Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help , Need to get virus out my laptop


  • This topic is locked This topic is locked
137 replies to this topic

#121 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:01:59 PM

Posted 14 August 2018 - 06:57 PM

Hello Ray , 

This is Dan

 

I deleted the whole Adobe video folder since it was'nt needed.

I rememeber making this video  a long time ago and was getting error message saying that the folder file was to long.

I know the rest of my Adobe folders are not that long , that was the one exception.

 

I ran Fabarr Fix but not the other programs and TLPD tool knowing that I don't have long file folders.

 

Here's the Fixlog Txt - 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Dan (14-08-2018 18:45:30) Run:18
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: Del *vplym* /S /F /Q
 
*****************
 
 
========= Del *vplym* /S /F /Q =========
 
Could Not Find C:\Users\Dan\Desktop\*vplym*
 
========= End of CMD: =========
 
 
==== End of Fixlog 18:45:33 ====


BC AdBot (Login to Remove)

 


#122 RayS

RayS

  • Malware Response Team
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 15 August 2018 - 03:30 PM

Hi Dan,

 

I sent you the wrong script. Please run this one and send me the result. I apologize.

 

 

Run Farbar Recovery Scan Tool (FRST) in FIX mode

  • Double-click on FRST64.exe to open the Farbar Recovery Scan Tool window.
  • Select the entire contents of the following code box including the Start:: and End:: directives.
  • Now press Ctrl+C to copy the contents into your clipboard.
Start::

CMD: Del c:\*vplym* /S /F /Q

End::
  • Click the Fix button in the Farbar Recovery Scan Tool window.
  • Wait until the program completes execution.
  • The tool will create a log called Fixlog.txt. Please post it into your reply.

 

In your next reply...

  • Copy and paste the entire contents of Fixlog.txt into the body of your message.

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#123 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:01:59 PM

Posted 17 August 2018 - 06:55 PM

Hello Ray ,

This is Dan.

 

I ran the Fabarr FIX witht the script you gave me.

 

Here's the text log - 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Dan (16-08-2018 18:41:44) Run:19
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: Del c:\*vplym* /S /F /Q
 
*****************
 
 
========= Del c:\*vplym* /S /F /Q =========
 
Could Not Find c:\*vplym*
 
========= End of CMD: =========
 
 
==== End of Fixlog 18:52:41 ====


#124 RayS

RayS

  • Malware Response Team
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 17 August 2018 - 09:52 PM

Hi Dan,

 

Thank you for the log. We got the result we were looking for  --  no hits on the rogue string anywhere in your entire C drive.

I greatly appreciate the time and patience you devoted to cleaning your laptop.

I see no remaining evidence of infection on this computer, however, your laptop remains vulnerable because Microsoft's end of mainstream support for Windows 8.1 was on January 9, 2018. Extended support ends on January 10, 2023.

 

 

Uninstall the FRST tool
Note: Save your work and close other programs because FRST will reboot your computer.

  • Rename your copy of FRST64.exe to Uninstall.exe and double-click the renamed file. This will remove all files/folders created by FRST as well as the tool itself.
  • After you restart your computer, use Windows Explorer to delete any remaining tools and/or logs from your Desktop.


Here's some food for thought:


Guard against ransomware
A growing trend among cybercriminals is to encrypt all your data and then demand payment for the decryption key. For an example of one variety of ransomware, see the very comprehensive article, CryptoLocker Ransomware Information Guide and FAQ by Lawrence Abrams.


Manage your passwords
Use different passwords on each account. Install one of the password managers like LastPass (free or premium version) or KeePass Password Safe.


Backup your data
Make frequent backups of all your important files such as documents, spreadsheets, photos, business records, etc. Synchronized files are convenient, but are just as vulnerable as local files. Offline storage is best because malware can infect all machines in a network. Fire and theft can affect all devices in a single physical location. Consider cloud storage, but be sure to encrypt all sensitive traffic to and from the cloud and protect your files with strong passwords. Disconnect from your backup media except when you are actually storing or retrieving files.


Safety tips
Please also take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read: 



In addition, here are a few more links you might find of interest: 



Thank you for placing your trust in BleepingComputer. It was a pleasure serving you.

Please reply to this post to let us know we can close the topic.

Best regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#125 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:01:59 PM

Posted 20 August 2018 - 02:47 PM

Hello Ray , 

This is Dan.

 

I really apprecaite your help , your the best.

 

But before I uninstall Frst program I have one more thing to fix for me , 

I don't know if it's important or not and mayby should be left alone , 

 

But the first day I go the virus from the program which scanned my computer , 

I quickly shut down the computer.

 

The next time I turned on the computer , right from the very start when windows open

a long senetence comes on the black screen saying the scanning is 100 percent complete and the name of the virus program with some numbers and codes.

 

It's been on my laptop startup ever since to now.

It's annoying to see this everyday and hope that doe'snt mean some bit of the program is still on my computer , 

I'm not sure , your the expert , you let me know what you think and is there a way you can eliminate this start up screen sentence.

 

I can't take a snapshot pic of it to show you because it comes on at startup and goes away real fast when windows opens up.

 

Let me know , 

 

Best ,

Dan



#126 RayS

RayS

  • Malware Response Team
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 20 August 2018 - 07:32 PM

Hi Dan,

 

But the first day I go the virus from the program which scanned my computer , 

I quickly shut down the computer.

I'm not sure what you are saying. When did you first begin to see the message on the black screen? Was it present on June 1 when you obtained the first logs with FRST or did you first see it at some later point? If it was later, can you give me a date? What steps had we done just prior to seeing the message?

 

The next time I turned on the computer , right from the very start when windows open...

Are you saying you see the message even before you see the Windows logon screen or is it after you enter your password? Please tell me what you see when you power up the laptop. What is the sequence of screens you see?

 

a long senetence comes on the black screen saying the scanning is 100 percent complete and the name of the virus program with some numbers and codes.

Can you tell me the name of the "virus program"? If it goes by too quickly, maybe you can get someone to help you read it.

 

 

Do you have a digital camera (maybe on your cell phone)? If so, please take a snapshot and post it on ZippyShare. Send me the link to the photo. Practice with the camera to get a legible picture without glare. If it's hard to read, try to copy off the text from the message in the photo and type it into your reply.

 

After you start your laptop and before you open any other program, please launch FRST64.exe and scan your laptop. Send me the logs.

 

In your next reply...

  • Tell me the exact sequence of screens you see when you boot up.
  • When exactly does the message on black screen appear?
  • Send me the ZippyShare link to the photo.
  • If the photo is unclear, type as much text from the message as possible.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Are there any other outstanding issues which you haven't yet mentioned?

 

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#127 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:01:59 PM

Posted 20 August 2018 - 07:47 PM

Hi Ray , 

This is Dan.

 

The message appeared right away for the program that caused the virus in the first place when I shut down the computer

to stop it scanning. It was some scanning virus program that I did'nt ask for.

And the message has been appearing everyday till now everytime when I start up the computer , 

you know when you see the rolling balls animation at startup black screen ,

 

it appears before before I log in with password.

It's just one line of message on the bottom of the screen saying " The Scan has completed 100 percent and a long line of number and code.

 

I'll try to take a snapshot of it with my android camera , 

it flashes pretty quick so I hope I can get a snap of it then I'll send you the pic.

 

Besides that there are no there are no other issues with my laptop and it's running fine.

 

Will have the pic and info tomorrow.

 

Best ,

Dan


Edited by danban, 20 August 2018 - 07:48 PM.


#128 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:01:59 PM

Posted 21 August 2018 - 07:15 PM

Hello Ray ,

This is Dan.

 

I took the pic from my android of the scree start up

of the line of code , most of it you can read and it's on the bottom of the screen.

 

Here is the Zippyshare link of the pic.

 

 
I also did the scan with Fabarr , 
 
Here are the logs.
 
Here is the FRST txt - 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.08.2018 02
Ran by Dan (administrator) on BEATLES (21-08-2018 19:04:26)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(www.shadowexplorer.com) C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files\Gramblr\gramblr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(oh!soft) C:\Program Files (x86)\oCam\oCamTask.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-07-10] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca0a9-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe" 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MountPoints2: {536ca102-5ee7-11e8-8342-10c37bbb446b} - "D:\windows\AutoRun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-05-16]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{4BFECB1F-C4F4-478B-9423-CF38BB3D1339}: [DhcpNameServer] 167.206.112.3 167.206.112.4
Tcpip\..\Interfaces\{ADE3F806-57EF-4246-85D9-1A41A1425F70}: [DhcpNameServer] 208.67.222.222 208.67.220.220
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default [2018-07-31]
FF Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\abs@avira.com.xpi [2018-07-03]
FF Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\i1ijieam.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-07-12]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program File (x86) VLC Media Player VideoLan\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1066246007-1091995785-1061003623-1001: signiant.com/SigniantTransfer -> C:\Users\Dan\AppData\Roaming\SigniantInc\SigniantTransfer\5.4.4.71844\npSigniantTransfer.dll [2015-07-09] (Signiant Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default [2018-08-21]
CHR Extension: (Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]
CHR Extension: (The Flash Video Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2018-07-12]
CHR Extension: (Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]
CHR Extension: (Instagram tools) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apchgljmbdmgpelofkpfaghmjcgkcmmb [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (Audiotool) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2016-04-03]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-08-16]
CHR Extension: (APK Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2016-04-03]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-03]
CHR Extension: (Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-06-28]
CHR Extension: (Trevx - Music Downloader) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmaepaboafhefdejcbiciklgjogoghf [2016-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-01]
CHR Extension: (Video Converter) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-28]
CHR Extension: (Notifications for Instagram) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2018-08-20]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2018-08-08]
CHR Extension: (Adobe HDS / HLS Video Saver) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pibndofbpkoaipoidbkephfhhnapkccn [2018-06-28]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-10]
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-07-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-07-10] (COMODO)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [14291536 2018-08-21] () [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 sesvc; C:\Program File (x86) ShadowExplorer\ShadowExplorer\sesvc.exe [9216 2011-01-02] (www.shadowexplorer.com) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-07-10] (COMODO)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-06-09] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-21 19:04 - 2018-08-21 19:05 - 000017795 _____ C:\Users\Dan\Desktop\FRST.txt
2018-08-21 19:04 - 2018-08-21 19:04 - 000000000 ____D C:\Users\Dan\Desktop\FRST-OlderVersion
2018-08-20 23:32 - 2018-08-20 23:32 - 000000077 _____ C:\Users\Dan\AppData\Local\smplayerhdpi.ini
2018-08-07 19:52 - 2018-08-07 19:52 - 000007101 _____ C:\Users\Dan\AppData\Local\recently-used.xbel
2018-07-31 20:44 - 2018-07-31 20:44 - 000001409 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-07-31 20:44 - 2018-07-31 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-07-31 20:39 - 2018-07-31 20:44 - 000000000 ____D C:\Program File (x86) - RevoUninPro - Uninstaller program - 30 Day Free Trial - 5-15-2018 - 2 NEW
2018-07-28 18:16 - 2018-07-28 18:16 - 000100755 _____ C:\ProgramData\1532816062.bdinstall.bin
2018-07-28 18:14 - 2018-07-28 18:14 - 000037409 _____ C:\ProgramData\1532816050.bdinstall.bin
2018-07-22 18:32 - 2018-07-22 18:32 - 000000000 ____D C:\Users\Dan\AppData\Local\ESET
2018-07-22 18:22 - 2018-07-22 18:23 - 000000000 ____D C:\Program File (x86) ESET Online Scanner
2018-07-22 18:17 - 2018-07-22 18:17 - 000001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-22 18:17 - 2018-07-22 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-22 18:17 - 2018-07-22 18:17 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-22 18:17 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-07-22 18:06 - 2018-07-22 18:17 - 000000000 ____D C:\Program File (x86) Malwarebytes Anti-Malware - VER. 2-B2 NEW
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-21 19:06 - 2015-11-13 20:19 - 000000000 ____D C:\ProgramData\Gramblr
2018-08-21 19:04 - 2018-06-29 20:48 - 002413056 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2018-08-21 19:04 - 2016-03-03 14:05 - 000000000 ____D C:\FRST
2018-08-21 18:49 - 2014-03-18 05:47 - 001164886 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-21 18:49 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2018-08-21 18:29 - 2015-02-01 10:08 - 000000000 ____D C:\Users\Dan\AppData\Local\Adobe
2018-08-21 18:27 - 2018-06-28 21:24 - 000000074 _____ C:\Users\Dan\AppData\Roaming\sp_data.sys
2018-08-21 18:24 - 2015-02-09 00:09 - 000000000 __RDO C:\Users\Dan\OneDrive
2018-08-21 18:23 - 2015-11-13 20:19 - 000000000 ____D C:\Program Files\Gramblr
2018-08-21 18:23 - 2015-11-12 20:24 - 000000000 ____D C:\ProgramData\VMware
2018-08-21 18:22 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-20 23:37 - 2013-08-22 09:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-08-20 23:32 - 2016-06-12 19:00 - 000000000 ____D C:\Users\Dan\.smplayer
2018-08-20 23:25 - 2017-05-31 20:59 - 000000000 ____D C:\Users\Dan\dwhelper
2018-08-20 21:06 - 2018-01-12 20:56 - 000000000 ____D C:\Program File (x86) 4kVideodownloader - Ver 6
2018-08-20 18:49 - 2018-07-01 23:10 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-08-18 22:48 - 2015-02-03 07:57 - 000000000 ____D C:\Users\Dan\AppData\Local\ocenaudio
2018-08-16 18:53 - 2015-01-30 06:01 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1066246007-1091995785-1061003623-1001
2018-08-16 18:41 - 2015-11-26 13:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-15 23:23 - 2015-02-05 08:20 - 000000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2018-08-13 22:21 - 2016-08-26 20:21 - 000000000 ____D C:\Users\Dan\Documents\A - RESTORED FILES - DAN
2018-08-13 20:54 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2018-08-13 18:36 - 2016-04-26 11:01 - 000002298 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-08-12 19:55 - 2015-02-09 23:20 - 000000000 ____D C:\Users\Dan\AppData\Roaming\avidemux
2018-08-10 19:24 - 2013-08-22 11:36 - 000000000 ____D C:\PerfLogs
2018-08-09 23:43 - 2018-07-04 20:33 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-09 23:43 - 2018-07-04 20:33 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-08 19:34 - 2016-03-07 20:08 - 000000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2018-08-07 19:53 - 2015-02-04 11:43 - 000000000 ____D C:\Users\Dan\.gimp-2.8
2018-08-07 19:52 - 2016-07-10 13:03 - 000000000 ____D C:\Users\Dan\AppData\Local\gtk-2.0
2018-08-05 21:07 - 2016-07-18 13:30 - 000000000 ____D C:\Users\Dan\Desktop\Video & Various  Software Shortcuts
2018-07-31 20:49 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\ELAMBKUP
2018-07-31 20:46 - 2016-05-15 20:14 - 000000000 ____D C:\Program File (x86) - RevoUninPro - Uninstaller program - 30 Day Free Trial - 5-15-2016
2018-07-31 20:23 - 2015-02-01 08:46 - 000000000 ____D C:\Users\Dan\AppData\LocalLow\Temp
2018-07-29 11:47 - 2016-02-29 13:03 - 000000000 ____D C:\Program File (x86) BitDefender Antivirus
2018-07-24 20:51 - 2015-01-30 05:55 - 000000000 ____D C:\Users\Dan
2018-07-22 18:17 - 2015-02-11 19:28 - 000000000 ____D C:\ProgramData\Malwarebytes
 
==================== Files in the root of some directories =======
 
2018-07-08 20:39 - 2018-07-08 20:39 - 000000128 ____H () C:\Users\Dan\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2018-06-28 21:24 - 2018-08-21 18:27 - 000000074 _____ () C:\Users\Dan\AppData\Roaming\sp_data.sys
2015-02-02 09:28 - 2015-02-03 07:25 - 000000068 _____ () C:\Users\Dan\AppData\Roaming\WB.CFG
2015-04-29 13:39 - 2015-04-29 13:39 - 000200331 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS
2015-04-29 13:39 - 2015-04-29 13:39 - 000000290 _____ () C:\Users\Dan\AppData\Local\59ED2468_stp.CIS.part
2015-04-29 13:34 - 2015-04-29 13:34 - 000385602 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS
2015-04-29 13:34 - 2015-04-29 13:38 - 000000220 _____ () C:\Users\Dan\AppData\Local\5D515C96_stp.CIS.part
2015-04-29 13:39 - 2015-04-29 13:39 - 000146145 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS
2015-04-29 13:39 - 2015-04-29 13:39 - 000000274 _____ () C:\Users\Dan\AppData\Local\708F4E7A_stp.CIS.part
2015-09-05 13:42 - 2018-06-21 21:52 - 000017920 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-08-07 19:52 - 2018-08-07 19:52 - 000007101 _____ () C:\Users\Dan\AppData\Local\recently-used.xbel
2018-08-20 23:32 - 2018-08-20 23:32 - 000000077 _____ () C:\Users\Dan\AppData\Local\smplayerhdpi.ini
2018-03-22 21:50 - 2018-03-22 21:50 - 000000003 _____ () C:\Users\Dan\AppData\Local\wbem.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-12 18:17
 
==================== End of FRST.txt ============================


#129 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:01:59 PM

Posted 21 August 2018 - 07:16 PM

Here is the Addition Txt - 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.08.2018 02
Ran by Dan (21-08-2018 19:06:42)
Running from C:\Users\Dan\Desktop
Windows 8.1 Connected (Update) (X64) (2015-01-30 09:55:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1066246007-1091995785-1061003623-500 - Administrator - Disabled)
Dan (S-1-5-21-1066246007-1091995785-1061003623-1001 - Administrator - Enabled) => C:\Users\Dan
Guest (S-1-5-21-1066246007-1091995785-1061003623-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Video Downloader 4.4 (HKLM-x32\...\{CAB406EC-AF92-417D-9BBB-B2ECE1BC7BA6}) (Version: 4.4.2.2255 - Open Media LLC)
7-Zip (HKLM\...\{F43D5365-6E1C-4A2B-BE51-E16D9554FB1D}) (Version: 9.2.0 - 7-Zip) Hidden
7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe After Effects CC 2015.3 (HKLM-x32\...\AEFT_13_8_0) (Version: 13.8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_3_0) (Version: 10.3.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aeon (HKLM-x32\...\Aeon) (Version: 3.7.4 - SoundSpectrum)
Andy OS (HKLM\...\Andy OS) (Version: 0.45.5.0 - Andy OS, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian Director (HKLM-x32\...\Applian Director3.01) (Version: 3.01 - Applian Technologies Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
AVS Audio Converter 8.1.1 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.1.1.549 - Online Media Technologies Ltd.)
AVS Audio Editor 8.1.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.1.1.506 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2.5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.5.536 - Online Media Technologies Ltd.)
AVS Document Converter 3.0.2 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.2.238 - Online Media Technologies Ltd.)
AVS Image Converter 4.0.2 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.2.281 - Online Media Technologies Ltd.)
AVS Media Player 4.3.1 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.1.114 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.4 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.4.148 - Online Media Technologies Ltd.)
AVS Registry Cleaner 3.0.3 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 3.0.3.272 - Online Media Technologies Ltd.)
AVS Video Converter 9.2.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.2.1.579 - Online Media Technologies Ltd.)
AVS Video Editor 7.2.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.2.1.269 - Online Media Technologies Ltd.)
AVS Video ReMaker 5.0.2 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 5.0.2.175 - Online Media Technologies Ltd.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1036 - Bandisoft.com)
Bandicut (HKLM-x32\...\Bandicut) (Version: 1.2.7.132 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Beta Bugs FloFi VST (HKLM-x32\...\FloFi) (Version: "1.1.0" - "BetaBugs")
Beta Bugs Moneo VST (HKLM-x32\...\Moneo) (Version: "1.0.0" - "BetaBugs")
Beta Bugs WideBug VST (HKLM-x32\...\WideBug) (Version: "1.0.0" - "BetaBugs")
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
COMODO Firewall (HKLM\...\{1EBC6C6F-7D31-4897-B241-DC7052F3E7A5}) (Version: 8.2.0.5027 - COMODO Security Solutions Inc.)
CrazyTalk Animator v2.0 Pipeline (HKLM-x32\...\{7127D4CC-78E6-41E3-8BCB-A50ED34846E2}) (Version: 2.0.1214.1 - Reallusion Inc.)
CrazyTalk v7.32 Standard (HKLM-x32\...\{27C4EA98-84A3-4CDF-A436-F984A0283357}) (Version: 7.32.3114.1 - Reallusion Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DaVinci Resolve (HKLM\...\{9B4515CC-A703-49D2-85E6-5348CA30534D}) (Version: 12.5.0032 - Blackmagic Design)
DS-MP3 Source 1.30 (HKLM-x32\...\DS-MP3 Source) (Version:  - )
Eusing Free MP3 Cutter (HKLM-x32\...\Eusing Free MP3 Cutter) (Version:  - )
FaceGen Artist Demo (HKLM-x32\...\{280BB5D8-30DC-4D62-B4D5-A3C19BB30479}) (Version: 1.10.0.0 - Singular Inversions Inc.)
FaceGen Artist Pro (HKLM-x32\...\{F6F73B62-D4E0-46B0-BD1C-3F4F55B107D8}) (Version: 1.10.0.0 - Singular Inversions Inc.)
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.6.9 - Hotger)
Gadwin PrintScreen (64-Bit) (HKLM\...\{819A52E1-0929-469A-BEB6-1AEBE0873CFC}) (Version: 5.4.2.0 - Gadwin Systems)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.146 - Gramblr Team)
GROOVE 5.6.3 Pro Edition (HKLM\...\{21D8E7FE-7FE7-46B3-B578-22E1ABC5E407}) (Version: 5.6.3 - Gemini)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
ISSE version 0.2.0 (HKLM\...\{9330BAEC-6E26-4C5B-93A1-8BDD9ACF231B}_is1) (Version: 0.2.0 - CCRMA, Stanford University)
ivsEdits Free Edition (HKLM-x32\...\ivsEdits Free Edition) (Version:  - )
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KRISTAL Audio Engine (HKLM-x32\...\KRISTAL Audio Engine) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.4 - LUXONIX)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Massey Plugins Demos [Remove only] (HKLM-x32\...\Massey Plugins Demos) (Version:  - )
MediaShuttlePlugin-v5.4 (HKLM-x32\...\{BA567CFA-F158-44C3-AA40-1773478BD477}) (Version: 5.4.4.71844 - Signiant Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version:  - )
Muvizu:Play - Heroes and villains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroesAndVillains) (Version:  - Digimania Ltd)
Muvizu:Play - Heroes and villains Lairs (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuHeroAndVillainLairs) (Version:  - Digimania Ltd)
Muvizu:Play - Lighting Presets (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuLightingPresets) (Version:  - Digimania Ltd)
Muvizu:Play - Mandy Content (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuMandyContentPack) (Version:  - Digimania Ltd)
Muvizu:Play - Prisons (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuPrisons) (Version:  - Digimania Ltd)
Muvizu:Play - Rosie (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuRosie) (Version:  - Digimania Ltd)
Muvizu:Play - Trains (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\MuvizuTrains) (Version:  - Digimania Ltd)
Muvizu:Play (HKLM-x32\...\Muvizu) (Version: 2015.08.20.01R - Digimania Ltd)
oCam version 428.0 (HKLM-x32\...\oCam_is1) (Version: 428.0 - hxxp://ohsoft.net/)
ocenaudio (HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\ocenaudio) (Version: 2.0.14 - ocenaudio Team)
PitchWorks remove (HKLM-x32\...\PitchWorks DX) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian Technologies Inc.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
ShapeShop B5 (HKLM-x32\...\ShapeShop) (Version:  - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SMPlayer 16.6.0 (HKLM-x32\...\SMPlayer) (Version: 16.6.0 - Ricardo Villalba)
Softube Plug-Ins (VST AAX 32-bit) (HKLM-x32\...\Softube Plug-Ins (VST AAX 32-bit)) (Version: 2.2.91 - Softube AB)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 1.0.2 - )
Total Recorder 8.5 Standard Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
Tupi version 0.2-4 (HKLM-x32\...\Tupi_is1) (Version: 0.2-4 - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Virtual Magnifying Glass v3.6 (HKLM-x32\...\Virtual Magnifying Glass_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Player (HKLM\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 6.0.7 - VMware, Inc.) Hidden
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.13.7.62285 - VMware, Inc.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 5.0.5 - SoundSpectrum)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.5.18 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
WonderFox DVD Ripper Speedy 8.1 (HKLM-x32\...\WonderFox DVD Ripper Speedy) (Version: 8.1 - WonderFox Soft, Inc.)
WonderFox DVD Video Converter 10.0 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 10.0 - WonderFox Soft, Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers1-x32: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers1-x32: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2015-04-06] (Online Media Technologies Ltd.)
ContextMenuHandlers1-x32: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-06-24] (VMware, Inc.)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-13] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2016-07-10] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program File (x86) - RevoUninPro - Uninstaller program - 30 Day Free Trial - 5-15-2016\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program File (x86) WinRar - Extract ISO & Rar Files\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1066246007-1091995785-1061003623-1001: [SysMenuExt] -> {020B1D4B-5738-4C77-9E19-4F173DD9B486} => C:\Program Files\Common Files\System\SysMenu64.dll -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0871BC7F-DE9B-4C30-A460-54D7FCC6F3C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {0B68F930-F054-44FD-8480-C9B2E8CE6446} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {13F4F7F9-754A-479C-95B7-2668E5195C53} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [Argument = -check]
Task: {2283DE1E-0461-4B5C-93B8-792D6C6384D6} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {26859B29-C5AD-4C9A-BE79-B456B8D0FA32} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {2BD7BF5D-C4CF-4669-A2BC-FD410979401B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [Argument = -critical]
Task: {39FEF968-A8FF-4F5C-9196-0E7AA2353384} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {448B478E-E846-4768-AB46-43E9DE356AD1} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-danbanic1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {4C290D38-8E4F-4E0C-8A57-748C6445EFF3} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {4D574819-623E-459C-ADAA-ABE4DA8328F0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)
Task: {547698E5-4F4A-441A-BB7D-0BCEAA6F0593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {59E33C91-940C-4B1B-8875-D56CF8C1F9EA} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {714F0317-7FFD-4AE3-AC9A-11F2B0BADC87} - System32\Tasks\oCamTask => C:\Program Files (x86)\oCam\oCamTask.exe [2017-11-20] (oh!soft)
Task: {73A5F5CB-0B75-4158-B3D5-60B79A55381B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {7A810030-3719-44B1-86D4-C623F0136B7E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {885E1D98-007F-4A6C-9B21-CB66F24620E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {985790D0-EF1D-4BF1-96BA-E15830E37E2E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {9C0EB61C-E232-4548-847B-0FBE48C483F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {9E90D4EA-24E8-466B-AEE7-2D93FD4EFF51} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {B489F90E-C13F-4994-9853-8778C8E31344} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {B555837A-F36E-4453-A0C0-E1982D23AE8A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {B68434B3-38F7-4E31-9788-A98D73098673} - System32\Tasks\{CF06CADB-185A-4E37-941E-EF8A74A640B8} => C:\Windows\system32\pcalua.exe -a "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "E:\Free Software Programs\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {BCE45004-B0FC-4F7C-9E96-2E7DBD2AE33E} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-danbanic1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {C0EA6C51-0D21-4C1C-9AD2-4B14A9002B63} - System32\Tasks\{7AABF775-AB66-4734-B6C6-CD26D49E39AF} => C:\Windows\system32\pcalua.exe -a "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP\Chopper.exe" -d "C:\Program File (x86) Chopper XP DVD VOP Video Cutter\Chopper XP"
Task: {C2E59037-9F26-40BC-B416-8F2A7E22E244} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {EB9B2DA6-E063-4F2A-A690-9A70E1E8FBE9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-31] (Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Dan\Desktop\SoftTeddy 3D - run.bat - Shortcut.lnk -> C:\Program File (x86) SmoothTeddy 3D - Simple 3D Program\SmoothTeddy\run.bat ()
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\ShapeShop3d.com.lnk -> hxxp://www.shapeshop3d.com
Shortcut: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShapeShop\Tutorial Videos At Vimeo.lnk -> hxxp://www.vimeo.com/shapesho
 
ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a06339e9776d4569\Instagram for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> " --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-02 09:23 - 2011-02-28 18:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2017-08-11 19:17 - 2018-08-21 18:23 - 014291536 _____ () C:\Program Files\Gramblr\gramblr.exe
2016-05-22 19:33 - 2016-05-22 19:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-22 19:32 - 2016-05-22 19:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-02-24 06:59 - 2014-02-24 06:59 - 000109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2012-03-07 22:27 - 2012-03-07 22:27 - 000016384 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ACVsWin.dll
2015-06-24 15:28 - 2015-06-24 15:28 - 001301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 000162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 000037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-08-24 08:45 - 2016-08-24 08:45 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 00:10 - 2016-06-08 00:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 08:24 - 2016-08-24 08:24 - 000098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Dan\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Dan\Downloads\Anti-CryptorBitV2.zip:BDU [1]
AlternateDataStreams: C:\Users\Dan\AppData\Roaming:iSpring Solutions [128]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\groovesquid.com -> hxxps://groovesquid.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\instagram.com -> hxxps://instagram.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mediashuttle.com -> hxxps://media-shuttle-free-trial-portal.mediashuttle.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\mycloud.com -> hxxps://idp.mycloud.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\spotify.com -> hxxps://www.spotify.com
IE trusted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\winamp.com -> hxxps://www.winamp.com
IE restricted site: HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\doubleclick.net -> hxxps://doubleclick.net
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2018-03-22 21:51 - 000001330 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "ChocolateBar Sidebar"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "xdm"
HKU\S-1-5-21-1066246007-1091995785-1061003623-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4FE7073A-872B-41C2-BC9A-940A9B7DD046}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5E53A359-8F1D-43B7-9FDA-A80A116B4F02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{229E4125-67BF-47C7-A93C-B40E9D541602}C:\program file (x86) apowersoft video download capture\video download capture\video download capture.exe] => (Block) C:\program file (x86) apowersoft video download capture\video download capture\video download capture.exe
FirewallRules: [UDP Query User{73A29578-60CF-49B5-A2C9-3784318DC5F4}C:\program file (x86) apowersoft video download capture\video download capture\video download capture.exe] => (Block) C:\program file (x86) apowersoft video download capture\video download capture\video download capture.exe
FirewallRules: [{086B29CE-5670-43BA-8D72-BA49FD1A4EF8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{01DFF37F-607E-4625-AF68-8D988DE3A5A3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3F0FABC3-C147-4785-B14D-4522F430DB4A}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe
FirewallRules: [{6EFB8966-E1A0-4A90-B59D-B1C051AFBEA2}] => (Block) %SystemDrive%\Program File (x86) CrazyTalk Animator 2 Pipeline 8.03.1620.1 + Crack [SadeemPC]\CrazyTalk Animator 2\CrazyTalk Animator 2\CrazyTalkAnimator.exe
FirewallRules: [{74A1EAB9-3BFA-4A1A-BB4F-A18E45053C56}] => (Block) %ProgramFiles% (x86)\Common Files\Reallusion\LiveUpdate\RLLiveUpdate.exe
FirewallRules: [{91A185F6-DD36-4943-8F11-A277721C555C}] => (Block) %ProgramFiles% (x86)\Common Files\Reallusion\LiveUpdate\RLLiveUpdate.exe
FirewallRules: [{F9ABC07D-3909-40E8-9AB8-95FCF50F1698}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
02-08-2018 19:37:48 Restore Point Created by FRST
10-08-2018 18:49:21 Scheduled Checkpoint
17-08-2018 19:28:25 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/21/2018 06:58:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 188
 
Start Time: 01d439a1ae112118
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: a20f281d-a595-11e8-83c7-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (08/20/2018 10:58:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3d0
 
Start Time: 01d438fa1af259a4
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 0ef829bb-a4ee-11e8-83c6-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (08/20/2018 09:58:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11e8
 
Start Time: 01d438f1b92877f8
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: adc2e2c2-a4e5-11e8-83c6-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (08/20/2018 08:58:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 300
 
Start Time: 01d438e957a5a056
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 4c76141d-a4dd-11e8-83c6-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (08/20/2018 07:55:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 111c
 
Start Time: 01d438e09d52972c
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 91ae7265-a4d4-11e8-83c6-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (08/20/2018 06:58:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1268
 
Start Time: 01d438d895928126
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 89ed2365-a4cc-11e8-83c6-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (08/19/2018 10:56:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1990
 
Start Time: 01d43830a4bf0822
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 9a772bad-a424-11e8-83c5-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
Error: (08/19/2018 09:56:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d30
 
Start Time: 01d4382842f7cfe6
 
Termination Time: 4294967295
 
Application Path: C:\Windows\system32\backgroundTaskHost.exe
 
Report Id: 375670fa-a41c-11e8-83c5-10c37bbb446b
 
Faulting package full name: 21388TileBitStudio.Milligram_1.0.0.19_x64__sgmx6c2dyqt44
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (08/21/2018 06:25:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/21/2018 06:23:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
%%1008 = An attempt was made to reference a token that does not exist.
 
Error: (08/21/2018 06:23:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (08/21/2018 06:22:52 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (08/20/2018 11:36:46 PM) (Source: DCOM) (EventID: 10010) (User: BEATLES)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (08/20/2018 11:36:46 PM) (Source: DCOM) (EventID: 10010) (User: BEATLES)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (08/20/2018 06:40:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
Error: (08/20/2018 06:38:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
%%1008 = An attempt was made to reference a token that does not exist.
 
 
Windows Defender:
===================================
Date: 2015-02-02 09:49:52.792
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4BF9AF7B-A43D-4E64-B277-DEFB56CDC0E3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-02 08:06:18.260
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {16FD4F1F-550C-4A26-9400-0412629CFD5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 10:17:58.118
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {BADC4EF7-6BAD-444C-AB05-92085B6CF93D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 08:23:26.263
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {C9B87AF6-96B3-4644-9422-EB0CED28391C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-01-31 08:30:36.872
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4D8C80CB-F50C-47EE-94E8-DC02EC0EE056}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-02-01 05:57:28.954
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.938
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-02-01 05:57:28.844
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.167.387.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.10302.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2015-01-30 05:22:07.607
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 110.6.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.10302.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2018-08-21 19:04:08.104
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-08-21 18:52:24.803
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-08-21 18:29:56.461
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-08-21 18:23:16.751
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-08-20 23:16:51.729
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-08-20 21:08:18.237
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-08-20 20:49:59.667
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-08-20 20:29:29.114
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 45%
Total physical RAM: 3982.68 MB
Available physical RAM: 2169.55 MB
Total Virtual: 5262.68 MB
Available Virtual: 2958.76 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:121.68 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:311.54 GB) NTFS
 
\\?\Volume{3e80ab0f-bf50-4f22-8c02-3c22ee1a6bb4}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS
\\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2}\ () (Fixed) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 2E58F52C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#130 RayS

RayS

  • Malware Response Team
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 23 August 2018 - 07:45 AM

Hi Dan,

Thank you for the photo. The message in the photo is the result of the automatic running of the CHKDSK utility on a small partition with no drive letter on your hard disk. I'd like to examine your disk structure with the ListParts tool by Farbar.

Scan with ListParts by Farbar

  • Download ListParts64.exe to your desktop.
  • Right-click on ListParts64.exe and select Run as administrator.
  • In the ListParts by Farbar window, add a checkmark to List BCD and click Scan.
  • Result.txt will be saved to your desktop.

 

In your next reply...

  • Copy and paste the contents of Result.txt into the body of your message.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#131 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:01:59 PM

Posted 27 August 2018 - 05:49 PM

Hello Ray , 

This is Dan.

 

The Wi-Fi here has been on the blink for a few days so that's why I took so long.

It has nothing to do with the computer it's just they are fixing it at the place I'm at.

It still goes on the blink every now and then so if there is delay with me with future posts it's because of that.

 

I downloaded the LIstParts and ran the scan.

 

Here's the Result Txt - 

 

ListParts by Farbar Version: 31-07-2014
Ran by Dan (administrator) on 27-08-2018 at 18:37:06
WIN_81 (X64)
Running From: C:\Users\Dan\Desktop
Language: English (United States)
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 46%
Total physical RAM: 3982.68 MB
Available physical RAM: 2148.29 MB
Total Pagefile: 5454.68 MB
Available Pagefile: 3150.37 MB
Total Virtual: 131072 MB
Available Virtual: 131071.89 MB
 
======================= Partitions =========================
 
1 Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:118.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:307.73 GB) NTFS
 
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B        *
  Disk 1    Online          931 GB      0 B         
 
Partitions of Disk 0:
===============
 
 
Disk ID: {D249AB9A-2FAE-4930-B982-8AE340DAB7E1}
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    System (partition with boot components)             100 MB  1024 KB
  Partition 2    Recovery           900 MB   101 MB
  Partition 3    Reserved           128 MB  1001 MB
  Partition 4    Primary            444 GB  1129 MB
  Partition 5    Recovery            20 GB   445 GB
 
======================================================================================================
 
Disk: 0
Partition 1
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         SYSTEM       FAT32  Partition    100 MB  Healthy    System (partition with boot components)  
 
======================================================================================================
 
Disk: 0
Partition 2
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         Recovery     NTFS   Partition    900 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 3
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 0
Partition 4
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   OS           NTFS   Partition    444 GB  Healthy    Boot    
 
======================================================================================================
 
Disk: 0
Partition 5
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4                      RAW    Partition     20 GB  Healthy    Hidden  
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
 
Disk ID: 2E58F52C
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            931 GB  1024 KB
 
======================================================================================================
 
Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     D   Seagate Exp  NTFS   Partition    931 GB  Healthy            
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 3F7852A4
 
Partition : GPT Partition Type
==============================
Partitions of Disk 1:
===============
Disk ID: 2E58F52C
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {a718b037-aafb-11e4-8cc1-806e6f6e6963}
                        {fea09d55-78dc-11e8-8374-806e6f6e6963}
                        {fea09d56-78dc-11e8-8374-806e6f6e6963}
                        {fea09d57-78dc-11e8-8374-806e6f6e6963}
timeout                 2
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {597179ad-f108-11e3-94bf-8bc9c843803d}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {a718b037-aafb-11e4-8cc1-806e6f6e6963}
description             CD/DVD Drive 
 
Firmware Application (101fffff)
-------------------------------
identifier              {fea09d55-78dc-11e8-8374-806e6f6e6963}
description             UEFI:CD/DVD Drive
 
Firmware Application (101fffff)
-------------------------------
identifier              {fea09d56-78dc-11e8-8374-806e6f6e6963}
description             UEFI:Removable Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {fea09d57-78dc-11e8-8374-806e6f6e6963}
description             UEFI:Network Device
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 8.1
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {597179af-f108-11e3-94bf-8bc9c843803d}
integrityservices       Enable
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {597179ad-f108-11e3-94bf-8bc9c843803d}
nx                      OptIn
bootmenupolicy          Standard
bootstatuspolicy        DisplayAllFailures
 
Windows Boot Loader
-------------------
identifier              {597179af-f108-11e3-94bf-8bc9c843803d}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{597179b0-f108-11e3-94bf-8bc9c843803d}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{597179b0-f108-11e3-94bf-8bc9c843803d}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {597179b1-f108-11e3-94bf-8bc9c843803d}
device                  ramdisk=[\Device\HarddiskVolume2]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.efi
description             WinPE
osdevice                ramdisk=[\Device\HarddiskVolume2]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {597179ad-f108-11e3-94bf-8bc9c843803d}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {597179af-f108-11e3-94bf-8bc9c843803d}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {597179b0-f108-11e3-94bf-8bc9c843803d}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \boot\boot.sdi
 
 
****** End Of Log ****** 


#132 RayS

RayS

  • Malware Response Team
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 30 August 2018 - 10:00 PM

Hi Dan,

Thank you for the log from ListParts.

Run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer. 
  • Double-click on FRST64.exe to open the Farbar Recovery Scan Tool window.
  • Select the entire contents of the following code box including the Start:: and End:: directives.
  • Now press Ctrl+C to copy the contents into your clipboard.
Start::

CMD: echo y|chkdsk /r \\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2}
CMD: Mountvol

End::
  • Click the Fix button in the Farbar Recovery Scan Tool window.
  • Wait until the program completes execution.
  • The tool will create a log called Fixlog.txt. Please post it into your reply.


This fix should condition the CHKDSK utility to make one final run. Please send me the log and then reboot your laptop and tell me whether you see the "Scanning and Repairing" message again after the reboot.

Please note that this isn't the end of the story. Your machine will still have an issue I will address after I see the log from this fix.

In your next reply...
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Tell me whether you see the "Scanning and Repairing" or any other message after the reboot.

Thank you,

Ray

 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#133 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:01:59 PM

Posted 04 September 2018 - 07:03 PM

Hello ray ,

This is Dan.

 

I ran the fix in Farbarr , 

 

Here's the txt log - 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.08.2018 02
Ran by Dan (04-09-2018 19:50:22) Run:20
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: echo y|chkdsk /r \\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2}
CMD: Mountvol
 
*****************
 
 
========= echo y|chkdsk /r \\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2} =========
 
The type of the file system is NTFS.
The first NTFS boot sector is unreadable or corrupt.
Reading second NTFS boot sector instead.
Volume label is Restore.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 256 done; Stage:  0%; Total:  0%; ETA:   5:41:32    
Progress: 256 of 256 done; Stage: 100%; Total:  0%; ETA:   5:41:32 .  
                                                                                       
                                                                                       
  256 file records processed.                                                        
 
File verification completed.
Progress: 0 of 0 done; Stage: 99%; Total:  0%; ETA:   5:41:30 .. 
                                                                                       
                                                                                       
  0 large file records processed.                                   
 
Progress: 0 of 0 done; Stage: 99%; Total:  0%; ETA:   5:41:28 ...
                                                                                       
                                                                                       
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
Progress: 280 of 280 done; Stage: 100%; Total:  0%; ETA:   5:41:00    
                                                                                       
                                                                                       
  280 index entries processed.                                                       
 
Index verification completed.
Progress: 0 of 0 done; Stage: 99%; Total:  0%; ETA:   5:41:00 .  
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        
 
Progress: 0 of 0 done; Stage: 99%; Total:  0%; ETA:   5:41:00 .. 
                                                                                       
                                                                                       
  0 unindexed files recovered.                                      
 
 
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Progress: 0 of 0 done; Stage: 100%; Total:  0%; ETA:   5:41:00 ...
                                                                                       
                                                                                       
  12 data files processed.                                           
 
 
Stage 4: Looking for bad clusters in user file data ...
Progress: 21 of 240 done; Stage:  8%; Total: 42%; ETA:   5:19:55    
Progress: 26 of 240 done; Stage: 10%; Total: 43%; ETA:   3:52:56 .  
Progress: 240 of 240 done; Stage: 100%; Total: 43%; ETA:   3:25:16 .. 
                                                                                       
                                                                                       
  240 files processed.                                                               
 
File data verification completed.
 
Stage 5: Looking for bad, free clusters ...
Progress: 2000 of 2947543 done; Stage:  0%; Total: 43%; ETA:   2:49:55 ...
Progress: 9000 of 2947543 done; Stage:  0%; Total: 43%; ETA:   1:49:45    
Progress: 16000 of 2947543 done; Stage:  0%; Total: 44%; ETA:   1:11:27 .  
Progress: 20000 of 2947543 done; Stage:  0%; Total: 44%; ETA:   0:56:12 .. 
Progress: 27000 of 2947543 done; Stage:  0%; Total: 44%; ETA:   0:37:22 ...
Progress: 34000 of 2947543 done; Stage:  1%; Total: 44%; ETA:   0:25:22    
Progress: 42000 of 2947543 done; Stage:  1%; Total: 44%; ETA:   0:16:53 .  
Progress: 49000 of 2947543 done; Stage:  1%; Total: 44%; ETA:   0:12:20 .. 
Progress: 55200 of 2947543 done; Stage:  1%; Total: 44%; ETA:   0:09:25 ...
Progress: 62200 of 2947543 done; Stage:  2%; Total: 44%; ETA:   0:07:34    
Progress: 69200 of 2947543 done; Stage:  2%; Total: 45%; ETA:   0:06:23 .  
Progress: 75200 of 2947543 done; Stage:  2%; Total: 45%; ETA:   0:05:43 .. 
Progress: 82200 of 2947543 done; Stage:  2%; Total: 45%; ETA:   0:05:11 ...
Progress: 87200 of 2947543 done; Stage:  2%; Total: 45%; ETA:   0:04:56    
Progress: 93200 of 2947543 done; Stage:  3%; Total: 45%; ETA:   0:04:43 .  
Progress: 98200 of 2947543 done; Stage:  3%; Total: 45%; ETA:   0:04:35 .. 
Progress: 106200 of 2947543 done; Stage:  3%; Total: 45%; ETA:   0:04:27 ...
Progress: 112200 of 2947543 done; Stage:  3%; Total: 45%; ETA:   0:04:23    
Progress: 116200 of 2947543 done; Stage:  3%; Total: 45%; ETA:   0:04:20 .  
Progress: 122565 of 2947543 done; Stage:  4%; Total: 46%; ETA:   0:04:18 .. 
Progress: 129565 of 2947543 done; Stage:  4%; Total: 46%; ETA:   0:04:16 ...
Progress: 136565 of 2947543 done; Stage:  4%; Total: 46%; ETA:   0:04:14    
Progress: 141565 of 2947543 done; Stage:  4%; Total: 46%; ETA:   0:04:13 .  
Progress: 149565 of 2947543 done; Stage:  5%; Total: 46%; ETA:   0:04:12 .. 
Progress: 154565 of 2947543 done; Stage:  5%; Total: 46%; ETA:   0:04:11 ...
Progress: 161565 of 2947543 done; Stage:  5%; Total: 46%; ETA:   0:04:10    
Progress: 168565 of 2947543 done; Stage:  5%; Total: 46%; ETA:   0:04:10 .  
Progress: 175565 of 2947543 done; Stage:  5%; Total: 47%; ETA:   0:04:09 .. 
Progress: 182565 of 2947543 done; Stage:  6%; Total: 47%; ETA:   0:04:08 ...
Progress: 190565 of 2947543 done; Stage:  6%; Total: 47%; ETA:   0:04:07    
Progress: 197565 of 2947543 done; Stage:  6%; Total: 47%; ETA:   0:04:06 .  
Progress: 205565 of 2947543 done; Stage:  6%; Total: 47%; ETA:   0:04:05 .. 
Progress: 212565 of 2947543 done; Stage:  7%; Total: 47%; ETA:   0:04:05 ...
Progress: 216565 of 2947543 done; Stage:  7%; Total: 47%; ETA:   0:04:04    
Progress: 223565 of 2947543 done; Stage:  7%; Total: 47%; ETA:   0:04:03 .  
Progress: 227565 of 2947543 done; Stage:  7%; Total: 48%; ETA:   0:04:03 .. 
Progress: 235565 of 2947543 done; Stage:  7%; Total: 48%; ETA:   0:04:02 ...
Progress: 242565 of 2947543 done; Stage:  8%; Total: 48%; ETA:   0:04:02    
Progress: 250565 of 2947543 done; Stage:  8%; Total: 48%; ETA:   0:04:01 .  
Progress: 257565 of 2947543 done; Stage:  8%; Total: 48%; ETA:   0:04:00 .. 
Progress: 264565 of 2947543 done; Stage:  8%; Total: 48%; ETA:   0:03:59 ...
Progress: 272565 of 2947543 done; Stage:  9%; Total: 48%; ETA:   0:03:58    
Progress: 279565 of 2947543 done; Stage:  9%; Total: 49%; ETA:   0:03:58 .  
Progress: 285565 of 2947543 done; Stage:  9%; Total: 49%; ETA:   0:03:57 .. 
Progress: 290565 of 2947543 done; Stage:  9%; Total: 49%; ETA:   0:03:56 ...
Progress: 294603 of 2947543 done; Stage:  9%; Total: 49%; ETA:   0:03:56    
Progress: 300603 of 2947543 done; Stage: 10%; Total: 49%; ETA:   0:03:56 .  
Progress: 307603 of 2947543 done; Stage: 10%; Total: 49%; ETA:   0:03:55 .. 
Progress: 314603 of 2947543 done; Stage: 10%; Total: 49%; ETA:   0:03:54 ...
Progress: 321255 of 2947543 done; Stage: 10%; Total: 49%; ETA:   0:03:53    
Progress: 328255 of 2947543 done; Stage: 11%; Total: 49%; ETA:   0:03:53 .  
Progress: 335255 of 2947543 done; Stage: 11%; Total: 50%; ETA:   0:03:52 .. 
Progress: 342255 of 2947543 done; Stage: 11%; Total: 50%; ETA:   0:03:51 ...
Progress: 350255 of 2947543 done; Stage: 11%; Total: 50%; ETA:   0:03:50    
Progress: 357255 of 2947543 done; Stage: 12%; Total: 50%; ETA:   0:03:50 .  
Progress: 362255 of 2947543 done; Stage: 12%; Total: 50%; ETA:   0:03:49 .. 
Progress: 369255 of 2947543 done; Stage: 12%; Total: 50%; ETA:   0:03:48 ...
Progress: 376255 of 2947543 done; Stage: 12%; Total: 50%; ETA:   0:03:48    
Progress: 383255 of 2947543 done; Stage: 13%; Total: 51%; ETA:   0:03:47 .  
Progress: 390255 of 2947543 done; Stage: 13%; Total: 51%; ETA:   0:03:46 .. 
Progress: 398255 of 2947543 done; Stage: 13%; Total: 51%; ETA:   0:03:46 ...
Progress: 405255 of 2947543 done; Stage: 13%; Total: 51%; ETA:   0:03:45    
Progress: 412255 of 2947543 done; Stage: 13%; Total: 51%; ETA:   0:03:44 .  
Progress: 419255 of 2947543 done; Stage: 14%; Total: 51%; ETA:   0:03:43 .. 
Progress: 426255 of 2947543 done; Stage: 14%; Total: 51%; ETA:   0:03:43 ...
Progress: 433255 of 2947543 done; Stage: 14%; Total: 51%; ETA:   0:03:42    
Progress: 438255 of 2947543 done; Stage: 14%; Total: 52%; ETA:   0:03:41 .  
Progress: 445255 of 2947543 done; Stage: 15%; Total: 52%; ETA:   0:03:41 .. 
Progress: 452255 of 2947543 done; Stage: 15%; Total: 52%; ETA:   0:03:40 ...
Progress: 459255 of 2947543 done; Stage: 15%; Total: 52%; ETA:   0:03:39    
Progress: 466255 of 2947543 done; Stage: 15%; Total: 52%; ETA:   0:03:38 .  
Progress: 474255 of 2947543 done; Stage: 16%; Total: 52%; ETA:   0:03:38 .. 
Progress: 481255 of 2947543 done; Stage: 16%; Total: 52%; ETA:   0:03:37 ...
Progress: 487255 of 2947543 done; Stage: 16%; Total: 53%; ETA:   0:03:36    
Progress: 494255 of 2947543 done; Stage: 16%; Total: 53%; ETA:   0:03:36 .  
Progress: 499255 of 2947543 done; Stage: 16%; Total: 53%; ETA:   0:03:35 .. 
Progress: 506255 of 2947543 done; Stage: 17%; Total: 53%; ETA:   0:03:35 ...
Progress: 511255 of 2947543 done; Stage: 17%; Total: 53%; ETA:   0:03:34    
Progress: 517255 of 2947543 done; Stage: 17%; Total: 53%; ETA:   0:03:34 .  
Progress: 525255 of 2947543 done; Stage: 17%; Total: 53%; ETA:   0:03:33 .. 
Progress: 532255 of 2947543 done; Stage: 18%; Total: 53%; ETA:   0:03:32 ...
Progress: 539255 of 2947543 done; Stage: 18%; Total: 54%; ETA:   0:03:31    
Progress: 546255 of 2947543 done; Stage: 18%; Total: 54%; ETA:   0:03:31 .  
Progress: 553255 of 2947543 done; Stage: 18%; Total: 54%; ETA:   0:03:30 .. 
Progress: 560255 of 2947543 done; Stage: 19%; Total: 54%; ETA:   0:03:29 ...
Progress: 568255 of 2947543 done; Stage: 19%; Total: 54%; ETA:   0:03:28    
Progress: 573255 of 2947543 done; Stage: 19%; Total: 54%; ETA:   0:03:28 .  
Progress: 579255 of 2947543 done; Stage: 19%; Total: 54%; ETA:   0:03:27 .. 
Progress: 586255 of 2947543 done; Stage: 19%; Total: 54%; ETA:   0:03:27 ...
Progress: 593255 of 2947543 done; Stage: 20%; Total: 55%; ETA:   0:03:26    
Progress: 601255 of 2947543 done; Stage: 20%; Total: 55%; ETA:   0:03:25 .  
Progress: 608255 of 2947543 done; Stage: 20%; Total: 55%; ETA:   0:03:25 .. 
Progress: 615255 of 2947543 done; Stage: 20%; Total: 55%; ETA:   0:03:24 ...
Progress: 621255 of 2947543 done; Stage: 21%; Total: 55%; ETA:   0:03:23    
Progress: 628255 of 2947543 done; Stage: 21%; Total: 55%; ETA:   0:03:23 .  
Progress: 632255 of 2947543 done; Stage: 21%; Total: 55%; ETA:   0:03:22 .. 
Progress: 639255 of 2947543 done; Stage: 21%; Total: 55%; ETA:   0:03:22 ...
Progress: 646255 of 2947543 done; Stage: 21%; Total: 56%; ETA:   0:03:21    
Progress: 653255 of 2947543 done; Stage: 22%; Total: 56%; ETA:   0:03:20 .  
Progress: 658255 of 2947543 done; Stage: 22%; Total: 56%; ETA:   0:03:20 .. 
Progress: 665255 of 2947543 done; Stage: 22%; Total: 56%; ETA:   0:03:19 ...
Progress: 672255 of 2947543 done; Stage: 22%; Total: 56%; ETA:   0:03:18    
Progress: 679255 of 2947543 done; Stage: 23%; Total: 56%; ETA:   0:03:18 .  
Progress: 686255 of 2947543 done; Stage: 23%; Total: 56%; ETA:   0:03:17 .. 
Progress: 693255 of 2947543 done; Stage: 23%; Total: 56%; ETA:   0:03:16 ...
Progress: 701255 of 2947543 done; Stage: 23%; Total: 57%; ETA:   0:03:16    
Progress: 708255 of 2947543 done; Stage: 24%; Total: 57%; ETA:   0:03:15 .  
Progress: 711255 of 2947543 done; Stage: 24%; Total: 57%; ETA:   0:03:15 .. 
Progress: 718255 of 2947543 done; Stage: 24%; Total: 57%; ETA:   0:03:14 ...
Progress: 725255 of 2947543 done; Stage: 24%; Total: 57%; ETA:   0:03:13    
Progress: 731255 of 2947543 done; Stage: 24%; Total: 57%; ETA:   0:03:13 .  
Progress: 739255 of 2947543 done; Stage: 25%; Total: 57%; ETA:   0:03:12 .. 
Progress: 743255 of 2947543 done; Stage: 25%; Total: 57%; ETA:   0:03:12 ...
Progress: 750255 of 2947543 done; Stage: 25%; Total: 58%; ETA:   0:03:11    
Progress: 757255 of 2947543 done; Stage: 25%; Total: 58%; ETA:   0:03:10 .  
Progress: 762255 of 2947543 done; Stage: 25%; Total: 58%; ETA:   0:03:10 .. 
Progress: 769255 of 2947543 done; Stage: 26%; Total: 58%; ETA:   0:03:09 ...
Progress: 776255 of 2947543 done; Stage: 26%; Total: 58%; ETA:   0:03:09    
Progress: 783255 of 2947543 done; Stage: 26%; Total: 58%; ETA:   0:03:08 .  
Progress: 791255 of 2947543 done; Stage: 26%; Total: 58%; ETA:   0:03:07 .. 
Progress: 798255 of 2947543 done; Stage: 27%; Total: 58%; ETA:   0:03:07 ...
Progress: 805255 of 2947543 done; Stage: 27%; Total: 59%; ETA:   0:03:06    
Progress: 812255 of 2947543 done; Stage: 27%; Total: 59%; ETA:   0:03:05 .  
Progress: 819255 of 2947543 done; Stage: 27%; Total: 59%; ETA:   0:03:05 .. 
Progress: 822255 of 2947543 done; Stage: 27%; Total: 59%; ETA:   0:03:04 ...
Progress: 826255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04    
Progress: 827255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 .  
Progress: 828255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 .. 
Progress: 829255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 ...
Progress: 830255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04    
Progress: 833255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 .  
Progress: 835255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 .. 
Progress: 837255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 ...
Progress: 838255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04    
Progress: 839255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 .  
Progress: 840255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 .. 
Progress: 841255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 ...
Progress: 844255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04    
Progress: 846255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 .  
Progress: 848255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 .. 
Progress: 851255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04 ...
Progress: 853255 of 2947543 done; Stage: 28%; Total: 59%; ETA:   0:03:04    
Progress: 855255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:04 .  
Progress: 856255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:04 .. 
Progress: 857255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:04 ...
Progress: 858255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:04    
Progress: 859255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:04 .  
Progress: 861255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:04 .. 
Progress: 863255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05 ...
Progress: 866255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05    
Progress: 868255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05 .  
Progress: 871255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05 .. 
Progress: 872255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05 ...
Progress: 875255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05    
Progress: 877255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05 .  
Progress: 879255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05 .. 
Progress: 880255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05 ...
Progress: 881255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05    
Progress: 882255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05 .  
Progress: 884255 of 2947543 done; Stage: 29%; Total: 60%; ETA:   0:03:05 .. 
Progress: 885255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:05 ...
Progress: 886255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:05    
Progress: 888255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:06 .  
Progress: 890255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:06 .. 
Progress: 892255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:06 ...
Progress: 893255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:06    
Progress: 894255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:06 .  
Progress: 896255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:06 .. 
Progress: 898255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:07 ...
Progress: 900255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:07    
Progress: 901255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:07 .  
Progress: 902255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:07 .. 
Progress: 904255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:07 ...
Progress: 905255 of 2947543 done; Stage: 30%; Total: 60%; ETA:   0:03:07    
Progress: 906255 of 2947543 done; Stage: 30%; Total: 61%; ETA:   0:03:07 .  
Progress: 908255 of 2947543 done; Stage: 30%; Total: 61%; ETA:   0:03:07 .. 
Progress: 909255 of 2947543 done; Stage: 30%; Total: 61%; ETA:   0:03:07 ...
Progress: 911255 of 2947543 done; Stage: 30%; Total: 61%; ETA:   0:03:07    
Progress: 912255 of 2947543 done; Stage: 30%; Total: 61%; ETA:   0:03:07 .  
Progress: 913255 of 2947543 done; Stage: 30%; Total: 61%; ETA:   0:03:07 .. 
Progress: 915255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:08 ...
Progress: 916255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:08    
Progress: 917255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:08 .  
Progress: 918255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:08 .. 
Progress: 919255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:08 ...
Progress: 920255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:08    
Progress: 922255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:09 .  
Progress: 925255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:09 .. 
Progress: 926255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:09 ...
Progress: 928255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:09    
Progress: 929255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:09 .  
Progress: 931255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:09 .. 
Progress: 932255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:09 ...
Progress: 935255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:10    
Progress: 938255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:10 .  
Progress: 940255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:10 .. 
Progress: 941255 of 2947543 done; Stage: 31%; Total: 61%; ETA:   0:03:10 ...
Progress: 943255 of 2947543 done; Stage: 32%; Total: 61%; ETA:   0:03:10    
Progress: 944255 of 2947543 done; Stage: 32%; Total: 61%; ETA:   0:03:10 .  
Progress: 946255 of 2947543 done; Stage: 32%; Total: 61%; ETA:   0:03:10 .. 
Progress: 950255 of 2947543 done; Stage: 32%; Total: 61%; ETA:   0:03:10 ...
Progress: 955255 of 2947543 done; Stage: 32%; Total: 61%; ETA:   0:03:10    
Progress: 958255 of 2947543 done; Stage: 32%; Total: 62%; ETA:   0:03:10 .  
Progress: 963255 of 2947543 done; Stage: 32%; Total: 62%; ETA:   0:03:10 .. 
Progress: 967255 of 2947543 done; Stage: 32%; Total: 62%; ETA:   0:03:10 ...
Progress: 971255 of 2947543 done; Stage: 32%; Total: 62%; ETA:   0:03:10    
Progress: 975255 of 2947543 done; Stage: 33%; Total: 62%; ETA:   0:03:10 .  
Progress: 977255 of 2947543 done; Stage: 33%; Total: 62%; ETA:   0:03:09 .. 
Progress: 982255 of 2947543 done; Stage: 33%; Total: 62%; ETA:   0:03:09 ...
Progress: 985255 of 2947543 done; Stage: 33%; Total: 62%; ETA:   0:03:09    
Progress: 989255 of 2947543 done; Stage: 33%; Total: 62%; ETA:   0:03:08 .  
Progress: 991255 of 2947543 done; Stage: 33%; Total: 62%; ETA:   0:03:08 .. 
Progress: 994255 of 2947543 done; Stage: 33%; Total: 62%; ETA:   0:03:08 ...
Progress: 997255 of 2947543 done; Stage: 33%; Total: 62%; ETA:   0:03:08    
Progress: 1000255 of 2947543 done; Stage: 33%; Total: 62%; ETA:   0:03:08 .  
Progress: 1003255 of 2947543 done; Stage: 34%; Total: 62%; ETA:   0:03:08 .. 
Progress: 1006255 of 2947543 done; Stage: 34%; Total: 62%; ETA:   0:03:07 ...
Progress: 1008255 of 2947543 done; Stage: 34%; Total: 62%; ETA:   0:03:07    
Progress: 1009255 of 2947543 done; Stage: 34%; Total: 62%; ETA:   0:03:07 .  
Progress: 1011255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07 .. 
Progress: 1014255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07 ...
Progress: 1015255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07    
Progress: 1016255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07 .  
Progress: 1018255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07 .. 
Progress: 1020255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07 ...
Progress: 1021255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07    
Progress: 1022255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07 .  
Progress: 1025255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07 .. 
Progress: 1027255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07 ...
Progress: 1029255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07    
Progress: 1031255 of 2947543 done; Stage: 34%; Total: 63%; ETA:   0:03:07 .  
Progress: 1033255 of 2947543 done; Stage: 35%; Total: 63%; ETA:   0:03:07 .. 
Progress: 1035255 of 2947543 done; Stage: 35%; Total: 63%; ETA:   0:03:07 ...
Progress: 1038255 of 2947543 done; Stage: 35%; Total: 63%; ETA:   0:03:07    
Progress: 1042255 of 2947543 done; Stage: 35%; Total: 63%; ETA:   0:03:07 .  
Progress: 1045255 of 2947543 done; Stage: 35%; Total: 63%; ETA:   0:03:07 .. 
Progress: 1048255 of 2947543 done; Stage: 35%; Total: 63%; ETA:   0:03:07 ...
Progress: 1051255 of 2947543 done; Stage: 35%; Total: 63%; ETA:   0:03:07    
Progress: 1054255 of 2947543 done; Stage: 35%; Total: 63%; ETA:   0:03:07 .  
Progress: 1058255 of 2947543 done; Stage: 35%; Total: 63%; ETA:   0:03:07 .. 
Progress: 1060255 of 2947543 done; Stage: 35%; Total: 63%; ETA:   0:03:07 ...
Progress: 1063255 of 2947543 done; Stage: 36%; Total: 64%; ETA:   0:03:06    
Progress: 1067255 of 2947543 done; Stage: 36%; Total: 64%; ETA:   0:03:06 .  
Progress: 1069255 of 2947543 done; Stage: 36%; Total: 64%; ETA:   0:03:06 .. 
Progress: 1072255 of 2947543 done; Stage: 36%; Total: 64%; ETA:   0:03:06 ...
Progress: 1075255 of 2947543 done; Stage: 36%; Total: 64%; ETA:   0:03:05    
Progress: 1078255 of 2947543 done; Stage: 36%; Total: 64%; ETA:   0:03:05 .  
Progress: 1080255 of 2947543 done; Stage: 36%; Total: 64%; ETA:   0:03:05 .. 
Progress: 1084255 of 2947543 done; Stage: 36%; Total: 64%; ETA:   0:03:05 ...
Progress: 1086255 of 2947543 done; Stage: 36%; Total: 64%; ETA:   0:03:05    
Progress: 1089255 of 2947543 done; Stage: 36%; Total: 64%; ETA:   0:03:05 .  
Progress: 1092255 of 2947543 done; Stage: 37%; Total: 64%; ETA:   0:03:05 .. 
Progress: 1095255 of 2947543 done; Stage: 37%; Total: 64%; ETA:   0:03:05 ...
Progress: 1097255 of 2947543 done; Stage: 37%; Total: 64%; ETA:   0:03:04    
Progress: 1100255 of 2947543 done; Stage: 37%; Total: 64%; ETA:   0:03:04 .  
Progress: 1103255 of 2947543 done; Stage: 37%; Total: 64%; ETA:   0:03:04 .. 
Progress: 1106255 of 2947543 done; Stage: 37%; Total: 64%; ETA:   0:03:03 ...
Progress: 1109255 of 2947543 done; Stage: 37%; Total: 64%; ETA:   0:03:03    
Progress: 1112255 of 2947543 done; Stage: 37%; Total: 64%; ETA:   0:03:03 .  
Progress: 1115255 of 2947543 done; Stage: 37%; Total: 65%; ETA:   0:03:03 .. 
Progress: 1118255 of 2947543 done; Stage: 37%; Total: 65%; ETA:   0:03:03 ...
Progress: 1121255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:03    
Progress: 1125255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:03 .  
Progress: 1128255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:02 .. 
Progress: 1130255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:02 ...
Progress: 1132255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:02    
Progress: 1136255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:02 .  
Progress: 1138255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:02 .. 
Progress: 1140255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:02 ...
Progress: 1141255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:02    
Progress: 1143255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:02 .  
Progress: 1144255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:02 .. 
Progress: 1147255 of 2947543 done; Stage: 38%; Total: 65%; ETA:   0:03:02 ...
Progress: 1150255 of 2947543 done; Stage: 39%; Total: 65%; ETA:   0:03:02    
Progress: 1157255 of 2947543 done; Stage: 39%; Total: 65%; ETA:   0:03:01 .  
Progress: 1165255 of 2947543 done; Stage: 39%; Total: 65%; ETA:   0:03:00 .. 
Progress: 1172255 of 2947543 done; Stage: 39%; Total: 66%; ETA:   0:03:00 ...
Progress: 1177255 of 2947543 done; Stage: 39%; Total: 66%; ETA:   0:02:59    
Progress: 1182255 of 2947543 done; Stage: 40%; Total: 66%; ETA:   0:02:58 .  
Progress: 1187255 of 2947543 done; Stage: 40%; Total: 66%; ETA:   0:02:58 .. 
Progress: 1194255 of 2947543 done; Stage: 40%; Total: 66%; ETA:   0:02:57 ...
Progress: 1201255 of 2947543 done; Stage: 40%; Total: 66%; ETA:   0:02:56    
Progress: 1208255 of 2947543 done; Stage: 40%; Total: 66%; ETA:   0:02:56 .  
Progress: 1212255 of 2947543 done; Stage: 41%; Total: 66%; ETA:   0:02:55 .. 
Progress: 1219255 of 2947543 done; Stage: 41%; Total: 66%; ETA:   0:02:54 ...
Progress: 1226255 of 2947543 done; Stage: 41%; Total: 67%; ETA:   0:02:54    
Progress: 1231255 of 2947543 done; Stage: 41%; Total: 67%; ETA:   0:02:53 .  
Progress: 1238255 of 2947543 done; Stage: 42%; Total: 67%; ETA:   0:02:52 .. 
Progress: 1245255 of 2947543 done; Stage: 42%; Total: 67%; ETA:   0:02:52 ...
Progress: 1250255 of 2947543 done; Stage: 42%; Total: 67%; ETA:   0:02:51    
Progress: 1257255 of 2947543 done; Stage: 42%; Total: 67%; ETA:   0:02:50 .  
Progress: 1264255 of 2947543 done; Stage: 42%; Total: 67%; ETA:   0:02:49 .. 
Progress: 1271255 of 2947543 done; Stage: 43%; Total: 67%; ETA:   0:02:49 ...
Progress: 1278255 of 2947543 done; Stage: 43%; Total: 68%; ETA:   0:02:48    
Progress: 1285255 of 2947543 done; Stage: 43%; Total: 68%; ETA:   0:02:47 .  
Progress: 1292255 of 2947543 done; Stage: 43%; Total: 68%; ETA:   0:02:46 .. 
Progress: 1299255 of 2947543 done; Stage: 44%; Total: 68%; ETA:   0:02:45 ...
Progress: 1306255 of 2947543 done; Stage: 44%; Total: 68%; ETA:   0:02:45    
Progress: 1313255 of 2947543 done; Stage: 44%; Total: 68%; ETA:   0:02:44 .  
Progress: 1320255 of 2947543 done; Stage: 44%; Total: 68%; ETA:   0:02:43 .. 
Progress: 1325255 of 2947543 done; Stage: 44%; Total: 69%; ETA:   0:02:42 ...
Progress: 1332255 of 2947543 done; Stage: 45%; Total: 69%; ETA:   0:02:42    
Progress: 1339255 of 2947543 done; Stage: 45%; Total: 69%; ETA:   0:02:41 .  
Progress: 1345255 of 2947543 done; Stage: 45%; Total: 69%; ETA:   0:02:40 .. 
Progress: 1352255 of 2947543 done; Stage: 45%; Total: 69%; ETA:   0:02:40 ...
Progress: 1359255 of 2947543 done; Stage: 46%; Total: 69%; ETA:   0:02:39    
Progress: 1367255 of 2947543 done; Stage: 46%; Total: 69%; ETA:   0:02:38 .  
Progress: 1373255 of 2947543 done; Stage: 46%; Total: 69%; ETA:   0:02:37 .. 
Progress: 1379255 of 2947543 done; Stage: 46%; Total: 70%; ETA:   0:02:37 ...
Progress: 1382255 of 2947543 done; Stage: 46%; Total: 70%; ETA:   0:02:36    
Progress: 1387255 of 2947543 done; Stage: 47%; Total: 70%; ETA:   0:02:36 .  
Progress: 1394255 of 2947543 done; Stage: 47%; Total: 70%; ETA:   0:02:35 .. 
Progress: 1401255 of 2947543 done; Stage: 47%; Total: 70%; ETA:   0:02:34 ...
Progress: 1408255 of 2947543 done; Stage: 47%; Total: 70%; ETA:   0:02:34    
Progress: 1413255 of 2947543 done; Stage: 47%; Total: 70%; ETA:   0:02:33 .  
Progress: 1420255 of 2947543 done; Stage: 48%; Total: 70%; ETA:   0:02:32 .. 
Progress: 1427255 of 2947543 done; Stage: 48%; Total: 70%; ETA:   0:02:31 ...
Progress: 1434255 of 2947543 done; Stage: 48%; Total: 71%; ETA:   0:02:31    
Progress: 1441255 of 2947543 done; Stage: 48%; Total: 71%; ETA:   0:02:30 .  
Progress: 1448255 of 2947543 done; Stage: 49%; Total: 71%; ETA:   0:02:29 .. 
Progress: 1455255 of 2947543 done; Stage: 49%; Total: 71%; ETA:   0:02:29 ...
Progress: 1460255 of 2947543 done; Stage: 49%; Total: 71%; ETA:   0:02:28    
Progress: 1467255 of 2947543 done; Stage: 49%; Total: 71%; ETA:   0:02:27 .  
Progress: 1474255 of 2947543 done; Stage: 50%; Total: 71%; ETA:   0:02:26 .. 
Progress: 1481255 of 2947543 done; Stage: 50%; Total: 71%; ETA:   0:02:26 ...
Progress: 1488255 of 2947543 done; Stage: 50%; Total: 72%; ETA:   0:02:25    
Progress: 1495255 of 2947543 done; Stage: 50%; Total: 72%; ETA:   0:02:24 .  
Progress: 1500255 of 2947543 done; Stage: 50%; Total: 72%; ETA:   0:02:24 .. 
Progress: 1507255 of 2947543 done; Stage: 51%; Total: 72%; ETA:   0:02:23 ...
Progress: 1512255 of 2947543 done; Stage: 51%; Total: 72%; ETA:   0:02:22    
Progress: 1519255 of 2947543 done; Stage: 51%; Total: 72%; ETA:   0:02:22 .  
Progress: 1525255 of 2947543 done; Stage: 51%; Total: 72%; ETA:   0:02:21 .. 
Progress: 1532255 of 2947543 done; Stage: 51%; Total: 72%; ETA:   0:02:20 ...
Progress: 1539255 of 2947543 done; Stage: 52%; Total: 73%; ETA:   0:02:19    
Progress: 1545255 of 2947543 done; Stage: 52%; Total: 73%; ETA:   0:02:19 .  
Progress: 1552255 of 2947543 done; Stage: 52%; Total: 73%; ETA:   0:02:18 .. 
Progress: 1559255 of 2947543 done; Stage: 52%; Total: 73%; ETA:   0:02:17 ...
Progress: 1562255 of 2947543 done; Stage: 53%; Total: 73%; ETA:   0:02:17    
Progress: 1568255 of 2947543 done; Stage: 53%; Total: 73%; ETA:   0:02:16 .  
Progress: 1575255 of 2947543 done; Stage: 53%; Total: 73%; ETA:   0:02:16 .. 
Progress: 1582255 of 2947543 done; Stage: 53%; Total: 73%; ETA:   0:02:15 ...
Progress: 1586255 of 2947543 done; Stage: 53%; Total: 73%; ETA:   0:02:15    
Progress: 1593255 of 2947543 done; Stage: 54%; Total: 74%; ETA:   0:02:14 .  
Progress: 1599255 of 2947543 done; Stage: 54%; Total: 74%; ETA:   0:02:13 .. 
Progress: 1603255 of 2947543 done; Stage: 54%; Total: 74%; ETA:   0:02:13 ...
Progress: 1611255 of 2947543 done; Stage: 54%; Total: 74%; ETA:   0:02:12    
Progress: 1618255 of 2947543 done; Stage: 54%; Total: 74%; ETA:   0:02:11 .  
Progress: 1624255 of 2947543 done; Stage: 55%; Total: 74%; ETA:   0:02:11 .. 
Progress: 1629255 of 2947543 done; Stage: 55%; Total: 74%; ETA:   0:02:10 ...
Progress: 1634255 of 2947543 done; Stage: 55%; Total: 74%; ETA:   0:02:10    
Progress: 1641255 of 2947543 done; Stage: 55%; Total: 75%; ETA:   0:02:09 .  
Progress: 1647255 of 2947543 done; Stage: 55%; Total: 75%; ETA:   0:02:08 .. 
Progress: 1654255 of 2947543 done; Stage: 56%; Total: 75%; ETA:   0:02:08 ...
Progress: 1661255 of 2947543 done; Stage: 56%; Total: 75%; ETA:   0:02:07    
Progress: 1668255 of 2947543 done; Stage: 56%; Total: 75%; ETA:   0:02:06 .  
Progress: 1675255 of 2947543 done; Stage: 56%; Total: 75%; ETA:   0:02:05 .. 
Progress: 1682255 of 2947543 done; Stage: 57%; Total: 75%; ETA:   0:02:05 ...
Progress: 1689255 of 2947543 done; Stage: 57%; Total: 75%; ETA:   0:02:04    
Progress: 1696255 of 2947543 done; Stage: 57%; Total: 76%; ETA:   0:02:03 .  
Progress: 1703255 of 2947543 done; Stage: 57%; Total: 76%; ETA:   0:02:02 .. 
Progress: 1710255 of 2947543 done; Stage: 58%; Total: 76%; ETA:   0:02:02 ...
Progress: 1717255 of 2947543 done; Stage: 58%; Total: 76%; ETA:   0:02:01    
Progress: 1722255 of 2947543 done; Stage: 58%; Total: 76%; ETA:   0:02:00 .  
Progress: 1729255 of 2947543 done; Stage: 58%; Total: 76%; ETA:   0:02:00 .. 
Progress: 1736255 of 2947543 done; Stage: 58%; Total: 76%; ETA:   0:01:59 ...
Progress: 1743255 of 2947543 done; Stage: 59%; Total: 76%; ETA:   0:01:58    
Progress: 1750255 of 2947543 done; Stage: 59%; Total: 77%; ETA:   0:01:57 .  
Progress: 1756255 of 2947543 done; Stage: 59%; Total: 77%; ETA:   0:01:57 .. 
Progress: 1762255 of 2947543 done; Stage: 59%; Total: 77%; ETA:   0:01:56 ...
Progress: 1766255 of 2947543 done; Stage: 59%; Total: 77%; ETA:   0:01:56    
Progress: 1773255 of 2947543 done; Stage: 60%; Total: 77%; ETA:   0:01:55 .  
Progress: 1780255 of 2947543 done; Stage: 60%; Total: 77%; ETA:   0:01:54 .. 
Progress: 1786255 of 2947543 done; Stage: 60%; Total: 77%; ETA:   0:01:54 ...
Progress: 1793255 of 2947543 done; Stage: 60%; Total: 77%; ETA:   0:01:53    
Progress: 1800255 of 2947543 done; Stage: 61%; Total: 78%; ETA:   0:01:52 .  
Progress: 1807255 of 2947543 done; Stage: 61%; Total: 78%; ETA:   0:01:52 .. 
Progress: 1812255 of 2947543 done; Stage: 61%; Total: 78%; ETA:   0:01:51 ...
Progress: 1817255 of 2947543 done; Stage: 61%; Total: 78%; ETA:   0:01:51    
Progress: 1824255 of 2947543 done; Stage: 61%; Total: 78%; ETA:   0:01:50 .  
Progress: 1831255 of 2947543 done; Stage: 62%; Total: 78%; ETA:   0:01:49 .. 
Progress: 1838255 of 2947543 done; Stage: 62%; Total: 78%; ETA:   0:01:48 ...
Progress: 1845255 of 2947543 done; Stage: 62%; Total: 78%; ETA:   0:01:48    
Progress: 1852255 of 2947543 done; Stage: 62%; Total: 79%; ETA:   0:01:47 .  
Progress: 1859255 of 2947543 done; Stage: 63%; Total: 79%; ETA:   0:01:46 .. 
Progress: 1866255 of 2947543 done; Stage: 63%; Total: 79%; ETA:   0:01:46 ...
Progress: 1873255 of 2947543 done; Stage: 63%; Total: 79%; ETA:   0:01:45    
Progress: 1879255 of 2947543 done; Stage: 63%; Total: 79%; ETA:   0:01:44 .  
Progress: 1880255 of 2947543 done; Stage: 63%; Total: 79%; ETA:   0:01:44 .. 
Progress: 1887255 of 2947543 done; Stage: 64%; Total: 79%; ETA:   0:01:43 ...
Progress: 1892255 of 2947543 done; Stage: 64%; Total: 79%; ETA:   0:01:43    
Progress: 1899255 of 2947543 done; Stage: 64%; Total: 79%; ETA:   0:01:42 .  
Progress: 1906255 of 2947543 done; Stage: 64%; Total: 80%; ETA:   0:01:42 .. 
Progress: 1912255 of 2947543 done; Stage: 64%; Total: 80%; ETA:   0:01:41 ...
Progress: 1919255 of 2947543 done; Stage: 65%; Total: 80%; ETA:   0:01:40    
Progress: 1925255 of 2947543 done; Stage: 65%; Total: 80%; ETA:   0:01:40 .  
Progress: 1932255 of 2947543 done; Stage: 65%; Total: 80%; ETA:   0:01:39 .. 
Progress: 1939255 of 2947543 done; Stage: 65%; Total: 80%; ETA:   0:01:38 ...
Progress: 1945255 of 2947543 done; Stage: 65%; Total: 80%; ETA:   0:01:38    
Progress: 1951255 of 2947543 done; Stage: 66%; Total: 80%; ETA:   0:01:37 .  
Progress: 1958255 of 2947543 done; Stage: 66%; Total: 81%; ETA:   0:01:36 .. 
Progress: 1964255 of 2947543 done; Stage: 66%; Total: 81%; ETA:   0:01:36 ...
Progress: 1970255 of 2947543 done; Stage: 66%; Total: 81%; ETA:   0:01:35    
Progress: 1976255 of 2947543 done; Stage: 67%; Total: 81%; ETA:   0:01:34 .  
Progress: 1982255 of 2947543 done; Stage: 67%; Total: 81%; ETA:   0:01:34 .. 
Progress: 1989255 of 2947543 done; Stage: 67%; Total: 81%; ETA:   0:01:33 ...
Progress: 1996255 of 2947543 done; Stage: 67%; Total: 81%; ETA:   0:01:32    
Progress: 2003255 of 2947543 done; Stage: 67%; Total: 81%; ETA:   0:01:32 .  
Progress: 2010255 of 2947543 done; Stage: 68%; Total: 82%; ETA:   0:01:31 .. 
Progress: 2017255 of 2947543 done; Stage: 68%; Total: 82%; ETA:   0:01:30 ...
Progress: 2022255 of 2947543 done; Stage: 68%; Total: 82%; ETA:   0:01:30    
Progress: 2028255 of 2947543 done; Stage: 68%; Total: 82%; ETA:   0:01:29 .  
Progress: 2035255 of 2947543 done; Stage: 69%; Total: 82%; ETA:   0:01:29 .. 
Progress: 2042255 of 2947543 done; Stage: 69%; Total: 82%; ETA:   0:01:28 ...
Progress: 2049255 of 2947543 done; Stage: 69%; Total: 82%; ETA:   0:01:27    
Progress: 2056255 of 2947543 done; Stage: 69%; Total: 82%; ETA:   0:01:26 .  
Progress: 2063255 of 2947543 done; Stage: 69%; Total: 83%; ETA:   0:01:26 .. 
Progress: 2070255 of 2947543 done; Stage: 70%; Total: 83%; ETA:   0:01:25 ...
Progress: 2077255 of 2947543 done; Stage: 70%; Total: 83%; ETA:   0:01:24    
Progress: 2084255 of 2947543 done; Stage: 70%; Total: 83%; ETA:   0:01:24 .  
Progress: 2091255 of 2947543 done; Stage: 70%; Total: 83%; ETA:   0:01:23 .. 
Progress: 2098255 of 2947543 done; Stage: 71%; Total: 83%; ETA:   0:01:22 ...
Progress: 2105255 of 2947543 done; Stage: 71%; Total: 83%; ETA:   0:01:22    
Progress: 2112255 of 2947543 done; Stage: 71%; Total: 84%; ETA:   0:01:21 .  
Progress: 2118255 of 2947543 done; Stage: 71%; Total: 84%; ETA:   0:01:20 .. 
Progress: 2125255 of 2947543 done; Stage: 72%; Total: 84%; ETA:   0:01:20 ...
Progress: 2132255 of 2947543 done; Stage: 72%; Total: 84%; ETA:   0:01:19    
Progress: 2139255 of 2947543 done; Stage: 72%; Total: 84%; ETA:   0:01:18 .  
Progress: 2144255 of 2947543 done; Stage: 72%; Total: 84%; ETA:   0:01:18 .. 
Progress: 2150255 of 2947543 done; Stage: 72%; Total: 84%; ETA:   0:01:17 ...
Progress: 2156255 of 2947543 done; Stage: 73%; Total: 84%; ETA:   0:01:16    
Progress: 2163255 of 2947543 done; Stage: 73%; Total: 85%; ETA:   0:01:16 .  
Progress: 2170255 of 2947543 done; Stage: 73%; Total: 85%; ETA:   0:01:15 .. 
Progress: 2176255 of 2947543 done; Stage: 73%; Total: 85%; ETA:   0:01:15 ...
Progress: 2181255 of 2947543 done; Stage: 74%; Total: 85%; ETA:   0:01:14    
Progress: 2187255 of 2947543 done; Stage: 74%; Total: 85%; ETA:   0:01:13 .  
Progress: 2195255 of 2947543 done; Stage: 74%; Total: 85%; ETA:   0:01:13 .. 
Progress: 2202255 of 2947543 done; Stage: 74%; Total: 85%; ETA:   0:01:12 ...
Progress: 2209255 of 2947543 done; Stage: 74%; Total: 85%; ETA:   0:01:11    
Progress: 2216255 of 2947543 done; Stage: 75%; Total: 86%; ETA:   0:01:11 .  
Progress: 2223255 of 2947543 done; Stage: 75%; Total: 86%; ETA:   0:01:10 .. 
Progress: 2230255 of 2947543 done; Stage: 75%; Total: 86%; ETA:   0:01:09 ...
Progress: 2237255 of 2947543 done; Stage: 75%; Total: 86%; ETA:   0:01:08    
Progress: 2244255 of 2947543 done; Stage: 76%; Total: 86%; ETA:   0:01:08 .  
Progress: 2250255 of 2947543 done; Stage: 76%; Total: 86%; ETA:   0:01:07 .. 
Progress: 2257255 of 2947543 done; Stage: 76%; Total: 86%; ETA:   0:01:07 ...
Progress: 2263255 of 2947543 done; Stage: 76%; Total: 86%; ETA:   0:01:06    
Progress: 2270255 of 2947543 done; Stage: 77%; Total: 87%; ETA:   0:01:05 .  
Progress: 2278255 of 2947543 done; Stage: 77%; Total: 87%; ETA:   0:01:04 .. 
Progress: 2285255 of 2947543 done; Stage: 77%; Total: 87%; ETA:   0:01:04 ...
Progress: 2289255 of 2947543 done; Stage: 77%; Total: 87%; ETA:   0:01:03    
Progress: 2296255 of 2947543 done; Stage: 77%; Total: 87%; ETA:   0:01:03 .  
Progress: 2303255 of 2947543 done; Stage: 78%; Total: 87%; ETA:   0:01:02 .. 
Progress: 2310255 of 2947543 done; Stage: 78%; Total: 87%; ETA:   0:01:01 ...
Progress: 2317255 of 2947543 done; Stage: 78%; Total: 87%; ETA:   0:01:01    
Progress: 2323255 of 2947543 done; Stage: 78%; Total: 88%; ETA:   0:01:00 .  
Progress: 2330255 of 2947543 done; Stage: 79%; Total: 88%; ETA:   0:00:59 .. 
Progress: 2337255 of 2947543 done; Stage: 79%; Total: 88%; ETA:   0:00:59 ...
Progress: 2343255 of 2947543 done; Stage: 79%; Total: 88%; ETA:   0:00:58    
Progress: 2350255 of 2947543 done; Stage: 79%; Total: 88%; ETA:   0:00:57 .  
Progress: 2357255 of 2947543 done; Stage: 79%; Total: 88%; ETA:   0:00:57 .. 
Progress: 2365255 of 2947543 done; Stage: 80%; Total: 88%; ETA:   0:00:56 ...
Progress: 2372255 of 2947543 done; Stage: 80%; Total: 89%; ETA:   0:00:55    
Progress: 2378255 of 2947543 done; Stage: 80%; Total: 89%; ETA:   0:00:55 .  
Progress: 2385255 of 2947543 done; Stage: 80%; Total: 89%; ETA:   0:00:54 .. 
Progress: 2391255 of 2947543 done; Stage: 81%; Total: 89%; ETA:   0:00:53 ...
Progress: 2398255 of 2947543 done; Stage: 81%; Total: 89%; ETA:   0:00:53    
Progress: 2403255 of 2947543 done; Stage: 81%; Total: 89%; ETA:   0:00:52 .  
Progress: 2407255 of 2947543 done; Stage: 81%; Total: 89%; ETA:   0:00:52 .. 
Progress: 2414255 of 2947543 done; Stage: 81%; Total: 89%; ETA:   0:00:51 ...
Progress: 2419255 of 2947543 done; Stage: 82%; Total: 89%; ETA:   0:00:51    
Progress: 2426255 of 2947543 done; Stage: 82%; Total: 90%; ETA:   0:00:50 .  
Progress: 2433255 of 2947543 done; Stage: 82%; Total: 90%; ETA:   0:00:49 .. 
Progress: 2440255 of 2947543 done; Stage: 82%; Total: 90%; ETA:   0:00:49 ...
Progress: 2447255 of 2947543 done; Stage: 83%; Total: 90%; ETA:   0:00:48    
Progress: 2453255 of 2947543 done; Stage: 83%; Total: 90%; ETA:   0:00:47 .  
Progress: 2460255 of 2947543 done; Stage: 83%; Total: 90%; ETA:   0:00:47 .. 
Progress: 2466255 of 2947543 done; Stage: 83%; Total: 90%; ETA:   0:00:46 ...
Progress: 2473255 of 2947543 done; Stage: 83%; Total: 90%; ETA:   0:00:46    
Progress: 2480255 of 2947543 done; Stage: 84%; Total: 91%; ETA:   0:00:45 .  
Progress: 2487255 of 2947543 done; Stage: 84%; Total: 91%; ETA:   0:00:44 .. 
Progress: 2493255 of 2947543 done; Stage: 84%; Total: 91%; ETA:   0:00:44 ...
Progress: 2495255 of 2947543 done; Stage: 84%; Total: 91%; ETA:   0:00:43    
Progress: 2501255 of 2947543 done; Stage: 84%; Total: 91%; ETA:   0:00:43 .  
Progress: 2507255 of 2947543 done; Stage: 85%; Total: 91%; ETA:   0:00:42 .. 
Progress: 2512255 of 2947543 done; Stage: 85%; Total: 91%; ETA:   0:00:42 ...
Progress: 2520255 of 2947543 done; Stage: 85%; Total: 91%; ETA:   0:00:41    
Progress: 2527255 of 2947543 done; Stage: 85%; Total: 91%; ETA:   0:00:40 .  
Progress: 2533255 of 2947543 done; Stage: 85%; Total: 92%; ETA:   0:00:40 .. 
Progress: 2539255 of 2947543 done; Stage: 86%; Total: 92%; ETA:   0:00:39 ...
Progress: 2544255 of 2947543 done; Stage: 86%; Total: 92%; ETA:   0:00:39    
Progress: 2551255 of 2947543 done; Stage: 86%; Total: 92%; ETA:   0:00:38 .  
Progress: 2557255 of 2947543 done; Stage: 86%; Total: 92%; ETA:   0:00:38 .. 
Progress: 2565255 of 2947543 done; Stage: 87%; Total: 92%; ETA:   0:00:37 ...
Progress: 2572255 of 2947543 done; Stage: 87%; Total: 92%; ETA:   0:00:36    
Progress: 2578255 of 2947543 done; Stage: 87%; Total: 92%; ETA:   0:00:36 .  
Progress: 2583255 of 2947543 done; Stage: 87%; Total: 93%; ETA:   0:00:35 .. 
Progress: 2590255 of 2947543 done; Stage: 87%; Total: 93%; ETA:   0:00:35 ...
Progress: 2596255 of 2947543 done; Stage: 88%; Total: 93%; ETA:   0:00:34    
Progress: 2602255 of 2947543 done; Stage: 88%; Total: 93%; ETA:   0:00:33 .  
Progress: 2610255 of 2947543 done; Stage: 88%; Total: 93%; ETA:   0:00:33 .. 
Progress: 2615255 of 2947543 done; Stage: 88%; Total: 93%; ETA:   0:00:32 ...
Progress: 2620255 of 2947543 done; Stage: 88%; Total: 93%; ETA:   0:00:32    
Progress: 2627255 of 2947543 done; Stage: 89%; Total: 93%; ETA:   0:00:31 .  
Progress: 2632255 of 2947543 done; Stage: 89%; Total: 93%; ETA:   0:00:30 .. 
Progress: 2639255 of 2947543 done; Stage: 89%; Total: 94%; ETA:   0:00:30 ...
Progress: 2645255 of 2947543 done; Stage: 89%; Total: 94%; ETA:   0:00:29    
Progress: 2652255 of 2947543 done; Stage: 89%; Total: 94%; ETA:   0:00:29 .  
Progress: 2657255 of 2947543 done; Stage: 90%; Total: 94%; ETA:   0:00:28 .. 
Progress: 2660255 of 2947543 done; Stage: 90%; Total: 94%; ETA:   0:00:28 ...
Progress: 2663255 of 2947543 done; Stage: 90%; Total: 94%; ETA:   0:00:28    
Progress: 2667255 of 2947543 done; Stage: 90%; Total: 94%; ETA:   0:00:27 .  
Progress: 2671255 of 2947543 done; Stage: 90%; Total: 94%; ETA:   0:00:27 .. 
Progress: 2673255 of 2947543 done; Stage: 90%; Total: 94%; ETA:   0:00:27 ...
Progress: 2677255 of 2947543 done; Stage: 90%; Total: 94%; ETA:   0:00:26    
Progress: 2681255 of 2947543 done; Stage: 90%; Total: 94%; ETA:   0:00:26 .  
Progress: 2684255 of 2947543 done; Stage: 91%; Total: 94%; ETA:   0:00:26 .. 
Progress: 2688255 of 2947543 done; Stage: 91%; Total: 95%; ETA:   0:00:25 ...
Progress: 2690255 of 2947543 done; Stage: 91%; Total: 95%; ETA:   0:00:25    
Progress: 2692255 of 2947543 done; Stage: 91%; Total: 95%; ETA:   0:00:25 .  
Progress: 2695255 of 2947543 done; Stage: 91%; Total: 95%; ETA:   0:00:25 .. 
Progress: 2698255 of 2947543 done; Stage: 91%; Total: 95%; ETA:   0:00:24 ...
Progress: 2699255 of 2947543 done; Stage: 91%; Total: 95%; ETA:   0:00:24    
Progress: 2700255 of 2947543 done; Stage: 91%; Total: 95%; ETA:   0:00:24 .  
Progress: 2702255 of 2947543 done; Stage: 91%; Total: 95%; ETA:   0:00:24 .. 
Progress: 2706255 of 2947543 done; Stage: 91%; Total: 95%; ETA:   0:00:24 ...
Progress: 2708255 of 2947543 done; Stage: 91%; Total: 95%; ETA:   0:00:23    
Progress: 2712255 of 2947543 done; Stage: 92%; Total: 95%; ETA:   0:00:23 .  
Progress: 2716255 of 2947543 done; Stage: 92%; Total: 95%; ETA:   0:00:23 .. 
Progress: 2720255 of 2947543 done; Stage: 92%; Total: 95%; ETA:   0:00:22 ...
Progress: 2722255 of 2947543 done; Stage: 92%; Total: 95%; ETA:   0:00:22    
Progress: 2727255 of 2947543 done; Stage: 92%; Total: 95%; ETA:   0:00:22 .  
Progress: 2732255 of 2947543 done; Stage: 92%; Total: 95%; ETA:   0:00:21 .. 
Progress: 2736255 of 2947543 done; Stage: 92%; Total: 95%; ETA:   0:00:21 ...
Progress: 2739255 of 2947543 done; Stage: 92%; Total: 96%; ETA:   0:00:21    
Progress: 2742255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:20 .  
Progress: 2745255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:20 .. 
Progress: 2747255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:20 ...
Progress: 2749255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:20    
Progress: 2750255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:20 .  
Progress: 2751255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:20 .. 
Progress: 2752255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:19 ...
Progress: 2754255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:19    
Progress: 2758255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:19 .  
Progress: 2762255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:19 .. 
Progress: 2763255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:19 ...
Progress: 2767255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:18    
Progress: 2768255 of 2947543 done; Stage: 93%; Total: 96%; ETA:   0:00:18 .  
Progress: 2773255 of 2947543 done; Stage: 94%; Total: 96%; ETA:   0:00:18 .. 
Progress: 2775255 of 2947543 done; Stage: 94%; Total: 96%; ETA:   0:00:17 ...
Progress: 2778255 of 2947543 done; Stage: 94%; Total: 96%; ETA:   0:00:17    
Progress: 2780255 of 2947543 done; Stage: 94%; Total: 96%; ETA:   0:00:17 .  
Progress: 2782255 of 2947543 done; Stage: 94%; Total: 96%; ETA:   0:00:17 .. 
Progress: 2786255 of 2947543 done; Stage: 94%; Total: 96%; ETA:   0:00:16 ...
Progress: 2790255 of 2947543 done; Stage: 94%; Total: 96%; ETA:   0:00:16    
Progress: 2795255 of 2947543 done; Stage: 94%; Total: 97%; ETA:   0:00:16 .  
Progress: 2802255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:15 .. 
Progress: 2803255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:15 ...
Progress: 2805255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:15    
Progress: 2811255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:14 .  
Progress: 2816255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:14 .. 
Progress: 2819255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:13 ...
Progress: 2821255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:13    
Progress: 2824255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:13 .  
Progress: 2826255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:13 .. 
Progress: 2828255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:12 ...
Progress: 2829255 of 2947543 done; Stage: 95%; Total: 97%; ETA:   0:00:12    
Progress: 2831255 of 2947543 done; Stage: 96%; Total: 97%; ETA:   0:00:12 .  
Progress: 2834255 of 2947543 done; Stage: 96%; Total: 97%; ETA:   0:00:12 .. 
Progress: 2837255 of 2947543 done; Stage: 96%; Total: 97%; ETA:   0:00:12 ...
Progress: 2839255 of 2947543 done; Stage: 96%; Total: 97%; ETA:   0:00:11    
Progress: 2843255 of 2947543 done; Stage: 96%; Total: 98%; ETA:   0:00:11 .  
Progress: 2846255 of 2947543 done; Stage: 96%; Total: 98%; ETA:   0:00:11 .. 
Progress: 2851255 of 2947543 done; Stage: 96%; Total: 98%; ETA:   0:00:10 ...
Progress: 2853255 of 2947543 done; Stage: 96%; Total: 98%; ETA:   0:00:10    
Progress: 2857255 of 2947543 done; Stage: 96%; Total: 98%; ETA:   0:00:10 .  
Progress: 2860255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:09 .. 
Progress: 2863255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:09 ...
Progress: 2866255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:09    
Progress: 2867255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:09 .  
Progress: 2870255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:08 .. 
Progress: 2873255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:08 ...
Progress: 2874255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:08    
Progress: 2876255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:08 .  
Progress: 2878255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:08 .. 
Progress: 2883255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:07 ...
Progress: 2887255 of 2947543 done; Stage: 97%; Total: 98%; ETA:   0:00:07    
Progress: 2889255 of 2947543 done; Stage: 98%; Total: 98%; ETA:   0:00:07 .  
Progress: 2894255 of 2947543 done; Stage: 98%; Total: 98%; ETA:   0:00:06 .. 
Progress: 2899255 of 2947543 done; Stage: 98%; Total: 99%; ETA:   0:00:06 ...
Progress: 2903255 of 2947543 done; Stage: 98%; Total: 99%; ETA:   0:00:05    
Progress: 2908255 of 2947543 done; Stage: 98%; Total: 99%; ETA:   0:00:05 .  
Progress: 2911255 of 2947543 done; Stage: 98%; Total: 99%; ETA:   0:00:05 .. 
Progress: 2914255 of 2947543 done; Stage: 98%; Total: 99%; ETA:   0:00:04 ...
Progress: 2916255 of 2947543 done; Stage: 98%; Total: 99%; ETA:   0:00:04    
Progress: 2917255 of 2947543 done; Stage: 98%; Total: 99%; ETA:   0:00:04 .  
Progress: 2918255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:04 .. 
Progress: 2920255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:04 ...
Progress: 2921255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:04    
Progress: 2923255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:03 .  
Progress: 2925255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:03 .. 
Progress: 2927255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:03 ...
Progress: 2928255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:03    
Progress: 2930255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:03 .  
Progress: 2932255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:03 .. 
Progress: 2934255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:02 ...
Progress: 2936255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:02    
Progress: 2938255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:02 .  
Progress: 2940255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:02 .. 
Progress: 2943255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:01 ...
Progress: 2947255 of 2947543 done; Stage: 99%; Total: 99%; ETA:   0:00:00    
Progress: 2947543 of 2947543 done; Stage: 100%; Total: 100%; ETA:   0:00:00 .  
                                                                                       
                                                                                       
  2947543 free clusters processed.                                                       
 
Free space verification is complete.
 
Windows has made corrections to the file system.
No further action is required.
 
  20981759 KB total disk space.
   9160436 KB in 11 files.
        12 KB in 14 indexes.
         0 KB in bad sectors.
     31135 KB in use by the system.
     29824 KB occupied by the log file.
  11790176 KB available on disk.
 
      4096 bytes in each allocation unit.
   5245439 total allocation units on disk.
   2947544 allocation units available on disk.
 
========= End of CMD: =========
 
 
========= Mountvol =========
 
Creates, deletes, or lists a volume mount point.
 
MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L
MOUNTVOL [drive:]path /P
MOUNTVOL /R
MOUNTVOL /N
MOUNTVOL /E
MOUNTVOL drive: /S
 
    path        Specifies the existing NTFS directory where the mount
                point will reside.
    VolumeName  Specifies the volume name that is the target of the mount
                point.
    /D          Removes the volume mount point from the specified directory.
    /L          Lists the mounted volume name for the specified directory.
    /P          Removes the volume mount point from the specified directory,
                dismounts the volume, and makes the volume not mountable.
                You can make the volume mountable again by creating a volume
                mount point.
    /R          Removes volume mount point directories and registry settings
                for volumes that are no longer in the system.
    /N          Disables automatic mounting of new volumes.
    /E          Re-enables automatic mounting of new volumes.
    /S          Mount the EFI System Partition on the given drive.
 
Possible values for VolumeName along with current mount points are:
 
    \\?\Volume{7a2bcf69-db07-4374-9a0e-88835cb874f2}\
        C:\
 
    \\?\Volume{40eff16c-6b9d-11e6-82c8-10c37bbb446b}\
        D:\
 
    \\?\Volume{3e80ab0f-bf50-4f22-8c02-3c22ee1a6bb4}\
        *** NO MOUNT POINTS ***
 
    \\?\Volume{436d9e19-7fb5-4350-864c-86573ec335b2}\
        *** NO MOUNT POINTS ***
 
    \\?\Volume{52ee3d83-f100-11e3-8253-806e6f6e6963}\
        E:\
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 19:59:06 ====


#134 RayS

RayS

  • Malware Response Team
  • 2,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 05 September 2018 - 03:53 PM

Hi Dan,

 

The fix log is interesting and it shows no anomalies, but you didn't test to see whether the recurring "Scanning and Repairing" message has been fixed. Please reboot your laptop at least once (twice would be better) and tell me whether you see the "Scanning and Repairing" or any other message after the reboot(s).

 

 

In your next reply...

  • Please confirm that you are not seeing the "Scanning and Repairing" or any other message after the reboot(s).

Thank you,

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#135 danban

danban
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bronx New York
  • Local time:01:59 PM

Posted 07 September 2018 - 02:49 PM

Hello Ray ,

This is Dan.

 

The "Scanning and Repairing" message has been fixed , 

it don't show up apon start up no more.

 

Thanks.

Dan






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users