\Tempzxpsigna5ebd748b9a52b8a
C:\Users\Dan\AppData\Local\Tempzxpsigna810071646d74b0d
C:\Users\Dan\AppData\Local\Tempzxpsigna8d9cb8496ac5f77
C:\Users\Dan\AppData\Local\Tempzxpsignae7a81a84458ef3c
C:\Users\Dan\AppData\Local\Tempzxpsignae85f23580672a2b
C:\Users\Dan\AppData\Local\Tempzxpsignb2e96c5c95114d8c
C:\Users\Dan\AppData\Local\Tempzxpsignb3ea5ebeb041d718
C:\Users\Dan\AppData\Local\Tempzxpsignb55ba511c0df683e
C:\Users\Dan\AppData\Local\Tempzxpsignbaaef2e04d10580c
C:\Users\Dan\AppData\Local\Tempzxpsignc1c406efa1f5e207
C:\Users\Dan\AppData\Local\Tempzxpsignc364046ab4fda095
C:\Users\Dan\AppData\Local\Tempzxpsignc5825ee9cc030391
C:\Users\Dan\AppData\Local\Tempzxpsignc6aeb8160085c5c8
C:\Users\Dan\AppData\Local\Tempzxpsignc86fb441c3a9e6e9
C:\Users\Dan\AppData\Local\Tempzxpsignc9cf7520833f8a01
C:\Users\Dan\AppData\Local\Tempzxpsigncda4b1991981821d
C:\Users\Dan\AppData\Local\Tempzxpsigncf6d4c0e946aa43a
C:\Users\Dan\AppData\Local\Tempzxpsignd181132658520574
C:\Users\Dan\AppData\Local\Tempzxpsigndc01e687c08e894b
C:\Users\Dan\AppData\Local\Tempzxpsigndd604a00d50496a8
C:\Users\Dan\AppData\Local\Tempzxpsigne1a2ce14f85ce5d2
C:\Users\Dan\AppData\Local\Tempzxpsigne214c7e37ae9af2c
C:\Users\Dan\AppData\Local\Tempzxpsigne26dbc45c53143fe
C:\Users\Dan\AppData\Local\Tempzxpsigne38fdeff776d8847
C:\Users\Dan\AppData\Local\Tempzxpsigne54b16b2c4956764
C:\Users\Dan\AppData\Local\Tempzxpsigned3591921ceb3afb
C:\Users\Dan\AppData\Local\Tempzxpsignef39993bbf61c694
 
*****************
 
C:\Users\Dan\AppData\Local\Tempzxpsign004422882614ddd5 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign03183bf3e2afbd1e => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign03811f3fca5c8081 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign03c9876970554620 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign0491261380df38d1 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign098e11ed179bc0bb => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign0bc01c3097224fa7 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign0bcf27694c609591 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign0c831327e2d77e51 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign0ddb2ac04ac20c96 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign0ec27f221b80ded4 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign1647c8043457469a => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign190bd08d400aa1d2 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign19b8b3b7a0772369 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign19d45d59edeb78fc => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign231b4b10b542587d => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign27866ba84d145be8 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign29fa0a008b369d12 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign2c287d6f6f84555a => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign2c601420b9045500 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign2cd80b8ea01404fc => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign2e9a0a80fe3e1109 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign3030689c7f4c04ff => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign315648c276953675 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign31749a4850f76ea8 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign322a609015b2a07c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign33a0473c79a48d63 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign33a24d55f47e5d29 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign33ff4a2cdd02ef15 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign350e0c3dfe04207b => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign38814986a76762ee => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign3896601efe302462 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign39829977896e1cd2 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign3eca8f97d42f034d => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign40827d0edb1dd4cb => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign434e5f3fb9861d45 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign44d89a8ce4e69073 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign4c8b68da17f6324b => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign4c9ce9f91af694d6 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign55d100be82fc09d5 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign56ed5eb91a827eb8 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign584e85cea66eb2dc => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign597e52aa1c23256c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign59fc4f3f2d8f5d20 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign5bc33c2022ffab06 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign5ce6a511fc7077af => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign633ddb6b66e6501c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign6464acdda6dbbb47 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign65b17623a3127ad2 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign69ee44316bb3cebe => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign6b34b6ca6b81972b => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign6cea323cef8bdba3 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign711db14c2e5550d8 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign728bf56b474660ec => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign77bca58e1f82d300 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign7a760e9f529777c9 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign7b125e82286dbd2e => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign7e81e14cd13deca7 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign7e992d22c838a511 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign816edd5ca87bb743 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign81ced61aeaa1dc95 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign8223127468a6695c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign871313aa4e32caa6 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign8739006557e2ab5c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign88fd9022755cb656 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign8e935b7358986d1b => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign8f11c6471d8df481 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign934b5aa40af772cc => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign94cfb66170b843f9 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign963fad2d5058bdaa => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign98baf1440b6bb4c6 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign993b3ef1bf512ef5 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsign9a0bb33a1ede6ace => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigna07b280d96747cef => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigna5ebd748b9a52b8a => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigna810071646d74b0d => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigna8d9cb8496ac5f77 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignae7a81a84458ef3c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignae85f23580672a2b => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignb2e96c5c95114d8c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignb3ea5ebeb041d718 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignb55ba511c0df683e => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignbaaef2e04d10580c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignc1c406efa1f5e207 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignc364046ab4fda095 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignc5825ee9cc030391 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignc6aeb8160085c5c8 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignc86fb441c3a9e6e9 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignc9cf7520833f8a01 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigncda4b1991981821d => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigncf6d4c0e946aa43a => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignd181132658520574 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigndc01e687c08e894b => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigndd604a00d50496a8 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigne1a2ce14f85ce5d2 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigne214c7e37ae9af2c => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigne26dbc45c53143fe => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigne38fdeff776d8847 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigne54b16b2c4956764 => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsigned3591921ceb3afb => moved successfully
C:\Users\Dan\AppData\Local\Tempzxpsignef39993bbf61c694 => moved successfully
 
==== End of Fixlog 00:16:59 ====

 

And haha, same as before, I am still in safe mode and theres still all remote related services still running in the task manager

Thank you for assisting me!! if things dont work out, I guess i will have to rely on a fresh install! 



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:32 AM

Posted 10 May 2017 - 04:29 PM

Can you boot in Normal mode?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 10 May 2017 - 04:31 PM

What should I do in normal mode?



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:32 AM

Posted 10 May 2017 - 07:59 PM

Running fixes and scans are more effective in Normal Mode. Are you in Safe Mode for Security reasons or because the computer cant start in Normal Mode?

  • Highlight the entire content of the quote box below.

Start::  
CMD: Tasklist
CMD: NetStart
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 10 May 2017 - 08:21 PM

I am in safe mode for security reasons, afraid the longer im exposed the deeper the damage would be, especially if it already seems like i have learned a bunch of scans which might alert the attacker and act cautiously.

But yeah, youre right, I should do run the scans in normal boot since all the services and the malicious activities are running along with the startup (also I dont have any suspicious programs at my startup list)

I should run all scans again but in safe mode, unfortunately I'll have to spear most of my online work on mobile haha, but its whatever, I have a good strong functioning phone!

 

If all of the scans wouldnt find anything, I assume my best resort is to instal a new operating system, might as well hook up my spare HDD I backed up most of my documents after an incredible bitcoin miner attack I had two years ago, I kinda miss my old files and work but I havent gotten to connect the hard drive yet because I felt like I was in risk of infecting my computer again just in case if one of my files were loaded with a miner package.

I did make sure to backup my files in safe mode, I made sure to full format the hardisk, scan all the files and transfer them to the HDD, but I feel like just scanning it with malware bytes or the default windows defender anti virus wasnt enough since they couldnt identify the bitcoin miner to begin with, I dont really know what to use in order to scan my backup hdd.

 

The bitcoin miner I had were inhabiting around my appdata files and was using wscript, I lost my fight against it and had to unfortunately install a fresh OC

 

but oh well, I will try to perform all possible scans in normal boot and come back to you guys!! <3



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:32 AM

Posted 10 May 2017 - 09:17 PM

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 11 May 2017 - 03:46 PM

I have run all these in safe mode haha, I also ran Malwarebytes, ESET and HitmanPro, no results 

 

Also any ideas or recommended ways to scan a spare hardisk for boincoin miners\crypto-virus or it's leftovers?

I plan on using the hardisk in the future but I want to be sure that neither the files (if encrypted by the virus) or the hardrive itself is infected haha

Attached Files



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:32 AM

Posted 11 May 2017 - 06:51 PM

You seem to have ran all these programs, but failed to remove what was detected. I would suggest you run Adwcleaner and Roguekiller and remove what was detected. In addition, I would like to see a fixlog.txt on our request on post #9.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 11 May 2017 - 07:02 PM

Oh shoot! I totally forgot to do that! like that thing you asked me in post #9, im gonna do that now!

And what did it detect? if it was the suspicious Windows Security, I didnt choose to remove it, I thought I should have posted the log first before performing any removal!



#15 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:32 AM

Posted 11 May 2017 - 07:28 PM

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017

Ran by Dan (12-05-2017 03:17:07) Run:5
Running from C:\Users\Dan\Downloads
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
CMD: Tasklist
CMD: NetStart
 
*****************
 
 
========= Tasklist =========
 
 
Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0          8 K
System                           4 Services                   0     13,908 K
smss.exe                       448 Services                   0        956 K
csrss.exe                      624 Services                   0      4,728 K
wininit.exe                    760 Services                   0      6,196 K
csrss.exe                      768 Console                    1      5,776 K
services.exe                   840 Services                   0     10,816 K
lsass.exe                      860 Services                   0     12,784 K
winlogon.exe                   936 Console                    1      9,196 K
svchost.exe                     96 Services                   0      3,556 K
svchost.exe                    412 Services                   0     23,016 K
fontdrvhost.exe                552 Services                   0     12,760 K
fontdrvhost.exe                572 Console                    1     35,536 K
svchost.exe                    416 Services                   0     11,112 K
svchost.exe                   1056 Services                   0      8,600 K
dwm.exe                       1136 Console                    1     60,912 K
svchost.exe                   1216 Services                   0     11,564 K
svchost.exe                   1240 Services                   0      5,752 K
svchost.exe                   1276 Services                   0      9,108 K
svchost.exe                   1384 Services                   0      8,860 K
svchost.exe                   1392 Services                   0     10,460 K
svchost.exe                   1484 Services                   0      5,692 K
WUDFHost.exe                  1504 Services                   0      9,912 K
atiesrxx.exe                  1520 Services                   0      5,716 K
svchost.exe                   1540 Services                   0     15,868 K
svchost.exe                   1636 Services                   0     15,108 K
svchost.exe                   1760 Services                   0     10,172 K
svchost.exe                   1852 Services                   0      7,596 K
svchost.exe                   1876 Services                   0      6,648 K
svchost.exe                   2008 Services                   0      8,012 K
svchost.exe                   1080 Services                   0      9,380 K
svchost.exe                   1660 Services                   0      5,488 K
svchost.exe                   2052 Services                   0      8,636 K
svchost.exe                   2060 Services                   0      7,384 K
svchost.exe                   2156 Services                   0      7,804 K
igfxCUIService.exe            2180 Services                   0      8,488 K
atieclxx.exe                  2200 Console                    1     10,276 K
svchost.exe                   2244 Services                   0      8,592 K
svchost.exe                   2252 Services                   0      7,384 K
svchost.exe                   2316 Services                   0     16,676 K
svchost.exe                   2368 Services                   0      8,480 K
svchost.exe                   2396 Services                   0     10,720 K
svchost.exe                   2456 Services                   0      6,920 K
svchost.exe                   2508 Services                   0      6,664 K
svchost.exe                   2572 Services                   0      7,592 K
svchost.exe                   2728 Services                   0      6,160 K
svchost.exe                   2800 Services                   0      8,504 K
svchost.exe                   2972 Services                   0     12,168 K
WTabletServicePro.exe         3008 Services                   0      7,120 K
svchost.exe                   3040 Services                   0     19,156 K
hmpsched.exe                  1664 Services                   0      5,684 K
svchost.exe                   2348 Services                   0      7,008 K
svchost.exe                   1316 Services                   0     13,940 K
svchost.exe                   3080 Services                   0      6,640 K
svchost.exe                   3144 Services                   0     13,040 K
svchost.exe                   3204 Services                   0      5,684 K
svchost.exe                   3212 Services                   0      6,920 K
svchost.exe                   3292 Services                   0     12,972 K
spoolsv.exe                   3532 Services                   0     16,672 K
WmiPrvSE.exe                  3772 Services                   0     15,084 K
svchost.exe                   3900 Services                   0      5,864 K
svchost.exe                   3980 Services                   0      9,308 K
svchost.exe                   4092 Services                   0     11,968 K
armsvc.exe                    3936 Services                   0      6,392 K
AdAppMgrSvc.exe               2748 Services                   0     14,644 K
AdobeUpdateService.exe        4104 Services                   0      8,400 K
AGSService.exe                4112 Services                   0     14,248 K
mDNSResponder.exe             4120 Services                   0      6,084 K
DbxSvc.exe                    4128 Services                   0      6,012 K
svchost.exe                   4144 Services                   0     10,988 K
svchost.exe                   4160 Services                   0     18,908 K
GamingHotkey_Service.exe      4180 Services                   0      6,924 K
AppleMobileDeviceService.     4196 Services                   0     12,152 K
MBAMService.exe               4216 Services                   0     39,944 K
MSI_ActiveX_Service.exe       4304 Services                   0     23,768 K
svchost.exe                   4356 Services                   0      7,792 K
OriginWebHelperService.ex     4372 Services                   0     22,280 K
PnkBstrA.exe                  4384 Services                   0      6,376 K
RzSDKService.exe              4396 Services                   0      7,072 K
plays_service.exe             4404 Services                   0     29,580 K
GameScannerService.exe        4424 Services                   0     34,648 K
RzSurroundVADStreamingSer     4472 Services                   0     16,964 K
sqlwriter.exe                 4544 Services                   0      7,536 K
svchost.exe                   4572 Services                   0     94,784 K
ss_conn_service.exe           4580 Services                   0      6,332 K
svchost.exe                   4596 Services                   0     11,328 K
svchost.exe                   4612 Services                   0     15,488 K
svchost.exe                   4632 Services                   0      5,344 K
svchost.exe                   4640 Services                   0     16,840 K
WsAppService.exe              4660 Services                   0     26,468 K
MsMpEng.exe                   4672 Services                   0    186,868 K
SecurityHealthService.exe     5028 Services                   0     10,700 K
svchost.exe                   5288 Services                   0      5,204 K
Memory Compression            5320 Services                   0          4 K
dasHost.exe                   5356 Services                   0      9,044 K
svchost.exe                   5416 Services                   0      8,924 K
svchost.exe                   5476 Services                   0      5,484 K
svchost.exe                   5592 Services                   0      6,988 K
ZAM.exe                       5636 Services                   0     15,940 K
VideoCardMonitorII.exe        5924 Console                    1     46,880 K
EyeRest.exe                   5944 Console                    1     33,772 K
NahimicMonitor.exe            5952 Console                    1     27,352 K
TriggerModeMonitor.exe        5960 Console                    1     31,696 K
audiodg.exe                   6228 Services                   0     18,600 K
WmiPrvSE.exe                  6636 Services                   0      9,300 K
WmiPrvSE.exe                  6840 Services                   0      9,780 K
HitmanPro_x64.exe             1248 Console                    1      8,800 K
sihost.exe                    1980 Console                    1     22,016 K
svchost.exe                   2084 Console                    1     18,548 K
svchost.exe                   2324 Console                    1     23,948 K
MsiGamingOSD_x64.exe          3304 Console                    1     15,284 K
taskhostw.exe                 3732 Console                    1     17,248 K
MsiGamingOSD_x86.exe          3788 Console                    1      6,152 K
GoogleCrashHandler.exe        4208 Services                   0        108 K
GoogleCrashHandler64.exe      4452 Services                   0         48 K
muachost.exe                  4504 Console                    1      1,624 K
svchost.exe                   5556 Services                   0     18,336 K
Wacom_TabletUser.exe          3832 Console                    1      7,820 K
WacomHost.exe                  792 Console                    1     10,868 K
Wacom_Tablet.exe              2028 Console                    1     25,460 K
igfxEM.exe                    3152 Console                    1     11,984 K
Wacom_TouchUser.exe            564 Console                    1     12,696 K
explorer.exe                  7308 Console                    1    124,100 K
svchost.exe                   1904 Services                   0     17,424 K
ShellExperienceHost.exe       8180 Console                    1     72,472 K
SearchUI.exe                  4960 Console                    1     87,208 K
RuntimeBroker.exe             7364 Console                    1     18,624 K
SearchIndexer.exe             7568 Services                   0     29,852 K
svchost.exe                   7860 Services                   0     16,568 K
smartscreen.exe               7688 Console                    1     21,968 K
MSASCuiL.exe                  1052 Console                    1      9,064 K
RtkNGUI64.exe                 8688 Console                    1     13,216 K
iTunesHelper.exe              8828 Console                    1     15,004 K
mbamtray.exe                  7648 Console                    1     32,352 K
SearchProtocolHost.exe        8280 Services                   0      9,480 K
ZAM.exe                       3156 Console                    1     38,204 K
iPodService.exe               9100 Services                   0      8,044 K
ScanToPCActivationApp.exe     4044 Console                    1     15,480 K
LeapControlPanel.exe          8748 Console                    1     42,224 K
amddvr.exe                    7760 Console                    1      8,532 K
Skype.exe                     8872 Console                    1    132,976 K
ShareX.exe                    8712 Console                    1     49,212 K
Creative Cloud.exe            8948 Console                    1     63,208 K
hpwuschd2.exe                 8188 Console                    1      6,056 K
AdobeIPCBroker.exe             848 Console                    1     10,392 K
vmonproc.exe                  3972 Console                    1     12,200 K
Dropbox.exe                   1420 Console                    1    101,928 K
RzSynapse.exe                 2956 Console                    1     97,940 K
SketchManager.exe             8172 Console                    1     33,524 K
acrotray.exe                  6916 Console                    1      7,744 K
jusched.exe                   4956 Console                    1      7,180 K
vicamon.exe                   1152 Console                    1      4,944 K
chrome.exe                    8412 Console                    1    152,872 K
chrome.exe                   10196 Console                    1      8,920 K
chrome.exe                    9648 Console                    1      9,708 K
chrome.exe                    9728 Console                    1     82,960 K
svchost.exe                   9132 Console                    1     28,192 K
chrome.exe                   10156 Console                    1     58,716 K
chrome.exe                   10068 Console                    1     31,796 K
chrome.exe                   10148 Console                    1     33,016 K
chrome.exe                   10140 Console                    1    124,344 K
NisSrv.exe                    5880 Services                   0        304 K
amdow.exe                    10184 Console                    1      6,984 K
AdAppMgr.exe                  9836 Console                    1     52,316 K
chrome.exe                    9896 Console                    1     47,248 K
RzStats.Manager.exe          10912 Console                    1     56,160 K
Adobe Desktop Service.exe    10052 Console                    1     39,216 K
Adobe CEF Helper.exe         10704 Console                    1     56,940 K
mbam.exe                     10296 Console                    1     78,964 K
Adobe CEF Helper.exe         10712 Console                    1     27,140 K
CoreSync.exe                 10544 Console                    1     27,464 K
CCXProcess.exe               10648 Console                    1      2,472 K
node.exe                      9508 Console                    1     55,340 K
conhost.exe                  10372 Console                    1      5,824 K
RazerIngameEngine.exe         1112 Console                    1     10,364 K
RadeonSettings.exe           10780 Console                    1      3,404 K
rzcefrenderprocess.exe       10840 Console                    1     22,276 K
SkypeHost.exe                 3996 Console                    1     10,176 K
svchost.exe                  11696 Services                   0      8,644 K
SearchFilterHost.exe         11288 Services                   0      6,216 K
svchost.exe                   8564 Services                   0     12,096 K
Taskmgr.exe                  12052 Console                    1     43,612 K
notepad.exe                  11664 Console                    1     15,680 K
dllhost.exe                   9764 Console                    1      6,376 K
dllhost.exe                  11656 Services                   0      6,040 K
FRST64 (1).exe               11376 Console                    1     33,284 K
cmd.exe                      11904 Console                    1      2,928 K
conhost.exe                  10772 Console                    1      7,684 K
tasklist.exe                 11268 Console                    1      7,944 K
 
========= End of CMD: =========
 
 
========= NetStart =========
 
'NetStart' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
==== End of Fixlog 03:17:07 ====

 

seems like the Netstart command didnt work out too well haha






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users