Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help , Need to get virus out my laptop


  • Please log in to reply
86 replies to this topic

#76 RayS

RayS

  • Malware Study Hall Senior
  • 2,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:54 PM

Posted 10 July 2018 - 06:40 PM

Hi Dan,
 

If I save a copy of the program to another drive and you uninstall the original then I put the copy back in my computer ,
will this eliminate the malware problem ?

If your copy has been modified by malware, uninstall/reinstall would have no beneficial effect. Your current (cracked) version is not only capable of harboring stealthy malware that can do mischief quietly in the background, it is also two generations out of date. The only safe procedure would be to uninstall this copy and buy a fresh copy from the manufacturer here. It looks like they have a free-to-try version that might meet your needs. The full version costs only $39.95. They also have a "Plus" version for $59.95. Please let me know whether you will uninstall your current copy.
 
<<<<<<

 
Are you sure you need Java? Malware researchers have warned about the necessity of keeping Java continuously updated. This blog is from 2013, but the need for keeping Java updated is frequently repeated in more recent articles. If you don't need Java, uninstall it using instructions similar to the ones in Post #74 under the Uninstall programs heading.
 
Please run  the following revised fix.
 
Run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool will reboot your computer.

  • Double-click on FRST64.exe to open the Farbar Recovery Scan Tool window.
  • Select the entire contents of the following code box including the Start:: and End:: directives.
  • Now press Ctrl+C to copy the contents into your clipboard.
Start::

CloseProcesses:
RemoveProxy:
CMD: type "C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat"
REG: reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder"

End::
  • Click the Fix button in the Farbar Recovery Scan Tool window.
  • Wait until the program completes execution.
  • The tool will create a log called Fixlog.txt. Please post it into your reply.

 

In your next reply...

  • Did you uninstall Movavi Video Editor?
  • Do you need Java?
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • How is your laptop running now?

Thank you,
 
Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


BC AdBot (Login to Remove)

 


#77 danban

danban
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:54 PM

Posted 11 July 2018 - 08:07 PM

Hello Ray , 

 

This is Dan.

 

I uninstalled Movavi Video Editor 12 which was the cracked version

but I left alone Movavi Video Editor 11 because that was the legiate trail version from the website ,

if you want me me to uninstall that let me know.

 

I ran the Fabarr in fix and the Fixlog.txt is below.

 

Note - I also uninstalled the Java update

and also did the next post directions you gave me  in removing the Proxy

with the code you gave me and the Fabarr recovery Fix.

 

I'm supplying the Fixlog Txt too for that .

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018

Ran by Dan (11-07-2018 20:33:15) Run:7
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
ContextMenuHandlers1-x32-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)
ContextMenuHandlers6-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi)
CMD: type "C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat"
REG: reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder"
 
*****************
 
Processes closed successfully.
ContextMenuHandlers1-x32-x32: [_MovaviSuite10] -> {9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)\Movavi Video Suite 12\vcContext\vcContext.dll [2013-12-11] (Movavi) => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\_MovaviSuite10 => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{9D700AB0-33CE-4ab3-BD66-3A73CC2CEDE3} => not found
 
========= type "C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat" =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
 
========= reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" =========
 
ERROR: Invalid syntax.
Type "REG EXPORT /?" for usage.
 
 
========= End of Reg: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 20:33:33 ====


#78 danban

danban
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:54 PM

Posted 11 July 2018 - 08:09 PM

Here's the Fixlog Txt for the proxy remove

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Dan (11-07-2018 20:49:42) Run:8
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
RemoveProxy:
CMD: type "C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat"
REG: reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder"
 
*****************
 
Processes closed successfully.
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= type "C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat" =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
 
========= reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" =========
 
ERROR: Invalid syntax.
Type "REG EXPORT /?" for usage.
 
 
========= End of Reg: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 20:49:49 ====


#79 RayS

RayS

  • Malware Study Hall Senior
  • 2,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:54 PM

Posted 12 July 2018 - 02:32 PM

Hi Dan,

Thanks for the logs. I sent you a syntax error in my previous post. Please run this short script. Then re-scan with FRST64.exe and send me fresh logs.

Run Farbar Recovery Scan Tool (FRST) in FIX mode

  • Double-click on FRST64.exe to open the Farbar Recovery Scan Tool window.
  • Select the entire contents of the following code box including the Start:: and End:: directives.
  • Now press Ctrl+C to copy the contents into your clipboard.
Start::

REG: reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" %userprofile%\desktop\StartupFolder.txt

End::
  • Click the Fix button in the Farbar Recovery Scan Tool window.
  • Wait until the program completes execution.
  • The tool will create a log called Fixlog.txt. Please post it into your reply.
  • The tool will also create StartupFolder.txt on your desktop. Please post it into your reply.

 

 

Re-scan with Farbar Recovery Scan Tool

  • Right-click FRST64.exe then click Run as administrator.
  • Under Optional Scan, be sure a checkmark is placed next to Addition.txt.
  • Click Scan.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory where the tool was run from.
  • Please copy and paste both logs into your next reply.



In your next reply...

  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of StartupFolder.txt into the body of your message.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • How is your laptop running now?

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#80 danban

danban
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:54 PM

Posted 13 July 2018 - 06:49 PM

Hello Ray ,

 

This is Dan.

 

I did everything you asked with Fabarr Recovery.

Here are all the logs - 

FRST txt - Fixlog Txt - StarupFolder Txt - Addition Txt.

 

Here is the - Fixlog Txt - 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Dan (13-07-2018 19:34:50) Run:9
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
REG: reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" %userprofile%\desktop\StartupFolder.txt
 
*****************
 
 
========= reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" %userprofile%\desktop\StartupFolder.txt =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 19:34:51 ====


#81 danban

danban
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:54 PM

Posted 13 July 2018 - 06:50 PM

Here is the StarupFolder Txt - 

 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"_RECOVERY_+vplym.html"=hex:03,00,00,00,6d,d2,c1,70,54,73,d1,01
"_RECOVERY_+vplym.png"=hex:03,00,00,00,dc,31,93,7f,54,73,d1,01
"_RECOVERY_+vplym.txt"=hex:03,00,00,00,0f,7c,91,81,54,73,d1,01
"HandyAndy.lnk"=hex:02,00,00,00,00,00,00,00,00,00,00,00


#82 danban

danban
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:54 PM

Posted 13 July 2018 - 06:51 PM

Here is the FRST Txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Dan (administrator) on BEATLES (13-07-2018 19:36:21)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
() C:\Program Files\Gramblr\gramblr.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(www.shadowexplorer.com) C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(oh!soft) C:\Program Files (x86)\oCam\oCamTask.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-07-10] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca0a9-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe" 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca102-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-05-16]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{4BFECB1F-C4F4-478B-9423-CF38BB3D1339}: [DhcpNameServer] 167.206.112.3 167.206.112.4
Tcpip\..\Interfaces\{ADE3F806-57EF-4246-85D9-1A41A1425F70}: [DhcpNameServer] 208.67.222.222 208.67.220.220
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default [2018-07-12]
FF Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\abs@avira.com.xpi [2018-07-03]
FF Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-07-12]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-03] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1066246007-1091995785-1061003623-1001: signiant.com/SigniantTransfer -> C:\Users\Dan\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.4.71844\npSigniantTransfer.dll [2015-07-09] (Signiant Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default [2018-07-13]
CHR Extension: (Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]
CHR Extension: (The Flash Video Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2018-07-12]
CHR Extension: (Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]
CHR Extension: (Instagram tools) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apchgljmbdmgpelofkpfaghmjcgkcmmb [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (Audiotool) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2016-04-03]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-06-28]
CHR Extension: (APK Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2016-04-03]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-03]
CHR Extension: (Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-06-28]
CHR Extension: (Trevx - Music Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2016-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-07-10]
CHR Extension: (Video Converter) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-28]
CHR Extension: (Notifications for Instagram) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2018-07-09]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2018-07-13]
CHR Extension: (Adobe HDS / HLS Video Saver) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pibndofbpkoaipoidbkephfhhnapkccn [2018-06-28]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-04]
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-07-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-07-10] (COMODO)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [14285392 2018-07-05] () [File not signed]
S4 gzserv; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2018-03-08] (Bitdefender)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program File (x86) Malwarebytes Anti-Malware - VER. 2-B\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 sesvc; C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe [9216 2011-01-02] (www.shadowexplorer.com) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-03-06] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-07-10] (COMODO)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-06-09] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-13 19:36 - 2018-07-13 19:37 - 000019608 _____ C:\Users\Dan\Desktop\FRST.txt
2018-07-13 19:34 - 2018-07-13 19:34 - 000000792 _____ C:\Users\Dan\Desktop\StartupFolder.txt
2018-07-13 19:34 - 2018-07-13 19:34 - 000000741 _____ C:\Users\Dan\Desktop\Fixlog.txt
2018-07-12 23:05 - 2018-07-12 23:05 - 000003452 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-danbanic1@hotmail.com
2018-07-12 20:46 - 2018-07-12 20:46 - 000000077 _____ C:\Users\Dan\AppData\Local\smplayerhdpi.ini
2018-07-12 20:42 - 2018-07-12 20:42 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
2018-07-12 20:41 - 2018-07-12 20:41 - 039926376 _____ (DownloadHelper ) C:\Users\Dan\Downloads\VdhCoAppSetup-1.2.4.exe
2018-07-12 20:30 - 2018-07-12 20:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-09 23:23 - 2018-07-09 23:23 - 000001543 _____ C:\Users\Dan\Desktop\Debut Video Capture - NCH - Shortcut.lnk
2018-07-09 23:12 - 2018-07-09 23:14 - 000000000 ____D C:\Users\Dan\AppData\Roaming\NCH Software
2018-07-09 23:12 - 2018-07-09 23:12 - 000000000 ____D C:\ProgramData\NCH Software
2018-07-09 23:10 - 2018-07-09 23:10 - 000001391 _____ C:\Users\Dan\Desktop\Ocam Video Creen Capture - Shortcut.lnk
2018-07-09 22:19 - 2018-07-10 22:02 - 000002922 _____ C:\Windows\System32\Tasks\oCamTask
2018-07-09 22:19 - 2018-07-10 22:02 - 000000969 _____ C:\Users\Public\Desktop\oCam.lnk
2018-07-09 22:19 - 2018-07-10 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oCam
2018-07-09 22:19 - 2018-07-10 22:02 - 000000000 ____D C:\Program Files (x86)\oCam
2018-07-09 22:19 - 2018-07-09 22:19 - 000000000 ____D C:\Users\Dan\Documents\oCam
2018-07-09 22:19 - 2018-07-09 22:19 - 000000000 ____D C:\Users\Dan\AppData\Roaming\oCam
2018-07-09 20:39 - 2018-07-09 20:39 - 000000000 ____D C:\Program File (x86) DebutVideoCaptureSoftwareFree
2018-07-09 20:37 - 2018-07-09 23:10 - 000000000 ____D C:\Program File (x86) Ocam Video Screen Capture - Version 428.0
2018-07-08 20:39 - 2018-07-09 23:08 - 000000000 ____D C:\Users\Dan\AppData\Roaming\iSpring Solutions
2018-07-08 20:39 - 2018-07-08 20:39 - 000000128 ____H C:\Users\Dan\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2018-07-08 20:39 - 2018-07-08 20:39 - 000000128 ____H C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6
2018-07-08 20:34 - 2018-07-08 20:34 - 000001763 _____ C:\Users\Dan\Desktop\freecam.exe - Shortcut.lnk
2018-07-08 20:32 - 2018-07-08 20:33 - 000000000 ____D C:\Program File (x86) ISpring Video Capture
2018-07-04 20:33 - 2018-07-04 20:33 - 000002322 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-04 20:33 - 2018-07-04 20:33 - 000002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-03 21:43 - 2018-07-03 21:43 - 000313760 _____ (Mozilla) C:\Users\Dan\Downloads\Firefox Installer.exe
2018-07-01 23:10 - 2018-07-08 22:42 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-07-01 21:36 - 2018-07-01 21:42 - 000000000 ____D C:\Program File (x86) GIMP - Resynthesizer Plug In - 64 Bit Version
2018-07-01 21:25 - 2018-07-01 21:25 - 000003685 _____ C:\Users\Dan\AppData\Local\recently-used.xbel
2018-06-29 20:48 - 2018-06-29 19:10 - 002412544 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2018-06-29 20:35 - 2018-06-29 20:35 - 000000000 ____D C:\Windows\system32\Plug-In Settings
2018-06-28 21:24 - 2018-07-13 19:13 - 000000074 _____ C:\Users\Dan\AppData\Roaming\sp_data.sys
2018-06-27 23:06 - 2018-06-27 23:06 - 000000913 _____ C:\Users\Dan\Desktop\HourGlass - Audio EFX.lnk
2018-06-27 22:23 - 2018-06-27 22:23 - 000001520 _____ C:\Users\Dan\Desktop\PotPlayerMini64.exe - Video Audio Player.lnk
2018-06-27 22:20 - 2018-06-27 22:22 - 000000000 ____D C:\Program File (x86) POT Player - Video & Audio Player
2018-06-27 20:41 - 2018-06-27 20:41 - 000000000 ____D C:\Users\Dan\AppData\Roaming\Xenakios
2018-06-27 20:40 - 2018-06-27 20:41 - 000000000 ____D C:\Program File (x86) HOUR GLASS - Audio Efx Software
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-13 19:37 - 2015-11-13 20:19 - 000000000 ____D C:\ProgramData\Gramblr
2018-07-13 19:36 - 2016-03-03 14:05 - 000000000 ____D C:\FRST
2018-07-13 19:29 - 2015-02-09 23:20 - 000000000 ____D C:\Users\Dan\AppData\Roaming\avidemux
2018-07-13 19:17 - 2015-02-01 10:08 - 000000000 ____D C:\Users\Dan\AppData\Local\Adobe
2018-07-13 19:16 - 2015-01-30 06:01 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1066246007-1091995785-1061003623-1001
2018-07-13 19:11 - 2015-11-12 20:24 - 000000000 ____D C:\ProgramData\VMware
2018-07-13 19:11 - 2015-02-09 00:09 - 000000000 __RDO C:\Users\Dan\OneDrive
2018-07-13 19:11 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-13 19:10 - 2017-06-18 21:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-13 19:10 - 2017-05-31 20:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-12 23:49 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-07-12 23:05 - 2015-01-30 05:55 - 000000000 ____D C:\Users\Dan\AppData\Roaming\Adobe
2018-07-12 22:31 - 2017-06-17 19:55 - 000000000 ____D C:\Users\Dan\AppData\LocalLow\Mozilla
2018-07-12 22:28 - 2017-06-18 21:38 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-07-12 20:46 - 2016-06-12 19:00 - 000000000 ____D C:\Users\Dan\.smplayer
2018-07-12 20:43 - 2017-05-31 20:59 - 000000000 ____D C:\Users\Dan\dwhelper
2018-07-12 20:38 - 2015-02-05 08:20 - 000000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2018-07-12 20:31 - 2015-02-05 07:17 - 000000000 ____D C:\Users\Dan\AppData\Roaming\Mozilla
2018-07-11 21:45 - 2015-02-03 07:57 - 000000000 ____D C:\Users\Dan\AppData\Local\ocenaudio
2018-07-11 21:05 - 2015-02-06 04:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-07-11 21:04 - 2015-11-26 13:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-11 20:34 - 2016-05-15 16:50 - 000000000 ____D C:\Program File (x86) Movavi Video Editor Suite 12 - (Free Cracked Version)
2018-07-11 19:59 - 2018-01-12 20:56 - 000000000 ____D C:\Program File (x86) 4kVideodownloader - Ver 6
2018-07-11 19:06 - 2016-03-07 20:08 - 000000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2018-07-08 20:37 - 2015-10-08 18:29 - 000000000 ____D C:\Users\Dan\AppData\Roaming\Apowersoft
2018-07-08 20:35 - 2016-07-18 13:30 - 000000000 ____D C:\Users\Dan\Desktop\Video & Various  Software Shortcuts
2018-07-05 20:30 - 2015-11-13 20:19 - 000000000 ____D C:\Program Files\Gramblr
2018-07-04 20:33 - 2015-11-12 19:17 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-04 20:32 - 2015-11-12 19:17 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-04 20:32 - 2015-11-12 19:17 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-04 20:32 - 2015-11-12 19:14 - 000000000 ____D C:\Users\Dan\AppData\Local\Deployment
2018-07-04 14:42 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2018-07-02 23:03 - 2015-02-04 12:19 - 000000000 ____D C:\Users\Dan\AppData\Local\Windows Live
2018-07-01 21:35 - 2015-02-04 11:43 - 000000000 ____D C:\Users\Dan\.gimp-2.8
2018-07-01 21:25 - 2016-07-10 13:03 - 000000000 ____D C:\Users\Dan\AppData\Local\gtk-2.0
2018-06-28 23:27 - 2015-02-02 09:26 - 000000000 ____D C:\Users\Dan\AppData\Roaming\PrimoPDF
2018-06-28 21:18 - 2015-11-13 20:48 - 000000000 ____D C:\Program File (x86) ArcWelder - Android Simulator (Google Chrome) - Instagram
2018-06-26 20:50 - 2017-07-26 19:34 - 000003166 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1066246007-1091995785-1061003623-1001
2018-06-26 20:50 - 2016-04-26 11:01 - 000002298 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-06-25 21:10 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2018-06-25 20:51 - 2013-08-22 09:25 - 012845056 _____ C:\Windows\system32\config\HARDWARE
2018-06-21 21:52 - 2015-09-05 13:42 - 000017920 _____ C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Files in the root of some directories =======
 
2018-07-08 20:39 - 2018-07-08 20:39 - 000000128 ____H () C:\Users\Dan\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2018-06-28 21:24 - 2018-07-13 19:13 - 000000074 _____ () C:\Users\Dan\AppData\Roaming\sp_data.sys
2015-02-02 09:28 - 2015-02-03 07:25 - 000000068 _____ () C:\Users\Dan\AppData\Roaming\WB.CFG
2015-04-29 13:39 - 2015-04-29 13:39 - 000200331 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS
2015-04-29 13:39 - 2015-04-29 13:39 - 000000290 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS.part
2015-04-29 13:34 - 2015-04-29 13:34 - 000385602 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS
2015-04-29 13:34 - 2015-04-29 13:38 - 000000220 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS.part
2015-04-29 13:39 - 2015-04-29 13:39 - 000146145 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS
2015-04-29 13:39 - 2015-04-29 13:39 - 000000274 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS.part
2015-09-05 13:42 - 2018-06-21 21:52 - 000017920 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-01 21:25 - 2018-07-01 21:25 - 000003685 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel
2018-07-12 20:46 - 2018-07-12 20:46 - 000000077 _____ () C:\Users\Dan\AppData\Local\smplayerhdpi.ini
2018-03-22 21:50 - 2018-03-22 21:50 - 000000003 _____ () C:\Users\Dan\AppData\Local\wbem.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-04 18:08
 
==================== End of FRST.txt ============================


#83 danban

danban
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:54 PM

Posted 13 July 2018 - 06:52 PM

Here is the Addition Txt - 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Dan (13-07-2018 19:38:30)
Running from C:\Users\Dan\Desktop
Windows 8.1 Connected (Update) (X64) (2015-01-30 09:55:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1066246007-1091995785-1061003623-500 - Administrator - Disabled)
Dan (S-1-5-21-1066246007-1091995785-1061003623-1001 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-1066246007-1091995785-1061003623-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Video Downloader 4.4 (HKLM-x32\...\{CAB406EC-AF92-417D-9BBB-B2ECE1BC7BA6}) (Version: 4.4.2.2255 - Open Media LLC)
7-Zip (HKLM\...\{F43D5365-6E1C-4A2B-BE51-E16D9554FB1D}) (Version: 9.2.0 - 7-Zip) Hidden
7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_3_0) (Version: 10.3.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aeon (HKLM-x32\...\Aeon) (Version: 3.7.4 - SoundSpectrum)
Andy OS (HKLM\...\Andy OS) (Version: 0.45.5.0 - Andy OS, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director3.01) (Version: 3.01 - Applian Technologies Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
AVS Audio Converter 8.1.1 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.1.1.549 - Online Media Technologies Ltd.)
AVS Audio Editor 8.1.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.1.1.506 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2.5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.5.536 - Online Media Technologies Ltd.)
AVS Document Converter 3.0.2 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.2.238 - Online Media Technologies Ltd.)
AVS Image Converter 4.0.2 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.2.281 - Online Media Technologies Ltd.)
AVS Media Player 4.3.1 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.1.114 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.4 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.4.148 - Online Media Technologies Ltd.)
AVS Registry Cleaner 3.0.3 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 3.0.3.272 - Online Media Technologies Ltd.)
AVS Video Converter 9.2.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.2.1.579 - Online Media Technologies Ltd.)
AVS Video Editor 7.2.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.2.1.269 - Online Media Technologies Ltd.)
AVS Video ReMaker 5.0.2 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 5.0.2.175 - Online Media Technologies Ltd.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1036 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 1.2.7.132 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Beta Bugs FloFi VST (HKLM-x32\...\FloFi) (Version: "1.1.0" - "BetaBugs")
Beta Bugs Moneo VST (HKLM-x32\...\Moneo) (Version: "1.0.0" - "BetaBugs")
Beta Bugs WideBug VST (HKLM-x32\...\WideBug) (Version: "1.0.0" - "BetaBugs")
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
COMODO Firewall (HKLM\...\{1EBC6C6F-7D31-4897-B241-DC7052F3E7A5}) (Version: 8.2.0.5027 - COMODO Security Solutions Inc.)
CrazyTalk Animator v2.0 Pipeline (HKLM-x32\...\{7127D4CC-78E6-41E3-8BCB-A50ED34846E2}) (Version: 2.0.1214.1 - Reallusion Inc.)
CrazyTalk v7.32 Standard (HKLM-x32\...\{27C4EA98-84A3-4CDF-A436-F984A0283357}) (Version: 7.32.3114.1 - Reallusion Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{9B4515CC-A703-49D2-85E6-5348CA30534D}) (Version: 12.5.0032 - Blackmagic Design)
DS-MP3 Source 1.30 (HKLM-x32\...\DS-MP3 Source) (Version:  - )
Eusing Free MP3 Cutter (HKLM-x32\...\Eusing Free MP3 Cutter) (Version:  - )
FaceGen Artist Demo (HKLM-x32\...\{280BB5D8-30DC-4D62-B4D5-A3C19BB30479}) (Version: 1.10.0.0 - Singular Inversions Inc.)
FaceGen Artist Pro (HKLM-x32\...\{F6F73B62-D4E0-46B0-BD1C-3F4F55B107D8}) (Version: 1.10.0.0 - Singular Inversions Inc.)
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.6.9 - Hotger)
Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.143 - Gramblr Team)
GROOVE 5.6.3 Pro Edition (HKLM\...\{21D8E7FE-7FE7-46B3-B578-22E1ABC5E407}) (Version: 5.6.3 - Gemini)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
ISSE version 0.2.0 (HKLM\...\{9330BAEC-6E26-4C5B-93A1-8BDD9ACF231B}_is1) (Version: 0.2.0 - CCRMA, Stanford University)
ivsEdits Free Edition (HKLM-x32\...\ivsEdits Free Edition) (Version:  - )
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KRISTAL Audio Engine (HKLM-x32\...\KRISTAL Audio Engine) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.4 - LUXONIX)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Massey Plugins Demos [Remove only] (HKLM-x32\...\Massey Plugins Demos) (Version:  - )
MediaShuttlePlugin-v5.4 (HKLM-x32\...\{BA567CFA-F158-44C3-AA40-1773478BD477}) (Version: 5.4.4.71844 - Signiant Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
Muvizu:Play - Heroes and villains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroesAndVillains) (Version:  - Digimania Ltd)
Muvizu:Play - Heroes and villains Lairs (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroAndVillainLairs) (Version:  - Digimania Ltd)
Muvizu:Play - Lighting Presets (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuLightingPresets) (Version:  - Digimania Ltd)
Muvizu:Play - Mandy Content (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuMandyContentPack) (Version:  - Digimania Ltd)
Muvizu:Play - Prisons (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuPrisons) (Version:  - Digimania Ltd)
Muvizu:Play - Rosie (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuRosie) (Version:  - Digimania Ltd)
Muvizu:Play - Trains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuTrains) (Version:  - Digimania Ltd)
Muvizu:Play (HKLM-x32\...\Muvizu) (Version: 2015.08.20.01R - Digimania Ltd)
oCam version 428.0 (HKLM-x32\...\oCam_is1) (Version: 428.0 - hxxp://ohsoft.net/)
ocenaudio (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ocenaudio) (Version: 2.0.14 - ocenaudio Team)
PitchWorks remove (HKLM-x32\...\PitchWorks DX) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian Technologies Inc.)
ShapeShop B5 (HKLM-x32\...\ShapeShop) (Version:  - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SMPlayer 16.6.0 (HKLM-x32\...\SMPlayer) (Version: 16.6.0 - Ricardo Villalba)
Softube Plug-Ins (VST AAX 32-bit) (HKLM-x32\...\Softube Plug-Ins (VST AAX 32-bit)) (Version: 2.2.91 - Softube AB)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 1.0.2 - )
Total Recorder 8.5 Standard Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
Tupi version 0.2-4 (HKLM-x32\...\Tupi_is1) (Version: 0.2-4 - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Virtual Magnifying Glass v3.6 (HKLM-x32\...\Virtual Magnifying Glass_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Player (HKLM\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 6.0.7 - VMware, Inc.) Hidden
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.13.7.62285 - VMware, Inc.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.0.5 - SoundSpectrum)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.18 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
WonderFox DVD Ripper Speedy 8.1 (HKLM-x32\...\WonderFox DVD Ripper Speedy) (Version: 8.1 - WonderFox Soft, Inc.)
WonderFox DVD Video Converter 10.0 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 10.0 - WonderFox Soft, Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1-x32: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers1-x32: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)
ContextMenuHandlers1-x32: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2015-04-06] (Online Media Technologies Ltd.)
ContextMenuHandlers1-x32: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-13] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers6: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program File (x86) BitDefender Antivirus\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2018-03-08] (Bitdefender)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program File (x86) - RevoUninPro - Uninstaller program - 30 Day Free Trial - 5-15-2016\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1066246007-1091995785-1061003623-1001: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0871BC7F-DE9B-4C30-A460-54D7FCC6F3C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {0B68F930-F054-44FD-8480-C9B2E8CE6446} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {13F4F7F9-754A-479C-95B7-2668E5195C53} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]
Task: {2283DE1E-0461-4B5C-93B8-792D6C6384D6} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {26859B29-C5AD-4C9A-BE79-B456B8D0FA32} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {2BD7BF5D-C4CF-4669-A2BC-FD410979401B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]
Task: {39FEF968-A8FF-4F5C-9196-0E7AA2353384} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {448B478E-E846-4768-AB46-43E9DE356AD1} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-danbanic1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {4C290D38-8E4F-4E0C-8A57-748C6445EFF3} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {4D574819-623E-459C-ADAA-ABE4DA8328F0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)
Task: {547698E5-4F4A-441A-BB7D-0BCEAA6F0593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {59E33C91-940C-4B1B-8875-D56CF8C1F9EA} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {714F0317-7FFD-4AE3-AC9A-11F2B0BADC87} - System32\Tasks\oCamTask => C:\Program Files (x86)\oCam\oCamTask.exe [2017-11-20] (oh!soft)
Task: {73A5F5CB-0B75-4158-B3D5-60B79A55381B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {7A810030-3719-44B1-86D4-C623F0136B7E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {885E1D98-007F-4A6C-9B21-CB66F24620E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {985790D0-EF1D-4BF1-96BA-E15830E37E2E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {9C0EB61C-E232-4548-847B-0FBE48C483F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {B555837A-F36E-4453-A0C0-E1982D23AE8A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {B68434B3-38F7-4E31-9788-A98D73098673} - System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8} => C:\Windows\system32\pcalua.exe -a "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {BCE45004-B0FC-4F7C-9E96-2E7DBD2AE33E} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-danbanic1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {C0EA6C51-0D21-4C1C-9AD2-4B14A9002B63} - System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF} => C:\Windows\system32\pcalua.exe -a "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {C2E59037-9F26-40BC-B416-8F2A7E22E244} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {EB9B2DA6-E063-4F2A-A690-9A70E1E8FBE9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-31] (Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat - Shortcut.lnk -> C:\Program File (x86) SmoothTeddy 3D - Simple 3D Program\SmoothTeddy\run.bat ()
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\ShapeShop3d.com.lnk -> hxxp://www.shapeshop3d.com
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\Tutorial Videos At Vimeo.lnk -> hxxp://www.vimeo.com/shapesho
 
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a06339e9776d4569\Instagram for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> " --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-02 09:23 - 2011-02-28 18:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2017-08-11 19:17 - 2018-07-05 20:30 - 014285392 _____ () C:\Program Files\Gramblr\gramblr.exe
2016-05-22 19:33 - 2016-05-22 19:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-07-03 13:40 - 2015-07-03 13:40 - 000183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2016-05-22 19:32 - 2016-05-22 19:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2018-07-04 20:33 - 2018-06-22 15:15 - 002663768 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\swiftshader\libglesv2.dll
2018-07-04 20:33 - 2018-06-22 15:15 - 000128856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\swiftshader\libegl.dll
2014-02-24 06:59 - 2014-02-24 06:59 - 000109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2012-03-07 22:27 - 2012-03-07 22:27 - 000016384 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ACVsWin.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 000037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 000162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-06-24 15:28 - 2015-06-24 15:28 - 001301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-08-24 08:45 - 2016-08-24 08:45 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 08:24 - 2016-08-24 08:24 - 000098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Dan\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Dan\Downloads\Anti-CryptorBitV2.zip:BDU [1]
AlternateDataStreams: C:\Users\Dan\AppData\Roaming:iSpring Solutions [128]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\groovesquid.com -> hxxps://groovesquid.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\instagram.com -> hxxps://instagram.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mediashuttle.com -> hxxps://media-shuttle-free-trial-portal.mediashuttle.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mycloud.com -> hxxps://idp.mycloud.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\spotify.com -> hxxps://www.spotify.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\winamp.com -> hxxps://www.winamp.com
IE restricted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\doubleclick.net -> hxxps://doubleclick.net
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-03-22 21:51 - 000001330 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "ChocolateBar Sidebar"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "xdm"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4FE7073A-872B-41C2-BC9A-940A9B7DD046}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5E53A359-8F1D-43B7-9FDA-A80A116B4F02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADD73EE6-23B0-4C9F-B809-3FCFC61FF5FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{229E4125-67BF-47C7-A93C-B40E9D541602}C:\program file (x86) apowersoft video download capture\video download capture\video download capture.exe] => (Block) C:\program file (x86) apowersoft video download capture\video download capture\video download capture.exe
FirewallRules: [UDP Query User{73A29578-60CF-49B5-A2C9-3784318DC5F4}C:\program file (x86) apowersoft video download capture\video download capture\video download capture.exe] => (Block) C:\program file (x86) apowersoft video download capture\video download capture\video download capture.exe
FirewallRules: [{086B29CE-5670-43BA-8D72-BA49FD1A4EF8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{01DFF37F-607E-4625-AF68-8D988DE3A5A3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/12/2018 10:55:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b44
 
Start Time: 01d41a54434cc9b2
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 378f3ba9-8648-11e8-838e-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (07/12/2018 09:55:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1168
 
Start Time: 01d41a4be17dc2a1
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: d57ef471-863f-11e8-838e-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (07/12/2018 08:55:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 18d4
 
Start Time: 01d41a437fddb266
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 74f43eef-8637-11e8-838e-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (07/12/2018 07:55:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 16e4
 
Start Time: 01d41a3b1e21201e
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 12c33b2c-862f-11e8-838e-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (07/11/2018 11:51:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BEATLES)
Description: Activation of app 21388TileBitStudio.Milligram_sgmx6c2dyqt44!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/11/2018 10:56:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b34
 
Start Time: 01d4198b2706c7c1
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 1afb1a24-857f-11e8-838d-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (07/11/2018 09:56:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fe4
 
Start Time: 01d41982c537e2d6
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: b988bd6a-8576-11e8-838d-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (07/11/2018 09:11:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11d0
 
Start Time: 01d4197c7be35909
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 6fc3a136-8570-11e8-838d-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (07/13/2018 07:13:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (07/13/2018 07:11:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (07/13/2018 07:11:03 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (07/12/2018 11:48:25 PM) (Source: DCOM) (EventID: 10010) (User: BEATLES)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (07/12/2018 11:48:25 PM) (Source: DCOM) (EventID: 10010) (User: BEATLES)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (07/12/2018 11:48:25 PM) (Source: DCOM) (EventID: 10010) (User: BEATLES)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (07/12/2018 11:48:25 PM) (Source: DCOM) (EventID: 10010) (User: BEATLES)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (07/12/2018 11:48:21 PM) (Source: DCOM) (EventID: 10010) (User: BEATLES)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2015-02-02 09:49:52.792
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4BF9AF7B-A43D-4E64-B277-DEFB56CDC0E3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-02 08:06:18.260
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {16FD4F1F-550C-4A26-9400-0412629CFD5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 10:17:58.118
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {BADC4EF7-6BAD-444C-AB05-92085B6CF93D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 08:23:26.263
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {C9B87AF6-96B3-4644-9422-EB0CED28391C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-01-31 08:30:36.872
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4D8C80CB-F50C-47EE-94E8-DC02EC0EE056}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 05:57:28.954
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.844
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2015-01-30 05:22:07.607
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2018-07-13 19:34:10.858
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-13 19:15:21.126
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-13 19:11:23.541
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-07-12 22:23:46.255
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-12 20:22:40.235
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-12 19:45:59.783
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-12 19:15:52.392
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-07-12 19:09:38.482
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 46%
Total physical RAM: 3982.68 MB
Available physical RAM: 2117.28 MB
Total Virtual: 4686.68 MB
Available Virtual: 2337.41 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:136.95 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:7.45 GB) (Free:1.9 GB) FAT32
 
\\?\Volume{3e80ab0f-bf50-4f22-8c02-3c22ee1a6bb4}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS
\\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#84 RayS

RayS

  • Malware Study Hall Senior
  • 2,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:54 PM

Posted Yesterday, 05:37 PM

Hi Dan,

Thank you for the logs.

I noticed you have added some software and browser extensions that further complicate the cleaning process for your laptop. I'm referring to Ocam Video Screen Capture, Video DownloadHelper, Debut Video Capture, iSpring Solutions, freecam.exe, and apowersoft video download capture. As Gary said in his first post to you:

Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.

This laptop is still not fully cleaned. It's OK to run your usual programs like spreadsheets, word processors etc. It's OK to visit sites that don't require sensitive login credentials like BleepingComputer.com. I do ask you to refrain, however, from making any changes to your system. That includes installing software or browser extensions. Thank you.


The HandyAndy Android emulator was not added recently, but I do have questions about it. Did you install it intentionally? If so, do you want to keep it?


Run Farbar Recovery Scan Tool (FRST) in FIX mode


Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.

  • Double-click on FRST64.exe to open the Farbar Recovery Scan Tool window.
  • Select the entire contents of the following code box including the Start:: and End:: directives.
  • Now press Ctrl+C to copy the contents into your clipboard.
Start::

HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKLM\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+pillt.txt"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.html"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.png"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\StartupFolder: => "_RECOVERY_+vplym.txt"
2018-07-13 19:34 - 2018-07-13 19:34 - 000000792 _____ C:\Users\Dan\Desktop\StartupFolder.txt
2018-07-13 19:34 - 2018-07-13 19:34 - 000000741 _____ C:\Users\Dan\Desktop\Fixlog.txt
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)

End::
  •  Click the Fix button in the Farbar Recovery Scan Tool window.
  • Wait until the program completes execution.
  • The tool will create a log called Fixlog.txt. Please post it into your reply.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.


Manually remove Chrome extension

  • Type chrome://extensions in the address bar of the Chrome browser and press Enter.
  • Find the Chrome Media Router extension.
  • Click the trash can icon by the extension you'd like to remove.
  • A confirmation dialog appears, click Remove.
  • Close Chrome. The extension will be gone next time you launch Chrome.

 

In your next reply...

  • Please promise me you won't make any further changes on you own to your laptop.
  • Do you want to keep the HandyAndy Android emulator?
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Did you remove the Chrome Media Router extension from the browser?
  • Tell me how your laptop is running now.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#85 danban

danban
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:54 PM

Posted Yesterday, 07:38 PM

Hello Ray , 

It's Dan.

 

I persumed my computer was clear , sorry about that.

I won't download anymore untill you officially tell me so.

 

As for Chrome media router it's not in my Chrome exstensions , it's not listed.

 

I installed HandyAndy a while back , I need it to upload pics to Instagram from my laptop.

I have'nt used it in a while but will need it soon.  

I planning to upload a lot pics on a daily basis soon to my Instagram account ,

 

I did research and found a app and antoher way to upload pics and videos to Instagram

which run faster and easier but I have'nt downloaded the apps yet and will wait for you untill I do.

If they work better than HandyAndy then I will get rid of it in the future since it's very slow program in the first place.

 

I ran the Fabarr recorvery with the code you gave me

and here is the Fixlog Txt

 

C:\Users\Dan\Desktop\Fixlog.txt => moved successfully
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla) => Error: No automatic fix found for this entry.
 
==== End of Fixlog 20:24:23 ====


#86 RayS

RayS

  • Malware Study Hall Senior
  • 2,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:54 PM

Posted Yesterday, 08:51 PM

Hi Dan,

 

I ran the Fabarr recorvery with the code you gave me and here is the Fixlog Txt

That's not the entire log. Please copy and paste the entire contents of Fixlog.txt into the body of your message.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#87 danban

danban
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:08:54 PM

Posted Today, 07:50 PM

Hi Ray ,

It's Dan.

 

That's what it gave me.

 

I tried the Fabarr Fix again and it produced the same Txt , 

I even pressed CTRL+C to copy contents in clipboard again.

 

Here is the results again - 

 

C:\Users\Dan\Desktop\Fixlog.txt => moved successfully
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla) => Error: No automatic fix found for this entry.
 
==== End of Fixlog 20:48:07 ====





1 user(s) are reading this topic

1 members, 0 guests, 0 anonymous users


    jmatt