Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Losing Hope


  • This topic is locked This topic is locked
4 replies to this topic

#1 Synthhead

Synthhead

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 29 January 2018 - 01:36 AM

ALL SOLVED THREAD CAN BE REMOVED


Edited by Synthhead, 29 January 2018 - 08:09 AM.


BC AdBot (Login to Remove)

 


#2 Synthhead

Synthhead
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 29 January 2018 - 03:03 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Wavelab (administrator) on WAVELAB-PC (29-01-2018 08:40:32)
Running from H:\
Loaded Profiles: Wavelab &  (Available Profiles: Wavelab)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SuperAnti\SASCORE64.EXE
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(RME) C:\Windows\System32\fireface.exe
(RME) C:\Windows\System32\TotalMixFX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FirefaceTray] => C:\Windows\system32\fireface.exe [431600 2017-01-17] (RME)
HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [23946216 2017-01-17] (RME)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-10-21] (Realtek Semiconductor)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
Startup: C:\Users\Wavelab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SCTraymenu.exe [2015-05-30] (g3n-h@ckm@n)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{72DD5137-EBDA-4CFD-8BCB-3334B4AC5A6A}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1385869084-107249528-879815655-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1385869084-107249528-879815655-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070250911 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070251445 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FireFox:
========
FF ProfilePath: C:\Users\Wavelab\AppData\Roaming\Mozilla\Firefox\Profiles\cu0efs3v.default-1484477594839 [2018-01-29]
FF Extension: (uBlock Origin) - C:\Users\Wavelab\AppData\Roaming\Mozilla\Firefox\Profiles\cu0efs3v.default-1484477594839\Extensions\uBlock0@raymondhill.net.xpi [2018-01-13]
FF Extension: (ChatZilla) - C:\Users\Wavelab\AppData\Roaming\Mozilla\Firefox\Profiles\cu0efs3v.default-1484477594839\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2017-02-23] [Legacy]
FF Extension: (NoScript) - C:\Users\Wavelab\AppData\Roaming\Mozilla\Firefox\Profiles\cu0efs3v.default-1484477594839\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-01-10]
FF Extension: (User-Agent Switcher) - C:\Users\Wavelab\AppData\Roaming\Mozilla\Firefox\Profiles\cu0efs3v.default-1484477594839\Extensions\{75afe46a-7a50-4c6b-b866-c43a1075b071}.xpi [2018-01-27]
FF Extension: (DownThemAll!) - C:\Users\Wavelab\AppData\Roaming\Mozilla\Firefox\Profiles\cu0efs3v.default-1484477594839\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-01-31] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SuperAnti\SASCORE64.EXE [173472 2017-04-12] (SUPERAntiSpyware.com)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CLAVIAUSB64; C:\Windows\System32\drivers\ClaviaUSB64.sys [23424 2014-12-07] (Clavia DMI AB)
R3 DDMF_Audio; C:\Windows\System32\drivers\DDMFaudio.sys [28584 2012-01-11] (DDMF)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-23] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 fireface64; C:\Windows\System32\drivers\fireface_64.sys [135072 2017-01-17] (RME)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [52832 2013-11-04] (hxxp://libusb-win32.sourceforge.net)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-29] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-29] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-29] (Malwarebytes)
S3 PORTMON; C:\Users\Wavelab\Desktop\Sysinternals\FileSick.com-Microsoft Sysinternals Suite September 11, 2014\PORTMSYS.SYS [28656 2015-12-09] (Systems Internals) [File not signed]
R1 SASDIFSV; C:\Program Files\SuperAnti\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SuperAnti\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-10-21] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-01-28] ()
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-02-19] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-02-19] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-29 08:40 - 2018-01-29 08:40 - 000000000 ____D C:\FRST
2018-01-28 18:10 - 2018-01-29 06:56 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-28 13:06 - 2018-01-28 13:06 - 000001890 _____ C:\Windows\diagwrn.xml
2018-01-28 13:06 - 2018-01-28 13:06 - 000001890 _____ C:\Windows\diagerr.xml
2018-01-28 10:05 - 2018-01-29 00:17 - 000000000 _____ C:\Recovery.txt
2018-01-28 09:03 - 2018-01-28 09:03 - 000000000 ____D C:\Users\Wavelab\AppData\Roaming\Bitdefender
2018-01-28 08:56 - 2018-01-28 08:56 - 000208798 _____ C:\ProgramData\1517125992.bdinstall.bin
2018-01-28 08:05 - 2018-01-28 08:05 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET24B0.tmp
2018-01-28 08:02 - 2018-01-28 08:44 - 000000861 _____ C:\bdlog.txt
2018-01-28 07:59 - 2018-01-28 07:59 - 002186383 _____ C:\ProgramData\1517122103.bdinstall.bin
2018-01-28 07:57 - 2018-01-28 07:57 - 000000000 ____D C:\ProgramData\bdch
2018-01-28 07:55 - 2018-01-28 08:04 - 000000000 ____D C:\ProgramData\BDLogging
2018-01-28 07:55 - 2018-01-28 07:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2018-01-28 07:55 - 2007-04-11 11:11 - 000511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2018-01-28 07:54 - 2018-01-28 08:55 - 000000000 ____D C:\ProgramData\Bitdefender
2018-01-28 07:49 - 2018-01-28 07:49 - 000000000 ____D C:\Users\Wavelab\AppData\Roaming\QuickScan
2018-01-28 07:48 - 2018-01-28 09:04 - 000000000 ____D C:\Program Files\Bitdefender
2018-01-28 07:48 - 2018-01-28 08:55 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2018-01-28 07:13 - 2018-01-29 06:56 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-28 06:40 - 2018-01-28 06:40 - 008656400 _____ (Trend Micro Inc.) C:\Users\Wavelab\Downloads\RootkitBuster_v5_1061.exe
2018-01-28 06:40 - 2018-01-28 06:40 - 000000000 ____D C:\Users\Wavelab\Pavark
2018-01-28 06:40 - 2018-01-28 06:40 - 000000000 ____D C:\Users\Wavelab\Downloads\TMRBLog
2018-01-28 06:39 - 2018-01-28 06:39 - 001020640 _____ C:\Users\Wavelab\Downloads\antirootkit.exe
2018-01-28 00:05 - 2018-01-28 00:05 - 000000118 ___RH C:\Users\Wavelab\Downloads\Stinger.opt
2018-01-28 00:03 - 2018-01-28 00:04 - 000000993 _____ C:\Users\Wavelab\Downloads\Stinger_28012018_000303.html
2018-01-28 00:03 - 2018-01-28 00:03 - 000000000 ____D C:\Quarantine
2018-01-28 00:02 - 2018-01-28 00:05 - 000000000 ____D C:\Program Files (x86)\stinger
2018-01-28 00:02 - 2018-01-28 00:02 - 000000000 ____D C:\Program Files\McAfee
2018-01-27 23:53 - 2018-01-27 23:53 - 016875832 _____ (McAfee Inc) C:\Users\Wavelab\Downloads\stinger32.exe
2018-01-27 23:42 - 2018-01-28 00:06 - 036412224 _____ (Adlice Software ) C:\Users\Wavelab\Downloads\RogueKiller_setup_ref3.exe
2018-01-27 23:28 - 2018-01-27 23:28 - 000000000 ____D C:\ProgramData\Emsisoft
2018-01-27 23:27 - 2018-01-27 23:38 - 000000000 ____D C:\EEK
2018-01-27 23:26 - 2018-01-27 23:27 - 313149096 _____ C:\Users\Wavelab\Downloads\EmsisoftEmergencyKit.exe
2018-01-27 23:25 - 2018-01-27 23:25 - 189406632 _____ (Sophos Limited) C:\Users\Wavelab\Downloads\Sophos Virus Removal Tool.exe
2018-01-27 23:22 - 2018-01-27 23:22 - 001317153 _____ C:\ComboFix.txt
2018-01-27 23:11 - 2018-01-27 23:22 - 000000000 ____D C:\ComboFix
2018-01-27 23:11 - 2011-06-26 07:45 - 000256000 _____ C:\Windows\PEV.exe
2018-01-27 23:11 - 2010-11-07 18:20 - 000208896 _____ C:\Windows\MBR.exe
2018-01-27 23:11 - 2009-04-20 05:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-01-27 23:11 - 2000-08-31 01:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-01-27 23:11 - 2000-08-31 01:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-01-27 23:11 - 2000-08-31 01:00 - 000098816 _____ C:\Windows\sed.exe
2018-01-27 23:11 - 2000-08-31 01:00 - 000080412 _____ C:\Windows\grep.exe
2018-01-27 23:11 - 2000-08-31 01:00 - 000068096 _____ C:\Windows\zip.exe
2018-01-27 23:09 - 2018-01-27 23:09 - 005660870 ____R (Swearware) C:\Users\Wavelab\Downloads\ComboFix.exe
2018-01-27 23:08 - 2018-01-27 23:10 - 000001780 _____ C:\Users\Wavelab\Desktop\Rkill.txt
2018-01-27 23:08 - 2018-01-27 23:08 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Wavelab\Downloads\rkill.exe
2018-01-27 22:49 - 2018-01-27 23:06 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-27 21:52 - 2018-01-28 14:23 - 000807976 _____ C:\Windows\ntbtlog.txt
2018-01-27 19:23 - 2018-01-27 19:23 - 000063568 _____ C:\Users\Wavelab\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-27 17:35 - 2018-01-27 17:35 - 000293656 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-19 05:28 - 2018-01-19 06:33 - 000000000 ____D C:\Users\Wavelab\Downloads\PopcornTime
2018-01-16 01:58 - 2018-01-16 02:10 - 036635323 _____ C:\Users\Wavelab\Downloads\Sonible.SmartEQ.Live.v1.0.1.HAPPY.NEW.YEAR-R2R.rar
2018-01-14 22:01 - 2018-01-19 17:17 - 000000000 ____D C:\Users\Wavelab\Desktop\Wren 2018
2018-01-14 04:02 - 2018-01-14 04:02 - 000000108 _____ C:\Users\Wavelab\Documents\Gabe Music Theory Update.txt
2018-01-12 22:19 - 2018-01-12 22:19 - 011659104 _____ C:\Users\Wavelab\Downloads\basketball_stereo_175.wav
2018-01-09 16:11 - 2018-01-09 16:11 - 000000000 ____D C:\Users\Wavelab\AppData\Local\Apps\2.0
2018-01-08 04:03 - 2018-01-08 04:03 - 000026482 _____ C:\Users\Wavelab\Desktop\Gabbe BPM Not Matte gradvis.wav.reapeaks
2018-01-08 02:37 - 2018-01-08 02:37 - 000096666 _____ C:\Users\Wavelab\Desktop\Gabe SFX 2.wav.reapeaks
2018-01-08 02:37 - 2018-01-08 02:37 - 000088218 _____ C:\Users\Wavelab\Desktop\Gabe SFX 3.wav.reapeaks
2018-01-08 02:35 - 2018-01-08 02:35 - 000104042 _____ C:\Users\Wavelab\Desktop\gabbe melodic2.wav.reapeaks
2018-01-08 02:33 - 2018-01-08 02:33 - 000253914 _____ C:\Users\Wavelab\Desktop\Gabe - Welcome To The MadHouse.wav.reapeaks
2018-01-08 02:32 - 2018-01-08 02:32 - 000202898 _____ C:\Users\Wavelab\Desktop\Gabe Orchestral Intro Turned Into Madness16.wav.reapeaks
2018-01-08 02:32 - 2018-01-08 02:32 - 000050762 _____ C:\Users\Wavelab\Desktop\Gabe lill lol v3.wav.reapeaks
2018-01-08 02:31 - 2018-01-08 02:31 - 000205466 _____ C:\Users\Wavelab\Desktop\Gabe agggg_7.wav.reapeaks
2018-01-08 02:30 - 2018-01-08 02:30 - 000064570 _____ C:\Users\Wavelab\Desktop\Gabbe Nu Sound FX.wav.reapeaks
2018-01-08 02:30 - 2018-01-08 02:30 - 000029618 _____ C:\Users\Wavelab\Desktop\Gabbe Sound Effect HQ.wav.reapeaks
2018-01-08 02:29 - 2018-01-08 02:29 - 000826186 _____ C:\Users\Wavelab\Desktop\Gabbe Ambient Drone.wav.reapeaks
2018-01-08 02:29 - 2018-01-08 02:29 - 000016954 _____ C:\Users\Wavelab\Desktop\Gabbe lalzzz.wav.reapeaks
2018-01-08 02:28 - 2018-01-08 02:28 - 000363234 _____ C:\Users\Wavelab\Desktop\Gabe Ambient.wav.reapeaks

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-29 08:42 - 2016-02-09 16:35 - 000046618 _____ C:\Windows\ZAM.krnl.trace
2018-01-29 08:42 - 2016-02-09 16:35 - 000015789 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-01-29 08:30 - 2014-10-21 00:14 - 000000000 ____D C:\Users\Wavelab
2018-01-29 08:28 - 2016-11-18 18:28 - 000000000 ____D C:\Users\Wavelab\AppData\LocalLow\Mozilla
2018-01-29 07:04 - 2009-07-14 05:45 - 000016384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-29 07:04 - 2009-07-14 05:45 - 000016384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-29 06:56 - 2017-12-18 08:00 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-29 06:56 - 2017-12-18 08:00 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-29 06:56 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-28 15:40 - 2009-07-14 06:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-28 09:00 - 2015-09-04 14:42 - 000000000 ____D C:\ProgramData\Sophos
2018-01-28 08:58 - 2015-05-19 19:10 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-28 08:07 - 2015-04-26 15:14 - 000000000 ____D C:\Users\Wavelab\AppData\Local\CrashDumps
2018-01-28 07:56 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-28 07:38 - 2015-03-18 23:32 - 000000000 ____D C:\Users\Wavelab\AppData\Roaming\BitComet
2018-01-28 07:28 - 2014-10-21 00:47 - 000000000 ____D C:\Users\Wavelab\AppData\Roaming\Skype
2018-01-28 07:17 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-28 07:09 - 2014-10-27 04:22 - 000000000 ____D C:\Program Files\SuperAnti
2018-01-28 00:07 - 2015-04-25 22:58 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-01-27 23:39 - 2015-03-10 20:51 - 000000000 ____D C:\AdwCleaner
2018-01-27 23:38 - 2016-07-21 09:31 - 008206624 _____ (Malwarebytes) C:\Users\Wavelab\Downloads\AdwCleaner.exe
2018-01-27 23:22 - 2016-06-26 21:29 - 000000000 ____D C:\Qoobox
2018-01-27 23:20 - 2009-07-14 03:34 - 000000215 _____ C:\Windows\system.ini
2018-01-27 21:00 - 2016-09-07 15:49 - 000000000 ____D C:\Program Files\CCleaner
2018-01-27 20:14 - 2014-10-21 11:05 - 000000000 ____D C:\Users\Wavelab\AppData\Local\AntiLogger Free
2018-01-27 14:59 - 2015-12-25 10:59 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-27 10:00 - 2014-10-21 01:37 - 000000000 ____D C:\Users\Wavelab\AppData\Roaming\vlc
2018-01-27 06:38 - 2017-05-01 21:08 - 000000000 ____D C:\Users\Public\Documents\ExponentialAudioLogs
2018-01-27 03:07 - 2017-04-08 18:00 - 000000000 ____D C:\Users\Wavelab\Documents\OpenRCT2
2018-01-25 07:44 - 2015-08-18 19:46 - 000000000 ____D C:\Users\Wavelab\AppData\Roaming\REAPER
2018-01-20 12:34 - 2017-07-31 06:35 - 000000000 ____D C:\Users\Wavelab\Desktop\g
2018-01-19 05:34 - 2017-07-14 11:31 - 000004103 _____ C:\Users\Wavelab\g wc3 code.txt
2018-01-17 21:52 - 2015-09-23 18:18 - 000000000 ____D C:\Users\Wavelab\AppData\Roaming\Celemony Software GmbH
2018-01-15 10:15 - 2015-08-18 22:59 - 000000000 ____D C:\Users\Wavelab\Documents\REAPER Media
2018-01-12 19:55 - 2016-11-18 11:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-12 19:55 - 2016-02-17 14:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-09 16:13 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-01-08 03:41 - 2015-03-01 19:12 - 000000000 ____D C:\Users\Wavelab\Desktop\kind
2017-12-31 12:26 - 2016-10-22 03:42 - 000000000 ____D C:\Users\Wavelab\AppData\Roaming\IrcamLab TS

==================== Files in the root of some directories =======

2016-06-12 16:05 - 2015-04-16 16:00 - 009304064 _____ (Plugin Alliance) C:\ProgramData\Dynamic Spectrum Mapper V2.dll
2014-12-23 07:01 - 2017-11-23 02:29 - 000000755 _____ () C:\Users\Wavelab\AppData\Roaming\buttrc
2017-03-30 17:05 - 2017-03-30 17:05 - 000000218 _____ () C:\Users\Wavelab\AppData\Local\recently-used.xbel
2016-02-28 15:18 - 2017-11-20 01:39 - 000007609 _____ () C:\Users\Wavelab\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-01-28 00:06 - 2016-10-11 16:34 - 001732864 _____ (Microsoft Corporation) C:\Users\Wavelab\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-28 11:00

==================== End of FRST.txt ============================




Addition log



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Wavelab (29-01-2018 08:44:33)
Running from H:\
Windows 7 Ultimate Service Pack 1 (X64) (2014-10-20 23:14:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1385869084-107249528-879815655-500 - Administrator - Disabled)
Guest (S-1-5-21-1385869084-107249528-879815655-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1385869084-107249528-879815655-1002 - Limited - Enabled)
Wavelab (S-1-5-21-1385869084-107249528-879815655-1000 - Administrator - Enabled) => C:\Users\Wavelab

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
BazzISM2 VST2 2.4.9 (HKLM-x32\...\BazzISM2 VST2) (Version: 2.4.9 - intelligent sounds and music)
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CodeBlocks (HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
CodeBlocks (HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CoreAVC Professional Edition (remove only) (HKLM-x32\...\CoreAVC Professional Edition) (Version:  - )
DMGAudio EQuilibrium 1.54 (HKLM-x32\...\DMGAudio EQuilibrium_is1) (Version:  - DMGAudio)
DMGAudio Limitless 1.01 (HKLM-x32\...\DMGAudio Limitless_is1) (Version:  - DMGAudio)
Eventide Ensemble Bundle (HKLM-x32\...\Eventide Ensemble Bundle) (Version: 1.0.7 - Eventide)
FabFilter Total Bundle (HKLM\...\Total Bundle_is1) (Version: 2016.11.10 - FabFilter)
ffdshow x64 v1.3.4531 [2014-06-28] (HKLM\...\ffdshow64_is1) (Version: 1.3.4531.0 - )
Flux Ircam Tools 1.1 (HKLM-x32\...\Flux Ircam Tools 1.1) (Version: 3.4.6 - Flux)
Greenfish Icon Editor Pro 3.31 (HKLM-x32\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version:  - Greenfish Corporation)
GRM Tools Classic VST v1.6.52 (HKLM-x32\...\GRM Tools Classic VST v1.6.52) (Version:  - )
GRM Tools Complete 3.2 Demo (HKLM-x32\...\GRM Tools Complete Demo_is1) (Version:  - Ina-GRM)
GRM Tools Complete II 3.7.0 Demo (HKLM-x32\...\GRM Tools Complete II Demo_is1) (Version:  - Ina-GRM)
GRM Tools Spectral Transform VST v1.6.52 (HKLM-x32\...\GRM Tools Spectral Transform VST v1.6.52) (Version:  - )
GTK2-Runtime (HKLM-x32\...\GTK2-Runtime) (Version: 2.24.10-2012-10-10-ash - Alexander Shaduri)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
IrcamLab TS-1.0.11 (HKLM\...\{CCFC564A-FCC0-4E5D-9789-E254F0DB6502}_is1) (Version: 1.0.11 - IRCAM)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MeldaProduction Audio Plugins 11 (HKLM-x32\...\MeldaProduction Audio Plugins 11) (Version:  - MeldaProduction)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.4.6577 - Mozilla)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.1.48 - Native Instruments)
Nord Modular G2 Demo v1.40 (HKLM-x32\...\Nord Modular G2 Demo v1.40) (Version:  - )
Nord Modular G2 v1.62 (HKLM-x32\...\Nord Modular G2) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
OpenRCT2 0.1.2-develop-a01471b (HKLM-x32\...\OpenRCT2) (Version: 0.1.2-develop-a01471b - OpenRCT2)
OpenRCT2 Launcher version 0.0.7 (HKLM\...\{D71D87CE-20E7-4DB6-A0D8-E6DE57051B35}_is1) (Version: 0.0.7 - OpenRCT2)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.)
Pd-0.43.4-extended (HKLM-x32\...\pd_is1) (Version:  - puredata.info)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.0.0 - Popcorn Time) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
REAPER (HKLM-x32\...\REAPER) (Version:  - )
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
RME Fireface (HKLM\...\FIREFACE) (Version: 3.1.22.0 - RME Intelligent Audio Solutions)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\GOGPACKRCT2_is1) (Version: 2.0.0.6 - GOG.com)
Scala (HKLM-x32\...\Scala) (Version: 2.38 - Manuel Op de Coul)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Sound Radix SurferEQ2 Boogie (HKLM\...\SurferEQ2 Boogie_is1) (Version: 1.0.1 - Sound Radix)
SoundHack Spectral Shapers VST RTAS v1.23 (HKLM-x32\...\SoundHack Spectral Shapers_is1) (Version:  - )
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sugar Bytes Effectrix 1.4.3 (HKLM\...\Effectrix_is1) (Version: 1.4.3 - Sugar Bytes)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.0 - Tweaking.com)
u-he Bazille (HKLM-x32\...\u-he Bazille) (Version: 1.1.0.3898 - u-he)
u-he Uhbik (HKLM-x32\...\u-he Uhbik) (Version: 1.3.1.3898 - u-he)
u-he ZebraHZ (HKLM-x32\...\u-he ZebraHZ) (Version: 2.7.2.3898 - u-he)
UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Visualizer2 (HKLM\...\Visualizer2_is1) (Version:  - NUGEN Audio)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Voxengo Soniformer (HKLM\...\Voxengo Soniformer_is1) (Version: 3.4.1 - Voxengo)
Voxengo Transmodder VST 1.5 (HKLM-x32\...\Voxengo Transmodder VST) (Version:  - )
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Warcraft III: All Products (HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\Warcraft III) (Version:  - )
Windows Driver Package - RME Fireface (09/25/2014 3.0.99.0) (HKLM\...\6223DC14FDA25A2D559438A3674BB21C8DD96663) (Version: 09/25/2014 3.0.99.0 - RME)
Windows Driver Package - RME Fireface (12/15/2016 3.1.22.0) (HKLM\...\805E281D6491AD3E0012DF752C171F24CFD98FDC) (Version: 12/15/2016 3.1.22.0 - RME)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)
Zynaptiq ADAPTIVERB (HKLM-x32\...\Zynaptiq ADAPTIVERB) (Version: 1.0.1 - Zynaptiq)
Zynaptiq WORMHOLE (HKLM\...\WORMHOLE_is1) (Version: 1.0.2 - Zynaptiq)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-02-19] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers2: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} =>  -> No File
ContextMenuHandlers2: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} =>  -> No File
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers3: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} =>  -> No File
ContextMenuHandlers3: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-04-29] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-02-19] ()
ContextMenuHandlers6: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} =>  -> No File
ContextMenuHandlers6: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A22436C-C095-4E4F-BFF9-55EDBBE489E3} - System32\Tasks\{8A834C20-DC30-4284-9AAE-3AAF68F5D46A} => C:\Users\Wavelab\Downloads\11.02\MeldaProduction.MAudioPlugins.v11.02.Incl.Patch.and.Keygen-R2R\R2R\MeldaProduction_Keygen.exe [2017-07-29] ()
Task: {2FE87D89-2C72-4B35-A0E4-67DBDFA2461B} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {8622468C-2E68-47D9-A45F-62E0C3BD8257} - System32\Tasks\{7A3F594B-8C03-4703-A9DC-94CEC055738D} => C:\Users\Wavelab\Downloads\11.02\MeldaProduction.MAudioPlugins.v11.02.Incl.Patch.and.Keygen-R2R\R2R\MeldaProduction_Keygen.exe [2017-07-29] ()
Task: {AD917864-C405-4A9D-A006-2EC209C2DA6D} - System32\Tasks\{D2434717-978A-4CF1-9F26-0960F854364B} => C:\Users\Wavelab\Downloads\ESET Endpoint Security\ESET Endpoint Security v5.0.2237 x64\eset product activator 2013.exe [2013-10-22] ()
Task: {B0A358EF-F1F3-4D9B-8628-3E46CEA56476} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {B85BCE50-32AE-4117-9A2A-A5ED6C3CB59C} - System32\Tasks\{D1C6B7BF-928C-4F0F-9F7A-E9E6227D9784} => C:\Program Files (x86)\iZotope\RX 5 Audio Editor\win32\iZotope RX 5.exe
Task: {DB315193-0975-4BA0-A52C-4D504E3B3F39} - System32\Tasks\{F961920F-AE0D-48CB-8FD5-C6DBA93E43F9} => C:\Program Files (x86)\iZotope\RX 5 Audio Editor\win32\iZotope RX 5.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-12-18 08:00 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-18 08:00 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-02-09 16:35 - 2017-02-19 15:23 - 000154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 000016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 000369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:D0C462A448BA0F33 [1]
AlternateDataStreams: C:\Users\All Users:D0C462A448BA0F33 [1]
AlternateDataStreams: C:\ProgramData\Application Data:D0C462A448BA0F33 [1]
AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9 [280]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000\...\123simsen.com -> www.123simsen.com

There are 7935 more sites.

IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\...\123simsen.com -> www.123simsen.com

There are 7935 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-08-15 22:11 - 2018-01-29 07:01 - 000001844 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0	choice.microsoft.com
0.0.0.0	choice.microsoft.com.nstac.net
0.0.0.0	df.telemetry.microsoft.com
0.0.0.0	oca.telemetry.microsoft.com
0.0.0.0	oca.telemetry.microsoft.com.nsatc.net
0.0.0.0	redir.metaservices.microsoft.com
0.0.0.0	reports.wes.df.telemetry.microsoft.com
0.0.0.0	services.wes.df.telemetry.microsoft.com
0.0.0.0	settings-sandbox.data.microsoft.com
0.0.0.0	settings-win.data.microsoft.com
0.0.0.0	sqm.df.telemetry.microsoft.com
0.0.0.0	sqm.telemetry.microsoft.com
0.0.0.0	sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0	telecommand.telemetry.microsoft.com
0.0.0.0	telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0	telemetry.appex.bing.net
0.0.0.0	telemetry.microsoft.com
0.0.0.0	telemetry.urs.microsoft.com
0.0.0.0	vortex-sandbox.data.microsoft.com
0.0.0.0	vortex-win.data.microsoft.com
0.0.0.0	vortex.data.microsoft.com
0.0.0.0	watson.telemetry.microsoft.com
0.0.0.0	watson.telemetry.microsoft.com.nsatc.net
0.0.0.0	watson.ppe.telemetry.microsoft.com
0.0.0.0	wes.df.telemetry.microsoft.com
0.0.0.0	vortex-bn2.metron.live.com.nsatc.net
0.0.0.0	vortex-cy2.metron.live.com.nsatc.net
0.0.0.0	watson.live.com
0.0.0.0	watson.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1385869084-107249528-879815655-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wavelab\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1385869084-107249528-879815655-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01292018070252093\Control Panel\Desktop\\Wallpaper -> C:\Users\Wavelab\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SuperAnti\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9DC81EDB-2C6C-4931-A5B2-40CD65B8BC9A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4F0DBB53-6FDF-45A0-ADAD-7BB931B0ECBD}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{AD13A4F3-FE52-4A9C-A30E-54D08AD9FE3B}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{5A02B719-99D1-4712-871C-DACE0C044080}] => (Allow) LPort=23286
FirewallRules: [{FD300361-9103-4955-BA09-62E5E0659EB7}] => (Allow) LPort=23286
FirewallRules: [{37E3F20F-DE20-4516-B208-CC46191BDD72}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}] => (Allow) LPort=2869
FirewallRules: [{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}] => (Allow) LPort=1900
FirewallRules: [{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}] => (Allow) LPort=48113
FirewallRules: [{740197B5-9B91-43DC-9448-5F2FAA99E4ED}] => (Allow) LPort=48113
FirewallRules: [{693623B6-E6A7-4C02-AAFA-C015190F37B1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{CCFB25E5-DDC7-402F-879F-39B3B46D64B6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F14C9DF6-EEBD-4DE7-8AC8-7D56E3343CE1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4578CCE8-CB60-403B-838E-D256CE92C096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{A90633A5-028F-4F6E-8DC2-1661CCFCA562}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{EA720AAD-148A-4BC5-9266-6E39F2147BB2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E6E9DF3-A7EE-477B-B24B-656DAECB80B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B82CD4EC-A765-416B-B003-82ECE1275251}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{984DBD82-198C-4679-9B8B-D4E1732DA5BB}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{70650DB9-32DA-4BD0-A42F-C14C7BC01D49}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{419799C6-3AB9-4C20-A72B-287E6E8751E4}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{FB24043A-1BC3-4959-8C03-D87F63A62A28}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{EE17A77A-7772-4ADF-A2EB-5E2AE16D7BA4}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{8EB6A3E6-90E2-4E09-AB77-4920AC1F5F58}] => (Allow) LPort=23608
FirewallRules: [{5F6B2B62-B7D7-4E81-BFFC-AE172C502095}] => (Allow) LPort=23608
FirewallRules: [{AC6E8C47-1085-4DD5-BC8F-7BAB1DDE20C7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7B17401C-244B-4773-B530-17B029388A3C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5D119928-6DD3-432C-99FA-EF7FF2D29662}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{17E8C427-2CB7-4791-BB78-7B02C61B790B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B5A83283-E98F-445D-AE0A-763C74F90200}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{48523FBA-6E80-4F95-9ABC-3831B89FAACA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

28-01-2018 08:58:50 Removed Sophos Virus Removal Tool.
29-01-2018 06:22:05 Gabbe after

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8190.49 MB
Available physical RAM: 5776.82 MB
Total Virtual: 16379.17 MB
Available Virtual: 13744.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.91 GB) (Free:17.67 GB) NTFS
Drive e: (216 GB) (Fixed) (Total:216.4 GB) (Free:173.35 GB) NTFS
Drive f: (107 GB) (Fixed) (Total:107.22 GB) (Free:89.43 GB) NTFS
Drive h: (UBUNTU 16_0) (Removable) (Total:29.8 GB) (Free:28.32 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 4B404B3F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 335.4 GB) (Disk ID: F565EFA5)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=06)
Partition 2: (Not Active) - (Size=216.4 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=107.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 01753A97)
Partition 1: (Active) - (Size=29.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

Edited by Synthhead, 29 January 2018 - 03:09 AM.


#3 Synthhead

Synthhead
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 29 January 2018 - 03:30 AM

I am not knowing how to make code/quote scrollbar, and it says post too long.. can't post combofix log.. Yes yes i know i shouldn't have ran any but in the panic i was in couldn't really resist.



#4 Havachat

Havachat

  • Members
  • 1,050 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sleepy Hollow - Geelong - Go Cats.
  • Local time:08:36 AM

Posted 29 January 2018 - 04:47 AM

Just by chance , you say you cant Boot to any Disc`s ...are you running USB Keyboard.

 

I had an old PC that did the same and i had to use PS/2 Port On the Mobo and an old type Keyboard and that worked.



#5 Synthhead

Synthhead
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 29 January 2018 - 06:35 AM

ALL SOLVED THIS THREAD CAN BE REMOVED

 


Edited by Synthhead, 29 January 2018 - 08:07 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users