Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OH BOY- Here we go again HELP REQUEST


  • Please log in to reply
2 replies to this topic

#1 SenorSySoP

SenorSySoP

  • Members
  • 107 posts
  • ONLINE
  •  
  • Local time:12:15 PM

Posted 20 January 2018 - 12:50 AM

This PC was clean a month ago.  I have everything running and am very careful but I believe it is once again acting up even after a fresh install.   What is happening is the computer will sit idle and then all of the sudden the fans kick on and the cpu gets maxed out and it will keep going like that for hours.   Then my anti virus gets turned off and my firewall turned off when they are usually on.   This is so frustrating so I back here to for some assistance please.    Frst scan below and an RKILL log for your perusal.  Thanks.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by asuspc (19-01-2018 23:48:40)
Running from C:\Users\asuspc\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-23 17:28:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-750800953-1317498452-842231029-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-750800953-1317498452-842231029-503 - Limited - Disabled)
Guest (S-1-5-21-750800953-1317498452-842231029-501 - Limited - Enabled)
asuspc (S-1-5-21-750800953-1317498452-842231029-1001 - Administrator - Enabled) => C:\Users\asuspc
WDAGUtilityAccount (S-1-5-21-750800953-1317498452-842231029-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.12.00 - ASUSTeK Computer Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.80 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IPVanish (HKLM\...\{37C6D801-BF83-4EA4-9859-109E92625352}) (Version: 3.1.0.0 - IPVanish) Hidden
IPVanish (HKLM-x32\...\IPVanish 3.1.0.0) (Version: 3.1.0.0 - IPVanish)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R6 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.148 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-750800953-1317498452-842231029-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-11-24] (McAfee, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-11-24] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06151BE1-9A1F-4106-AB0F-29F20B77864A} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-18] (McAfee, LLC.)
Task: {141F1F9D-CA58-4F5D-8F74-C3820BDA2F82} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2016-03-24] ()
Task: {23794351-E431-4FF5-A447-51853708A81B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {3EFE2403-96BC-4305-A148-D4CCAA5F7D6F} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4E7071FC-6D3E-46E4-ADCD-48224DC42E38} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2016-03-24] (ASUSTeK Computer Inc.)
Task: {650E15BA-7643-4642-B9E0-95871C35D276} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
Task: {72CF063F-5CCF-4BBE-9805-48AD65DEDE23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {80FD0286-9FD6-404A-90DB-A93CBD484926} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {92AB5663-96C9-4D6C-A008-E8F7CAAB1A57} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {942282BE-C3EF-4771-B8BB-F356EB72F1D4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {BCF464F9-9E6F-4A2A-BC24-76D2D22D8376} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C92229F6-F6B2-4607-A08C-2E644AFBA54D} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {CE86A807-34E9-46FF-BCD6-F7D333F76C96} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {D5014823-55C8-4EB0-9B75-49844A5761A1} - System32\Tasks\IPVanish.VpnClient => C:\Program Files\IPVanish VPN\IPVanishLauncher.exe [2017-10-04] (IPVanish)
Task: {DBC79ED6-31C4-4CCA-8C84-27317C1EB08F} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-09-11] (McAfee, Inc.)
Task: {E7C50DE8-C41C-4380-B06E-E8CF73F98717} - System32\Tasks\S-1-5-21-750800953-1317498452-842231029-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-12-17 22:31 - 2017-12-17 22:31 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 002459648 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2018-01-03 21:20 - 2017-12-07 12:15 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2018-01-03 21:20 - 2017-12-07 12:15 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-01-09 00:45 - 2018-01-09 00:45 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-18 20:04 - 2018-01-18 20:05 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-18 20:04 - 2018-01-18 20:05 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-18 20:04 - 2018-01-18 20:06 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 20:53 - 2018-01-03 20:53 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-21 08:06 - 2017-12-21 08:06 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2017-12-17 22:31 - 2018-01-09 01:05 - 000026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2017-12-17 22:31 - 2017-12-17 22:27 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 068214160 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libcef.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 003112848 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libglesv2.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 000089488 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-750800953-1317498452-842231029-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD10889B-E87D-4C1A-8A15-26D60718FA64}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B32B807A-15F5-49D6-B2E2-CB5ED55AF673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{38021F4C-AE2E-4A29-A99B-81B6D2F8652C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{A95ADE6D-1735-47D6-93DB-E2821B90509D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95C08E15-9C95-42E3-B302-2C21967FB71B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75789C9F-7575-4DE8-8C24-3916348E8256}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{686DA45C-2A2B-42AF-B0C3-B938923C3851}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C12FF8F-B6BA-47DA-AC94-C7CBC872856B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3FA582FC-6978-413A-83A9-ACF87799092C}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4E911E83-6E43-4E5C-B47A-6CD2B18138EE}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{53DCA057-1124-4A18-832E-038AACF9CEA2}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{A2A8C3F7-34E8-4D7F-B4AE-F06F2EC24F93}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{FBFE5F93-3E79-4E91-935E-49743106A723}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{BDBB9CCD-1CE3-453A-B933-AC29C5CF0555}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{3E46CBA1-A047-4EFC-9A5B-56B2CAFF9FD4}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{C15C7BD4-A002-4362-8D3A-FFED1CAE2E82}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{25F12F4C-65A7-4ECF-9170-F2AE922622C0}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{FEE381D4-597A-4B8A-A81D-9B06CAED4B86}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{4F7BB0D5-80B8-44F7-AA3E-05091AA6C8C9}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{CEDCB809-A434-4AE2-BF23-7211A451755B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{1635EEAF-47BC-4C6B-A8D2-80B583F6B189}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3A6A9B91-5595-4B13-ABFC-C68772EF98B3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{54566ECE-4858-4227-AF5E-F47654135BD3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{F515FECC-C363-4B2A-A78C-7C53FFE53195}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{048B0903-9F90-4E99-82F1-06EEE789B2E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{656D14BE-825D-4C68-8675-56D0B3C22134}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7CFDEC8F-041D-4FCF-857B-0D15F5EE3706}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{479B989D-C0FF-4053-8035-CB3569C3F9D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{33EBB0A8-9E8D-47BE-88D9-C70108BDE9C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E8307EE8-7086-4C0A-BC86-9828EA45BCA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{07EAE897-8FD5-4C47-B6E7-09FFFB4D411A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{41846A3E-3B56-45AC-9D59-961ACF7B92CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A277D10B-C1B3-4967-8B3D-5539A1E86EE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{1F2D2C78-4F81-4AAD-A157-838F659BAD79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{53BABD03-C30D-4854-B458-F37144C665F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F2F69574-8377-4188-95B3-48D3C10CBF17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{941B6379-B984-4859-9A33-D7CBE8672D2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{61108F5A-69EB-4016-A599-361528087CC6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9A69599D-D266-4355-B84A-B1FD0FF09DAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6BDC83E6-AD1A-4187-BE02-E8E58E942A10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F44DA6E-A4C0-49D9-9428-C901156D66A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{2E9F3C89-C32F-40F3-B5C1-57795E251FA3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D735EBAE-E5B9-4B05-9083-3C18FE967E70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{94A8F514-B428-4585-9ED0-C477CDAAA994}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe

==================== Restore Points =========================

10-01-2018 00:46:44 Windows Update
10-01-2018 00:47:32 Windows Update
18-01-2018 20:20:54 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2018 08:12:39 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4CF44528-A3F6-4180-B458-379702BD8824}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 1168.

Error: (01/13/2018 03:13:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TAINOHATUEYASUS)
Description: Package Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (01/13/2018 02:18:15 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={87C5A303-77FB-4F64-BFC9-0F284BFD62A5}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 807.

Error: (01/12/2018 08:11:33 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={BE71A87B-5A9F-4A8F-94F2-1425DC4A3AED}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1168.

Error: (01/12/2018 07:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IPVanish.VpnClient.exe version 3.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2938

Start Time: 01d38bfa577c6dd8

Termination Time: 140

Application Path: C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe

Report Id: a058fbf9-1536-4e7b-bc70-846f6330ae9f

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2018 11:59:47 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={41A5F511-AC40-4525-B2A3-5BD0E76B6065}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1232.

Error: (01/09/2018 01:38:46 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TAINOHATUEYASUS)
Description: InputApp_cw5n1h2txyewy-2147024891

Error: (01/09/2018 01:02:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64(1).exe version 2.1.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: a70

Start Time: 01d389176ba587d6

Termination Time: 50834

Application Path: C:\Users\asuspc\Downloads\FRST64(1).exe

Report Id: 26aae7b0-031a-4b13-a047-e1fa54a1e967

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2018 01:02:17 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/09/2018 01:01:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {22a06a2f-81f1-4504-995b-42d78a462720}

System errors:
=============
Error: (01/19/2018 11:42:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/19/2018 11:30:36 PM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (01/18/2018 08:08:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/18/2018 08:05:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic.

Error: (01/18/2018 07:59:19 PM) (Source: DCOM) (EventID: 10016) (User: TAINOHATUEYASUS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user TAINOHATUEYASUS\asuspc SID (S-1-5-21-750800953-1317498452-842231029-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2018 04:26:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:29 AM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2018-01-04 08:43:40.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:43:40.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:39:28.981
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:38:09.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:45.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:43.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:40.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:38.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:30.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:28.130
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD A10-6700 APU with Radeon™ HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 11467.45 MB
Available physical RAM: 7761.77 MB
Total Virtual: 13195.45 MB
Available Virtual: 8565.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.53 GB) (Free:1819.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 404F7E32)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by asuspc (19-01-2018 23:48:40)
Running from C:\Users\asuspc\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-23 17:28:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-750800953-1317498452-842231029-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-750800953-1317498452-842231029-503 - Limited - Disabled)
Guest (S-1-5-21-750800953-1317498452-842231029-501 - Limited - Enabled)
asuspc (S-1-5-21-750800953-1317498452-842231029-1001 - Administrator - Enabled) => C:\Users\asuspc
WDAGUtilityAccount (S-1-5-21-750800953-1317498452-842231029-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.12.00 - ASUSTeK Computer Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.80 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IPVanish (HKLM\...\{37C6D801-BF83-4EA4-9859-109E92625352}) (Version: 3.1.0.0 - IPVanish) Hidden
IPVanish (HKLM-x32\...\IPVanish 3.1.0.0) (Version: 3.1.0.0 - IPVanish)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R6 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.148 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-750800953-1317498452-842231029-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-11-24] (McAfee, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-11-24] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06151BE1-9A1F-4106-AB0F-29F20B77864A} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-18] (McAfee, LLC.)
Task: {141F1F9D-CA58-4F5D-8F74-C3820BDA2F82} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2016-03-24] ()
Task: {23794351-E431-4FF5-A447-51853708A81B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {3EFE2403-96BC-4305-A148-D4CCAA5F7D6F} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4E7071FC-6D3E-46E4-ADCD-48224DC42E38} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2016-03-24] (ASUSTeK Computer Inc.)
Task: {650E15BA-7643-4642-B9E0-95871C35D276} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
Task: {72CF063F-5CCF-4BBE-9805-48AD65DEDE23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {80FD0286-9FD6-404A-90DB-A93CBD484926} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {92AB5663-96C9-4D6C-A008-E8F7CAAB1A57} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {942282BE-C3EF-4771-B8BB-F356EB72F1D4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {BCF464F9-9E6F-4A2A-BC24-76D2D22D8376} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C92229F6-F6B2-4607-A08C-2E644AFBA54D} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {CE86A807-34E9-46FF-BCD6-F7D333F76C96} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {D5014823-55C8-4EB0-9B75-49844A5761A1} - System32\Tasks\IPVanish.VpnClient => C:\Program Files\IPVanish VPN\IPVanishLauncher.exe [2017-10-04] (IPVanish)
Task: {DBC79ED6-31C4-4CCA-8C84-27317C1EB08F} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-09-11] (McAfee, Inc.)
Task: {E7C50DE8-C41C-4380-B06E-E8CF73F98717} - System32\Tasks\S-1-5-21-750800953-1317498452-842231029-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-12-17 22:31 - 2017-12-17 22:31 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 002459648 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2018-01-03 21:20 - 2017-12-07 12:15 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2018-01-03 21:20 - 2017-12-07 12:15 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-01-09 00:45 - 2018-01-09 00:45 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-18 20:04 - 2018-01-18 20:05 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-18 20:04 - 2018-01-18 20:05 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-18 20:04 - 2018-01-18 20:06 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 20:53 - 2018-01-03 20:53 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-21 08:06 - 2017-12-21 08:06 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2017-12-17 22:31 - 2018-01-09 01:05 - 000026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2017-12-17 22:31 - 2017-12-17 22:27 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 068214160 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libcef.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 003112848 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libglesv2.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 000089488 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-750800953-1317498452-842231029-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD10889B-E87D-4C1A-8A15-26D60718FA64}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B32B807A-15F5-49D6-B2E2-CB5ED55AF673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{38021F4C-AE2E-4A29-A99B-81B6D2F8652C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{A95ADE6D-1735-47D6-93DB-E2821B90509D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95C08E15-9C95-42E3-B302-2C21967FB71B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75789C9F-7575-4DE8-8C24-3916348E8256}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{686DA45C-2A2B-42AF-B0C3-B938923C3851}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C12FF8F-B6BA-47DA-AC94-C7CBC872856B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3FA582FC-6978-413A-83A9-ACF87799092C}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4E911E83-6E43-4E5C-B47A-6CD2B18138EE}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{53DCA057-1124-4A18-832E-038AACF9CEA2}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{A2A8C3F7-34E8-4D7F-B4AE-F06F2EC24F93}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{FBFE5F93-3E79-4E91-935E-49743106A723}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{BDBB9CCD-1CE3-453A-B933-AC29C5CF0555}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{3E46CBA1-A047-4EFC-9A5B-56B2CAFF9FD4}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{C15C7BD4-A002-4362-8D3A-FFED1CAE2E82}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{25F12F4C-65A7-4ECF-9170-F2AE922622C0}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{FEE381D4-597A-4B8A-A81D-9B06CAED4B86}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{4F7BB0D5-80B8-44F7-AA3E-05091AA6C8C9}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{CEDCB809-A434-4AE2-BF23-7211A451755B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{1635EEAF-47BC-4C6B-A8D2-80B583F6B189}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3A6A9B91-5595-4B13-ABFC-C68772EF98B3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{54566ECE-4858-4227-AF5E-F47654135BD3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{F515FECC-C363-4B2A-A78C-7C53FFE53195}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{048B0903-9F90-4E99-82F1-06EEE789B2E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{656D14BE-825D-4C68-8675-56D0B3C22134}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7CFDEC8F-041D-4FCF-857B-0D15F5EE3706}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{479B989D-C0FF-4053-8035-CB3569C3F9D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{33EBB0A8-9E8D-47BE-88D9-C70108BDE9C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E8307EE8-7086-4C0A-BC86-9828EA45BCA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{07EAE897-8FD5-4C47-B6E7-09FFFB4D411A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{41846A3E-3B56-45AC-9D59-961ACF7B92CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A277D10B-C1B3-4967-8B3D-5539A1E86EE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{1F2D2C78-4F81-4AAD-A157-838F659BAD79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{53BABD03-C30D-4854-B458-F37144C665F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F2F69574-8377-4188-95B3-48D3C10CBF17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{941B6379-B984-4859-9A33-D7CBE8672D2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{61108F5A-69EB-4016-A599-361528087CC6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9A69599D-D266-4355-B84A-B1FD0FF09DAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6BDC83E6-AD1A-4187-BE02-E8E58E942A10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F44DA6E-A4C0-49D9-9428-C901156D66A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{2E9F3C89-C32F-40F3-B5C1-57795E251FA3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D735EBAE-E5B9-4B05-9083-3C18FE967E70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{94A8F514-B428-4585-9ED0-C477CDAAA994}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe

==================== Restore Points =========================

10-01-2018 00:46:44 Windows Update
10-01-2018 00:47:32 Windows Update
18-01-2018 20:20:54 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2018 08:12:39 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4CF44528-A3F6-4180-B458-379702BD8824}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 1168.

Error: (01/13/2018 03:13:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TAINOHATUEYASUS)
Description: Package Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (01/13/2018 02:18:15 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={87C5A303-77FB-4F64-BFC9-0F284BFD62A5}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 807.

Error: (01/12/2018 08:11:33 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={BE71A87B-5A9F-4A8F-94F2-1425DC4A3AED}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1168.

Error: (01/12/2018 07:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IPVanish.VpnClient.exe version 3.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2938

Start Time: 01d38bfa577c6dd8

Termination Time: 140

Application Path: C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe

Report Id: a058fbf9-1536-4e7b-bc70-846f6330ae9f

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2018 11:59:47 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={41A5F511-AC40-4525-B2A3-5BD0E76B6065}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1232.

Error: (01/09/2018 01:38:46 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TAINOHATUEYASUS)
Description: InputApp_cw5n1h2txyewy-2147024891

Error: (01/09/2018 01:02:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64(1).exe version 2.1.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: a70

Start Time: 01d389176ba587d6

Termination Time: 50834

Application Path: C:\Users\asuspc\Downloads\FRST64(1).exe

Report Id: 26aae7b0-031a-4b13-a047-e1fa54a1e967

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2018 01:02:17 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/09/2018 01:01:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {22a06a2f-81f1-4504-995b-42d78a462720}

System errors:
=============
Error: (01/19/2018 11:42:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/19/2018 11:30:36 PM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (01/18/2018 08:08:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/18/2018 08:05:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic.

Error: (01/18/2018 07:59:19 PM) (Source: DCOM) (EventID: 10016) (User: TAINOHATUEYASUS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user TAINOHATUEYASUS\asuspc SID (S-1-5-21-750800953-1317498452-842231029-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2018 04:26:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:29 AM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2018-01-04 08:43:40.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:43:40.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:39:28.981
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:38:09.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:45.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:43.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:40.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:38.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:30.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:28.130
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD A10-6700 APU with Radeon™ HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 11467.45 MB
Available physical RAM: 7761.77 MB
Total Virtual: 13195.45 MB
Available Virtual: 8565.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.53 GB) (Free:1819.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 404F7E32)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:15 PM

Posted Today, 11:36 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--- ---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 107 posts
  • ONLINE
  •  
  • Local time:12:15 PM

Posted Today, 03:06 PM

got it. will do today. were you able to gleen anything from the scan logs? The frst log was already in




3 user(s) are reading this topic

1 members, 2 guests, 0 anonymous users


    SenorSySoP