1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

I think my system is infected, windows 10 guest user build automatically

By FullStackDev · 38 replies
Jun 9, 2019
  1. Hi, First sorry for my bad english
    I have serous problem with my windows 10 from 3 days ago till now that my computer is almost infected..I think.
    3 days ago when every time I log in to system a quest11 account was made.
    Now I writing this I have find this problem on windows :
    I have windows 10 Enterprise
    • some weird services created.
    CDPUserSvc_5ac123e ( path Execute: C:\Windows\system32\svchost.exe -k UnistackSvcGroup )
    DevicesFlowUserSvc_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k DevicesFlow )
    MessagingService_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k UnistackSvcGroup )
    OneSyncSvc_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k UnistackSvcGroup)
    PrintWorkflowUserSvc_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k PrintWorkflow )
    Windows Push Notifications User Service_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k UnistackSvcGroup )
    User Data Access_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k UnistackSvcGroup )
    Contact Data_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k UnistackSvcGroup)
    User Data Storage_5ac123e ( path Execute C:\Windows\System32\svchost.exe -k UnistackSvcGroup )
    all this services executed path is like ---> C:\Windows\System32\svchost.exe -k UnistackSvcGroup

    • always on login a quest account named quest11 created.
    this user created every time I login to windows .. I deleted user when login but after some times ( 20 min or I dont know) this user created )
    • I can't search for windows application from desktop ( windows toolbar )
    this just happen today
    • almost all my windows default app store application not execute..I can't run theme.
    this just happen today
    • I check Windows error reporting from Computer Managment ( Event Viewer -> Windows Logs -> Security ) and below is some of last log in and logout try to that guest account I think...and from this erro I find out that some user login to guest account in network mode ( 3 means network mode base on windows help )
    First:
    Special privileges assigned to new logon.
    Subject:
    Security ID: SYSTEM
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3E7
    Privileges: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    SeDelegateSessionUserImpersonatePrivilege
    Another one:
    An account was successfully logged on.

    Subject:
    Security ID: NULL SID
    Account Name: -
    Account Domain: -
    Logon ID: 0x0

    Logon Information:
    Logon Type: 3
    Restricted Admin Mode: -
    Virtual Account: No
    Elevated Token: No

    Impersonation Level: Impersonation

    New Logon:
    Security ID: ANONYMOUS LOGON
    Account Name: ANONYMOUS LOGON
    Account Domain: NT AUTHORITY
    Logon ID: 0x9ED98FA
    Linked Logon ID: 0x0
    Network Account Name: -
    Network Account Domain: -
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x0
    Process Name: -

    Network Information:
    Workstation Name: CODER
    Source Network Address: -
    Source Port: -

    Detailed Authentication Information:
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Transited Services: -
    Package Name (NTLM only): NTLM V1
    Key Length: 128

    This event is generated when a logon session is created. It is generated on the computer that was accessed.

    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was created, I.e. the account that was logged on.

    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

    The impersonation level field indicates the extent to which a process in the logon session can impersonate.

    The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

    Another One:
    A user's local group membership was enumerated.

    Subject:
    Security ID: SYSTEM
    Account Name: CODER$
    Account Domain: WORKGROUP
    Logon ID: 0x3E7

    User:
    Security ID: CODER\guest11
    Account Name: guest11
    Account Domain: CODER

    Process Information:
    Process ID: 0x934
    Process Name: D:\Program Files\ESET\ESET Security\ekrn.exe

    And more .......


    Some other information:
    • I know that my system memory user very much recently
    • I know that in previous 2 days my system update 180 MB each day ( I dont upload any things (
    • my language change area on taskbar of windows is hiding.
    • firefox default style change for webapges recently
    • I Have Eset smart security 10... but eset can't find any things.
    I also attach some screenshots from various things
    SH04. SH03. SH02. SH01. SH01. SH02. SH03. SH04. SH01. SH02. SH03. SH04. SH01.
    I know this is serous problem and this virus try to infect my files every day more... but I dont know what to do ...can some one help me.. Thanks.
     
  2. Broni

    Broni Malware Annihilator Posts: 55,258   +456

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    Hi. Thanks. I Read Your Instructions Completely. I just backup some of my important Information to one Encrypted Volume ( True Crypt )
    Base on Instruction that provided ... I download Avast Home, Farbar Recovery Scan Tool and now I want run them.
    Question: Send these two files here? or open new topic?
    FRST.txt and Addition.txt
     
  4. Broni

    Broni Malware Annihilator Posts: 55,258   +456

    You post all logs right here. Pasted.
     
  5. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    Result of running FRST.
    I check all check box in options section. And I have another file called shortcuts.txt do I need send this file too?
     
  6. Broni

    Broni Malware Annihilator Posts: 55,258   +456

    Do not check any additional boxes. Run it as it is.
    I don't need shortcuts.
     
  7. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2019
    Ran by Administrator (administrator) on CODER (Acer Aspire A515-51G) (12-06-2019 12:49:06)
    Running from E:\TechSpot_Virus_Removal_Instructions\TechSpot Instruction
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Windows 10 Enterprise Version 1709 16299.192 (X64) Language: English (United States)
    Default browser: "M:\FirefoxPortable\App\Firefox64\firefox.exe" -osint -url "%1"
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] L:\Applications\Portable Application For Use\Launchy\Launchy.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
    (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (AVAST Software s.r.o. -> AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software s.r.o. -> AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
    (ESET, spol. s r.o. -> ESET) D:\Program Files\ESET\ESET Security\egui.exe
    (ESET, spol. s r.o. -> ESET) D:\Program Files\ESET\ESET Security\ekrn.exe
    (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHeciSvc.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Tonec Inc. -> Tonec Inc.) D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (TrueCrypt Foundation -> TrueCrypt Foundation) E:\TrueCrypt\TrueCrypt.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-11-22] (Acronis International GmbH -> )
    HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381312 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET Security\ecmds.exe [324216 2017-10-10] (ESET, spol. s r.o. -> ESET)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620720 2017-11-22] (Acronis International GmbH -> )
    HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
    HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd -> Piriform Ltd)
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\MountPoints2: {94497376-2854-11e8-8b9a-9822ef5d28ca} - "G:\.\StartModem.exe"
    HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
    HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
    HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
    HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
    HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
    HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
    HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
    HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
    HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
    AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [309168 2016-02-02] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
    AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [261552 2016-02-02] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
    IFEO\osppsvc.exe: [Debugger] SppExtComObjPatcher.exe
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk [2018-03-19]
    ShortcutTarget: Outlook 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> )
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-07-05]
    ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00BF79A1-3FBD-4FBC-ADE3-1DF80D1C9B67} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
    Task: {096FD4F4-9B45-4F79-972E-195DA43546F5} - System32\Tasks\Microsoft\Windows\PLA\MyDataCollector => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1462272 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    Task: {0973A22E-04AE-4CDC-BD04-7506C35BB1B1} - System32\Tasks\Stop VI => C:\Users\Administrator\Desktop\stop.bat
    Task: {09B1DBE4-3B37-42B9-B688-92D0268E04BB} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [445744 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    Task: {0AC40EA4-FFFA-41F7-AD50-22706DEA6576} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2017-02-22] (Acer Incorporated -> Acer Incorporated)
    Task: {18E48433-E259-413B-A5BD-F13CADABDE36} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {29581800-DE6F-4DAA-88E4-24E875539A5E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CODER-Administrator Coder => D:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {393F8911-A151-4E38-A558-7B78F2D9FBF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {396CDF69-AB09-417A-8893-1B7822BFD6F8} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4645168 2017-05-24] (Acer Incorporated -> )
    Task: {42CDFE7E-E565-4E86-8F8D-789B756E559E} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2767664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    Task: {54CBFF78-B6CC-463F-A01D-8CF8BC00D10A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd -> Piriform Ltd)
    Task: {60116705-1C0D-4B43-9B08-2F815F8AF822} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1864640 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {6D3F7826-1A11-4D90-8D45-130DC0483413} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    Task: {6FEE2E7B-90DA-42EE-AF01-1946C5FDB0EF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {78F053F1-B562-4691-ABE2-BF0E663B4F4E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {7C3706F7-5604-4DB7-A95F-4331AA274CF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {7D260263-EC70-41C9-BEBB-D8DBAD5A7D1C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-02-22] (Acer Incorporated -> )
    Task: {933EDA72-8974-4A57-A8B8-60BD97E7135C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {990748EC-D28B-4409-9C4D-569F2B0A5CC1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [964544 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {A53C7E44-37C0-4964-89D9-83D24EFEC47D} - System32\Tasks\Microsoft\Windows\PLA\System Resource Report => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1462272 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    Task: {A54A85BE-4325-4930-AEAF-E471B3E016B3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {A9BC49B2-B000-43D4-B4D3-BCF5067B2D15} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    Task: {ABC2A8CE-766D-49C9-9126-FDEA4B45FB34} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update => {A6BA00FE-40E8-477C-B713-C64A14F18ADB} C:\Windows\System32\wuautoappupdate.dll [57856 2017-11-26] (Microsoft Windows -> Microsoft Corporation)
    Task: {E4290767-9AFE-4B69-B222-0D9FF0E0462A} - System32\Tasks\klcp_update => d:\program files (x86)\k-lite codec pack\tools\codectweaktool.exe [1179648 2018-03-19] () [File not signed]
    Task: {E5CD5C38-9DE6-4985-92F3-1BF170B7CDFE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [521152 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {E6440054-6A9E-4EF8-BD1B-2DBA0BB6E66E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )
    Task: {ED014DF2-C992-4016-AB07-3EC5E44D0C34} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {F261EE35-9E83-41C7-B60A-55C09B520852} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {FB235D23-1341-4308-827B-C038FE425E5E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536 2016-12-06] (Intel(R) Trust Services -> Intel(R) Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.8.8
    Tcpip\..\Interfaces\{4bc6fbac-6a36-4a4a-a401-f4a4f901f0e2}: [NameServer] 10.255.255.254
    Tcpip\..\Interfaces\{d660a15d-478e-4d1a-891a-9b9d571f15d7}: [DhcpNameServer] 8.8.8.8 8.8.8.8

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: 5dfsawqm.default
    FF DefaultProfile: as51hvxm.default
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Pencil\Profiles\5dfsawqm.default [2019-04-26]
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\as51hvxm.default [2019-06-12]
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1jxc1iaw.dev-edition-default [2018-08-01]
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cmop4avn.NonDevWorks [2018-08-15]
    FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
    FF Extension: (IDM Integration Module) - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
    FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2018-03-26] [Legacy] [not signed]
    FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-21] (Adobe Systems Incorporated -> )
    FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-21] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google Inc. -> Google, Inc.)
    FF Plugin-x32: @IPCWebComponents -> D:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2721824 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
    S3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-17] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
    R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
    S3 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [15872 2018-03-25] (Docker Inc -> Docker Inc.)
    R2 ekrn; D:\Program Files\ESET\ESET Security\ekrn.exe [2648184 2017-10-10] (ESET, spol. s r.o. -> ESET)
    S3 FileZilla Server; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
    S2 FosCloudSvr; D:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe [91776 2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
    S2 FosIPCameraPluginService; D:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe [186496 2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
    S2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
    S3 hns; C:\Windows\System32\HostNetSvc.dll [1412096 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-12-06] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Jenkins; D:\Program Files (x86)\Jenkins\jenkins.exe [360448 2018-07-18] (CloudBees, Inc.) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-02-19] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
    S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
    S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742456 2017-11-22] (Acronis International GmbH -> )
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [38016 2017-10-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
    S3 VMAuthdService; D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [96232 2018-01-08] (VMware, Inc. -> VMware, Inc.)
    S3 vmcompute; C:\Windows\system32\vmcompute.exe [2542592 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
    S4 VMwareHostd; D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14347240 2018-01-08] (VMware, Inc. -> )
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-31] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-31] (Microsoft Corporation -> Microsoft Corporation)
    S3 KMSEmulator; "C:\ProgramData\KMSAutoS\bin\KMSSS.exe" -Port 1688 -PWin RandomKMSPID -PO14 RandomKMSPID -PO15 RandomKMSPID -PO16 RandomKMSPID -AI 43200 -RI 43200 -Log -IP [X]
    S2 Memcached11211; C:\memcached\memcached.exe -d runservice -p 11211 [X]
    S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
    S4 postgres; "C:\xampp\pgsql\9.5\bin\pg_ctl.exe" runservice -N "postgres" -D "C:\xampp\pgsql\9.5\data"
    S4 postgressql; "C:\xampp\pgsql\9.5\bin\pg_ctl.exe" runservice -N "postgressql" -D "C:\xampp\pgsql\9.5\data"

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254128 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswblog; C:\Windows\System32\drivers\aswblog.sys [320624 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57888 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
    R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [257832 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166848 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1031000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476768 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [220640 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380160 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133352 2017-12-11] (ESET, spol. s r.o. -> ESET)
    R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-04-07] (ESET, spol. s r.o. -> ESET)
    S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
    R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180088 2017-10-11] (ESET, spol. s r.o. -> ESET)
    R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50752 2017-04-07] (ESET, spol. s r.o. -> ESET)
    R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [78192 2017-04-07] (ESET, spol. s r.o. -> ESET)
    R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [102160 2017-09-25] (ESET, spol. s r.o. -> ESET)
    R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [564304 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [379664 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    S3 hvsocketcontrol; C:\Windows\system32\drivers\hvsocketcontrol.sys [26112 2018-03-25] (Microsoft Windows -> Microsoft Corporation)
    R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [89912 2016-08-30] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R1 ISODrive; D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
    R3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (Jaksta Technologies Pty Ltd -> e2eSoft)
    R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [22320 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    S3 mtkmbim; C:\Windows\System32\drivers\mtkmbim7_x64.sys [208896 2012-12-13] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_2fc0d3600c3c3d39\nvlddmkm.sys [17036560 2018-01-10] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2412976 2017-04-16] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
    R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [947712 2017-01-16] (Realtek Semiconductor Corp. -> Realtek )
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-12-15] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [690520 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    R4 truecrypt; E:\TrueCrypt\truecrypt-x64.sys [230864 2014-01-03] (TrueCrypt Foundation -> TrueCrypt Foundation)
    S3 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation -> Oracle Corporation)
    R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation -> Oracle Corporation)
    R1 VfpExt; C:\Windows\System32\drivers\vfpext.sys [1207808 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
    R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331976 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
    R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.)
    S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-03-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288296 2018-03-31] (Microsoft Windows -> Microsoft Corporation)
    S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-02-22] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
    S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-31] (Microsoft Windows -> Microsoft Corporation)
    U3 aswbdisk; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-12 12:47 - 2019-06-12 12:49 - 000000000 ____D C:\FRST
    2019-06-12 12:42 - 2019-06-12 12:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
    2019-06-12 12:39 - 2019-06-12 12:39 - 000000630 _____ C:\Users\Administrator\Desktop\Do____.txt
    2019-06-12 12:37 - 2019-06-12 12:37 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
    2019-06-12 12:35 - 2019-06-12 12:35 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
    2019-06-12 12:33 - 2019-06-12 12:33 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2019-06-12 12:33 - 2019-06-12 12:33 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
    2019-06-12 12:33 - 2019-06-12 12:32 - 001031000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000476768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000380160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2019-06-12 12:33 - 2019-06-12 12:32 - 000320624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000257832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000254128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000220640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000196000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000166848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000015488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
    2019-06-12 12:27 - 2019-06-12 12:33 - 000000000 ____D C:\ProgramData\AVAST Software
    2019-06-12 11:22 - 2019-06-12 11:22 - 000008645 _____ C:\Users\Administrator\.bash_history
    2019-06-12 11:17 - 2019-06-12 11:17 - 000000784 _____ C:\Users\Administrator\Desktop\github_c#_things - Shortcut.lnk
    2019-06-12 11:03 - 2019-06-12 11:03 - 000000070 _____ C:\Users\Administrator\Desktop\learn.txt
    2019-06-12 10:39 - 2019-06-12 10:39 - 000175550 _____ C:\Users\Administrator\Desktop\مراحل دریافت کارت ملی هوشمند + نمودار.html
    2019-06-12 10:39 - 2019-06-12 10:39 - 000000000 ____D C:\Users\Administrator\Desktop\مراحل دریافت کارت ملی هوشمند + نمودار_files
    2019-06-12 10:20 - 2019-06-12 10:20 - 000000458 _____ C:\Users\Administrator\Desktop\شرط بندی.txt
    2019-06-12 10:00 - 2019-06-12 10:00 - 000000396 _____ C:\Users\Administrator\Desktop\مراحل گرفتن کارت هوشمند ملی.txt
    2019-06-12 09:30 - 2019-06-12 09:30 - 000000007 _____ C:\Users\Administrator\Desktop\instagram.txt
    2019-06-12 09:22 - 2019-06-12 09:22 - 000000209 _____ C:\Users\Administrator\Desktop\virus_things.txt
    2019-06-11 11:59 - 2019-06-11 11:59 - 000000069 _____ C:\Users\Administrator\Desktop\نصب آواست.txt
    2019-06-11 08:15 - 2019-06-11 10:28 - 000018443 _____ C:\Users\Administrator\Desktop\توضیحات فاز ذوم.txt
    2019-06-11 07:54 - 2019-06-11 07:54 - 000000000 _____ C:\Users\Administrator\Desktop\حساب IDPay ات رو فعال کن و تو انجمن ها که کار می کنی و راه نمایی می کنی ..اون رو قرار بده برای پرداخت آنلاین.txt
    2019-06-10 10:59 - 2019-06-12 12:41 - 000000931 _____ C:\Users\Administrator\Desktop\virus - Shortcut.lnk
    2019-06-10 10:53 - 2019-06-10 10:53 - 000001144 _____ C:\Users\Administrator\Desktop\Project - messagespersiaaustraliaanswered=✔ - Shortcut.lnk
    2019-06-09 23:06 - 2019-06-09 23:06 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5456C697.sys
    2019-06-09 23:06 - 2019-06-09 23:06 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-06-09 23:03 - 2019-06-09 23:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2019-06-09 23:03 - 2019-06-09 23:03 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2019-06-09 14:56 - 2019-06-09 14:56 - 000000000 _____ C:\Users\Administrator\Desktop\Use SlideShare Fpr Share Contract Form
    2019-06-08 03:19 - 2019-06-08 03:22 - 000003402 _____ C:\Windows\System32\Tasks\Stop VI
    2019-06-08 02:40 - 2019-06-09 08:10 - 000000574 _____ C:\Users\Administrator\Desktop\stop.bat_
    2019-06-07 19:02 - 2019-06-07 19:02 - 000000738 _____ C:\Users\Administrator\AppData\Local\recently-used.xbel
    2019-06-05 22:21 - 2019-06-05 22:21 - 000002153 _____ C:\Users\Administrator\Desktop\لیست ارائه دروس.lnk
    2019-06-05 15:24 - 2019-06-05 15:24 - 000000853 _____ C:\Users\Administrator\Desktop\Archive T,TT2,TT3,TT4,TT4 Deleted...Copy From AData.lnk
    2019-06-05 14:45 - 2019-06-05 14:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\gtk-3.0
    2019-06-05 13:04 - 2019-06-05 13:04 - 000000051 _____ C:\Users\Administrator\Desktop\MacAddress.txt
    2019-06-05 12:45 - 2019-06-05 12:45 - 000000775 _____ C:\Users\Administrator\Desktop\Cut From HTDocs - Shortcut.lnk
    2019-06-05 10:40 - 2019-06-05 10:41 - 001060857 _____ C:\Users\Administrator\Downloads\video.mp4
    2019-06-05 09:19 - 2019-06-05 09:19 - 000001459 _____ C:\Users\Administrator\Desktop\project86066 - Shortcut.lnk
    2019-06-04 22:46 - 2019-06-04 22:46 - 000000798 _____ C:\Users\Administrator\Desktop\check files.lnk
    2019-06-04 14:44 - 2019-06-04 14:44 - 000001342 _____ C:\Users\Administrator\Desktop\PHP Personal Finance - Shortcut.lnk
    2019-06-04 10:52 - 2019-06-04 10:52 - 000000901 _____ C:\Users\Administrator\Desktop\Eclips - Shortcut.lnk
    2019-06-03 15:01 - 2019-06-03 15:01 - 000000919 _____ C:\Users\Administrator\Desktop\استفاده برای روشن بودن سیستم در روز و کلیک برای دریافت پول بیت کوین......بررسی اون سایت مربوط به حجاوااسکریپت که بیت کوین جمع می کرد.lnk
    2019-06-03 14:58 - 2019-06-03 14:58 - 000000000 ____D C:\Users\Administrator\workspace
    2019-06-03 11:36 - 2019-06-03 11:37 - 000000186 _____ C:\Users\Administrator\Desktop\piam2.txt
    2019-06-02 11:43 - 2019-06-02 11:43 - 003180712 _____ C:\Users\Administrator\Downloads\61204038_2128133783970722_9090820503427527366_n.mp4
     
  8. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    2019-06-02 11:42 - 2019-06-02 11:42 - 002094038 _____ C:\Users\Administrator\Downloads\60740600_193844208264326_2299228890290000967_n.mp4
    2019-06-01 14:42 - 2019-06-08 13:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\PHP Language Server
    2019-06-01 13:58 - 2019-06-01 13:58 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Obsidium
    2019-06-01 13:35 - 2019-06-01 13:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Visual Studio Code
    2019-05-31 18:14 - 2019-05-31 18:14 - 000118247 _____ C:\Windows\SysWOW64\package-lock.json
    2019-05-31 17:30 - 2019-06-01 00:20 - 000000000 ____D C:\Users\Administrator\Desktop\convert CSV to QIF
    2019-05-26 13:21 - 2019-05-26 13:21 - 000001097 _____ C:\Users\Administrator\Desktop\fireox addone for download images - Shortcut.lnk
    2019-05-23 11:02 - 2019-05-23 11:02 - 000001122 _____ C:\Users\Administrator\Desktop\plese learn this vendor componenets.lnk
    2019-05-23 10:24 - 2019-05-23 10:24 - 000000011 _____ C:\Users\Administrator\Desktop\مزاحم حجت.txt
    2019-05-22 17:59 - 2019-05-22 17:59 - 000000971 _____ C:\Users\Administrator\Desktop\website_image_downloader - Shortcut.lnk
    2019-05-22 12:17 - 2019-05-22 12:17 - 000000000 ____D C:\Users\Administrator\Downloads\خرید دیجی کالا
    2019-05-20 13:57 - 2019-05-20 13:57 - 000000910 _____ C:\Users\Administrator\Desktop\سرور پایتون.lnk
    2019-05-19 12:49 - 2019-06-10 22:26 - 000000201 _____ C:\Users\Administrator\Desktop\these_name.txt
    2019-05-19 12:01 - 2019-05-19 22:30 - 000000170 _____ C:\Users\Administrator\Desktop\Piamak.txt
    2019-05-17 22:32 - 2019-05-17 22:32 - 000001131 _____ C:\Users\Administrator\Desktop\Project-Python-Platform_Blogs-Auto-Publisher - Shortcut.lnk
    2019-05-16 10:23 - 2019-05-16 10:24 - 000000000 ____D C:\Users\Administrator\Desktop\agahi jadid
    2019-05-16 10:10 - 2019-05-16 10:10 - 000001459 _____ C:\Users\Administrator\Desktop\research about this.lnk
    2019-05-16 10:06 - 2019-05-16 10:06 - 000001513 _____ C:\Users\Administrator\Desktop\project20057460 - Shortcut.lnk
    2019-05-14 09:45 - 2019-05-14 09:45 - 000001022 _____ C:\Users\Administrator\Desktop\python website image downloader - Shortcut.lnk
    2019-05-13 21:23 - 2019-05-13 21:23 - 000001232 _____ C:\Users\Administrator\Desktop\پروژه احسان - انشار مطالب انگلیسی برای شبکه اجتماعی - Shortcut.lnk

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-12 12:33 - 2017-09-29 18:16 - 000000000 ___HD C:\Windows\ELAMBKUP
    2019-06-12 12:26 - 2018-04-12 14:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
    2019-06-12 12:26 - 2018-04-06 16:57 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
    2019-06-12 11:22 - 2018-03-16 10:10 - 000000000 ____D C:\Users\Administrator
    2019-06-12 10:39 - 2018-03-26 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
    2019-06-12 08:25 - 2018-03-20 01:08 - 000005216 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CODER-Administrator Coder
    2019-06-12 08:15 - 2018-03-16 13:03 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
    2019-06-12 08:15 - 2018-03-15 17:44 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-06-12 00:06 - 2018-03-16 16:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2019-06-11 23:55 - 2018-03-19 00:18 - 000000000 ____D C:\Users\Administrator\.p2
    2019-06-11 22:40 - 2018-03-31 00:08 - 000000000 ____D C:\Users\Administrator\AppData\Local\Eclipse
    2019-06-10 22:28 - 2019-01-17 14:24 - 000004320 _____ C:\Users\Administrator\Desktop\ask-do.txt
    2019-06-10 11:21 - 2018-03-15 17:22 - 000000000 ____D C:\Windows\system32\SleepStudy
    2019-06-10 10:57 - 2018-03-15 17:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-06-10 10:57 - 2017-09-29 13:15 - 001310720 _____ C:\Windows\system32\config\BBI
    2019-06-10 09:56 - 2018-04-01 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VMware
    2019-06-10 09:56 - 2018-04-01 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\VMware
    2019-06-10 09:24 - 2018-06-29 09:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\MechCAD
    2019-06-08 15:35 - 2018-03-26 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
    2019-06-08 02:44 - 2018-10-26 10:42 - 000035696 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
    2019-06-08 02:40 - 2018-06-15 13:15 - 000000769 _____ C:\Users\Administrator\Desktop\kill.bat
    2019-06-07 20:30 - 2018-03-21 19:28 - 000000279 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\This PC.lnk
    2019-06-07 16:27 - 2018-03-15 17:40 - 000003178 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
    2019-06-07 00:01 - 2018-03-16 10:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
    2019-06-06 12:11 - 2018-03-16 13:43 - 000007650 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
    2019-06-06 06:29 - 2018-03-21 15:58 - 000003362 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D690AB43-282C-486B-B0DB-82BD1691ED6E}
    2019-06-06 06:29 - 2018-03-16 13:01 - 000002974 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:29 - 2018-03-16 13:00 - 000003044 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:29 - 2018-03-16 13:00 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:29 - 2018-03-16 13:00 - 000002898 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:29 - 2018-03-16 13:00 - 000002846 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:29 - 2018-03-16 13:00 - 000002804 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:28 - 2018-03-16 13:01 - 000003236 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:28 - 2018-03-16 13:00 - 000003458 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:27 - 2018-09-16 10:00 - 000003186 _____ C:\Windows\System32\Tasks\KMSAutoNet
    2019-06-06 02:13 - 2018-04-20 10:31 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Code
    2019-06-03 23:42 - 2019-02-03 11:05 - 000001148 _____ C:\Users\Administrator\Desktop\eclipse-php-2018-12-R-win32-x86_64.zip - Shortcut.lnk
    2019-06-03 23:27 - 2018-03-27 09:22 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
    2019-06-01 15:49 - 2018-04-05 09:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Composer
    2019-06-01 11:24 - 2018-03-31 13:14 - 000000000 ____D C:\Program Files\Beyond Compare 4
    2019-05-24 15:30 - 2017-09-29 18:14 - 000000000 ____D C:\Windows\INF
    2019-05-23 16:20 - 2018-04-18 16:59 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Electrum
    2019-05-22 13:59 - 2018-08-21 22:23 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Atom
    2019-05-21 09:21 - 2018-11-30 18:28 - 000000000 ____D C:\Users\Administrator\Downloads\Soroush Downloads
    2019-05-19 01:30 - 2017-09-29 18:16 - 000000000 ____D C:\Windows\system32\NDF
    2019-05-17 17:27 - 2017-09-29 18:07 - 000000000 ____D C:\Windows\CbsTemp

    ==================== Files in the root of some directories =======

    2018-06-10 20:01 - 2019-05-07 14:12 - 000000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CC Prefs
    2018-08-14 16:28 - 2018-08-25 22:09 - 000000023 _____ () C:\Users\Administrator\AppData\Roaming\brand.ini
    2018-06-28 17:04 - 2018-06-28 17:04 - 000011512 _____ () C:\Users\Administrator\AppData\Roaming\Comma Separated Values.TSK
    2018-08-14 16:28 - 2018-08-25 22:15 - 001210039 _____ () C:\Users\Administrator\AppData\Roaming\FosPlugin.log
    2018-08-14 16:28 - 2018-08-23 16:23 - 000430524 _____ () C:\Users\Administrator\AppData\Roaming\FosRtmp.log
    2018-06-10 20:01 - 2019-05-07 13:44 - 000001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
    2019-02-05 10:10 - 2019-02-05 10:10 - 000000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND
    2019-06-07 19:02 - 2019-06-07 19:02 - 000000738 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
    2018-03-16 13:43 - 2019-06-06 12:11 - 000007650 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
    2018-04-06 17:00 - 2018-04-06 17:00 - 000000032 RSHOT () C:\Users\Administrator\AppData\Local\t80.dat

    ==================== SigCheckExt =======

    2017-09-29 18:11 - 2011-12-07 23:07 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
    2017-09-29 18:12 - 2017-07-30 16:20 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
    2017-09-29 18:11 - 2018-01-28 14:30 - 000794112 _____ C:\Windows\system32\xvidcore.dll
    2018-03-26 12:23 - 2018-01-28 14:30 - 000311296 _____ C:\Windows\system32\xvidvfw.dll
    2017-09-29 18:12 - 2015-10-24 21:30 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
    2017-09-29 18:12 - 2011-12-07 23:02 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
    2017-09-29 18:12 - 2012-08-24 21:22 - 000103424 _____ (Thesycon GmbH) C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll
    2017-09-29 18:16 - 2013-03-01 06:17 - 000053299 _____ C:\Windows\SysWOW64\pthreadVC.dll
    2017-09-29 18:13 - 2014-12-10 13:25 - 002459136 _____ (Python Software Foundation) C:\Windows\SysWOW64\python27.dll
    2017-09-29 18:12 - 2017-07-30 16:20 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
    2017-09-29 18:11 - 2018-01-28 14:30 - 000694784 _____ C:\Windows\SysWOW64\xvidcore.dll
    2018-03-26 12:23 - 2018-01-28 14:30 - 000284672 _____ C:\Windows\SysWOW64\xvidvfw.dll

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    ==================== BCD ================================

    Firmware Boot Manager
    ---------------------
    identifier {fwbootmgr}
    displayorder {bootmgr}
    {db51eec8-8b48-11e9-8c30-e33d0289d743}
    {4fac233a-2857-11e8-bb37-a15b8d95977b}
    {4fac233b-2857-11e8-bb37-a15b8d95977b}
    {4fac233c-2857-11e8-bb37-a15b8d95977b}
    timeout 0

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=\Device\HarddiskVolume2
    path \EFI\Microsoft\Boot\bootmgfw.efi
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes
    default {current}
    resumeobject {4fac233f-2857-11e8-bb37-a15b8d95977b}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30

    Firmware Application (101fffff)
    -------------------------------
    identifier {4fac233a-2857-11e8-bb37-a15b8d95977b}
    description EFI USB Device
    badmemoryaccess Yes

    Firmware Application (101fffff)
    -------------------------------
    identifier {4fac233b-2857-11e8-bb37-a15b8d95977b}
    description EFI DVD/CDROM
    badmemoryaccess Yes

    Firmware Application (101fffff)
    -------------------------------
    identifier {4fac233c-2857-11e8-bb37-a15b8d95977b}
    description EFI Network
    badmemoryaccess Yes

    Firmware Application (101fffff)
    -------------------------------
    identifier {db51eec8-8b48-11e9-8c30-e33d0289d743}
    device partition=\Device\HarddiskVolume2
    path \EFI\Microsoft\Boot\bootmgfw.efi
    description Windows Boot Manager

    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \Windows\system32\winload.efi
    description Windows 10
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {4fac2341-2857-11e8-bb37-a15b8d95977b}
    displaymessageoverride Recovery
    recoveryenabled Yes
    badmemoryaccess Yes
    isolatedcontext Yes
    allowedinmemorysettings 0x15000075
    osdevice partition=C:
    systemroot \Windows
    resumeobject {4fac233f-2857-11e8-bb37-a15b8d95977b}
    nx OptIn
    bootmenupolicy Legacy
    hypervisorlaunchtype Off
    vga No
    quietboot No
    bootlog No
    sos No

    Windows Boot Loader
    -------------------
    identifier {4fac2341-2857-11e8-bb37-a15b8d95977b}
    device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{4fac2342-2857-11e8-bb37-a15b8d95977b}
    path \windows\system32\winload.efi
    description Windows Recovery Environment
    locale en-us
    inherit {bootloadersettings}
    displaymessage Recovery
    badmemoryaccess Yes
    osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{4fac2342-2857-11e8-bb37-a15b8d95977b}
    systemroot \windows
    nx OptIn
    bootmenupolicy Standard
    winpe Yes

    Resume from Hibernate
    ---------------------
    identifier {4fac233f-2857-11e8-bb37-a15b8d95977b}
    device partition=C:
    path \Windows\system32\winresume.efi
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {4fac2341-2857-11e8-bb37-a15b8d95977b}
    recoveryenabled Yes
    badmemoryaccess Yes
    isolatedcontext Yes
    allowedinmemorysettings 0x15000075
    filedevice partition=C:
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=\Device\HarddiskVolume2
    path \EFI\Microsoft\Boot\memtest.efi
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    EMS Settings
    ------------
    identifier {emssettings}
    badmemoryaccess Yes
    bootems No

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Local
    badmemoryaccess Yes

    RAM Defects
    -----------
    identifier {badmemory}
    badmemoryaccess Yes

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}
    badmemoryaccess Yes

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}
    badmemoryaccess Yes

    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    badmemoryaccess Yes
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}
    badmemoryaccess Yes

    Device options
    --------------
    identifier {4fac2342-2857-11e8-bb37-a15b8d95977b}
    description Windows Recovery
    badmemoryaccess Yes
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\WindowsRE\boot.sdi


    LastRegBack: 2019-06-07 12:04
    ==================== End of FRST.txt ========================
     
  9. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2019
    Ran by Administrator (12-06-2019 12:52:23)
    Running from E:\TechSpot_Virus_Removal_Instructions\TechSpot Instruction
    Windows 10 Enterprise Version 1709 16299.192 (X64) (2018-03-15 12:56:37)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2378293659-431221962-3870085809-500 - Administrator - Enabled) => C:\Users\Administrator
    DefaultAccount (S-1-5-21-2378293659-431221962-3870085809-503 - Limited - Disabled)
    Guest (S-1-5-21-2378293659-431221962-3870085809-501 - Limited - Disabled)
    guest11 (S-1-5-21-2378293659-431221962-3870085809-1065 - Limited - Enabled)
    WDAGUtilityAccount (S-1-5-21-2378293659-431221962-3870085809-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: ESET Smart Security (Enabled - Out of date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
    AS: ESET Smart Security (Enabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3012 - Acer Incorporated)
    Acronis True Image (HKLM-x32\...\{02907CFD-628F-400B-BB12-1F9126014B10}) (Version: 22.5.10410 - Acronis) Hidden
    Acronis True Image (HKLM-x32\...\{02907CFD-628F-400B-BB12-1F9126014B10}Visible) (Version: 22.5.10410 - Acronis)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
    Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
    Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
    Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
    Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
    Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
    ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
    Axure RP (HKLM-x32\...\{008035CA-B7B7-4E56-B641-6918B0639D67}) (Version: 8.1.0.3366 - Axure RP) Hidden
    Axure RP (HKLM-x32\...\Axure RP 8.1.0.3366) (Version: 8.1.0.3366 - Axure RP)
    Balsamiq Mockups 3 (HKLM-x32\...\{DD3D206D-0E2A-13E1-C0CE-DC751907F1D4}) (Version: 3.5.15 - Balsamiq SRL) Hidden
    Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.5.15 - Balsamiq SRL)
    Beyond Compare 4 (HKLM\...\{382FD58E-226F-418B-8F34-DA8EE89D9550}) (Version: 4.2.4.22795 - Scooter Software, Inc.)
    Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
    Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
    Crisp (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Crisp) (Version: 5.0.16 - Crisp IM)
    D-Link Connection Manager v7.0.3ME (HKLM-x32\...\Broad Mobi HSPA Modem Normal Version_is1) (Version: - )
    Docker for Windows (HKLM\...\Docker for Windows) (Version: 17.12.0-ce-win47 - Docker Inc.)
    Electrum (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Electrum) (Version: 3.1.2 - Electrum Technologies GmbH)
    ESET Smart Security (HKLM\...\{79097F9F-0456-4C0C-9B53-A5E2712119A6}) (Version: 10.1.235.4 - ESET, spol. s r.o.)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
    Gap Messenger 2.6.0 (only current user) (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\7a047109-c38b-5582-a5cf-87670e7f2e94) (Version: 2.6.0 - Gap Messenger)
    Git version 2.16.2 (HKLM\...\Git_is1) (Version: 2.16.2 - The Git Development Community)
    GitHub Desktop (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\GitHubDesktop) (Version: 1.1.1 - GitHub, Inc.)
    Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
    Grand Theft Auto V - The Manual (HKLM-x32\...\{752EBD91-8B95-42B5-8692-A7243A6EEEA9}) (Version: 1.0.0 - Rockstar Games)
    Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
    heroku (HKLM-x32\...\heroku) (Version: - Heroku)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1004 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    IPCWebComponents 5.0.0.3 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 5.0.0.3 - FOSCAM)
    Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
    Java SE Development Kit 8 Update 162 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180162}) (Version: 8.0.1620.12 - Oracle Corporation)
    Jenkins 2.121.2 (HKLM-x32\...\{73B65605-756E-46F2-94F8-94E90FC9C76C}) (Version: 0.2.121.2000 - Jenkins project)
    JetBrains PhpStorm 2018.1.5 (HKLM-x32\...\PhpStorm 2018.1.5) (Version: 181.5281.19 - JetBrains s.r.o.)
    JetBrains PyCharm 2017.2.3 (HKLM-x32\...\PyCharm 2017.2.3) (Version: 172.3968.37 - JetBrains s.r.o.)
    K-Lite Mega Codec Pack 14.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP)
    MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Node.js (HKLM-x32\...\{883ECC46-3EED-4960-B912-1CFAF4A8BDB7}) (Version: 8.9.1 - Node.js Foundation)
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
    NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
    NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    OpenVPN 2.3.18-I602 (HKLM\...\OpenVPN) (Version: 2.3.18-I602 - OpenVPN Technologies, Inc.)
    Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Parnian8.Office (HKLM-x32\...\{7572F3AF-149B-4961-85AE-5B448FCA381F}) (Version: 7.8.14 - Gostareh Negar)
    PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
    Pencil Prototyping (HKLM-x32\...\Pencil Prototyping) (Version: - Evolus Co., Ltd.)
    PhoneGap Desktop version 0.4.5 (HKLM-x32\...\com.adobe.phonegap.desktop_is1) (Version: 0.4.5 - Adobe Inc.)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.4 - Vaclav Slavik)
    Postman-win64-6.2.5 (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Postman) (Version: 6.2.5 - Postman)
    PremiumSoft Navicat 11.2 for MySQL (HKLM-x32\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.2.14 - PremiumSoft CyberTech Ltd.)
    Python 2.7 py2exe-0.6.9 (HKLM-x32\...\py2exe-py2.7) (Version: - )
    Python 2.7 py2exe-0.6.9 (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\py2exe-py2.7) (Version: - )
    Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
    Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
    Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10426 - Qualcomm)
    Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.303 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21294 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8108 - Realtek Semiconductor Corp.)
    Replay Media Catcher 6 (6.0.1.7) (HKLM-x32\...\Replay Media Catcher 6) (Version: 6.0.1.7 - Applian Technologies)
    Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
    Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
    Skype version 8.32 (HKLM-x32\...\Skype_is1) (Version: 8.32 - Skype Technologies S.A.)
    Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
    Soroush Desktop Application (HKLM-x32\...\Soroush_is1) (Version: 0.16.1.0 - )
    Symfony version 1.1.3 (HKLM\...\Symfony_is1) (Version: 1.1.3 - Symfony)
    TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
    TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
    TNod User & Password Finder (HKLM\...\TNod) (Version: 1.6.3.1 - Tukero[X]Team)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    UltraISO Premium V9.7 (HKLM-x32\...\UltraISO_is1) (Version: - )
    Vagrant (HKLM-x32\...\{23A65850-5D62-4A42-9312-D19E58CA5376}) (Version: 2.0.3 - HashiCorp)
    VMware Workstation (HKLM\...\{ADC3121A-3EBA-4016-AF64-00B8FE017080}) (Version: 14.1.1 - VMware, Inc.)
    VNC Viewer 6.17.1113 (HKLM\...\{26DEBF7F-3876-43C3-8365-5A2B4C604DFA}) (Version: 6.17.1113.31799 - RealVNC Ltd)
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
    XAMPP (HKLM-x32\...\xampp) (Version: 7.2.1-0 - Bitnami)

    Packages:
    =========
    Eclipse Manager -> C:\Program Files\WindowsApps\46928bounde.EclipseManager_3.2.16.0_x64__a5h4egax66k6y [2018-04-02] (Ounce Digital)
    Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt [2018-08-16] (Instagram)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9126.21535.0_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x86__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.18.12091.0_x64__8wekyb3d8bbwe [2018-04-08] (Microsoft Studios) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.23.10923.0_x64__8wekyb3d8bbwe [2018-04-08] (Microsoft Corporation) [MS Ad]
    Trello -> C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.10.3.0_x64__7pb5ddty8z1pa [2018-04-16] (Trello, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc. -> Tonec Inc.)
    ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
    ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
    ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
    ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] (Notepad++ -> )
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
    ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
    ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
    ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
    ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => D:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
    ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => D:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
    ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxDTCM.dll [2017-11-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
    ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
    ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
    ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => D:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
    ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Administrator\Desktop\Pocket.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Web Server for Chrome.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=ofhbbkphhbklhfoeikjpcbhemlocgigb

    ==================== Loaded Modules (Whitelisted) ==============

    2017-11-22 12:04 - 2017-11-22 12:04 - 000277538 _____ () [File not signed] C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
    2014-12-23 20:23 - 2009-12-17 02:18 - 000233472 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\imageformats\qmng4.dll
    2014-12-23 20:23 - 2010-04-03 15:05 - 000380928 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\Launchy.exe
    2014-12-23 20:23 - 2010-04-03 15:06 - 000081920 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\calcy.dll
    2014-12-23 20:23 - 2010-04-03 15:05 - 000090112 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\controly.dll
    2014-12-23 20:23 - 2010-04-03 15:06 - 000024064 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\gcalc.dll
    2014-12-23 20:23 - 2010-04-03 15:06 - 000094208 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\runner.dll
    2014-12-23 20:23 - 2010-04-03 15:05 - 000057344 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\verby.dll
    2014-12-23 20:23 - 2010-04-03 15:05 - 000122880 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\weby.dll
    2014-12-23 20:23 - 2009-12-16 23:54 - 002236416 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtCore4.dll
    2014-12-23 20:23 - 2009-12-17 00:13 - 008314880 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtGui4.dll
    2014-12-23 20:23 - 2009-12-16 23:56 - 000712704 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtNetwork4.dll
    2017-11-22 11:51 - 2017-08-15 19:51 - 001477120 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-09-29 18:16 - 2019-06-01 13:59 - 000003811 ____R C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 activation.acronis.com web-api-tih.acronis.com
    127.0.0.1 tonec.com
    127.0.0.1 www.tonec.com
    127.0.0.1 registeridm.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 adobeereg.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 125.252.224.90
    127.0.0.1 125.252.224.91
    127.0.0.1 hl2rcv.adobe.com
    127.0.0.1 lm.licenses.adobe.com
    127.0.0.1 lmlicenses.wip4.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> D:\Python27\;D:\Python27\Scripts;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Docker\Docker\Resources\bin;C:\Program Files (x86)\Java\jre1.8.0_162\bin;C:\Program Files (x86)\Java\jdk1.8.0_162\bin;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\nodejs\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;D:\Program Files\HashiCorp\Vagrant\bin;D:\Program Files\Git\cmd;C:\ProgramData\ComposerSetup\bin;C:\xampp\mysql\bin;C:\xampp\apache\bin;D:\Python\phantomjs-2.1.1-windows\bin\;E:\New Soft\ffmpeg\ffmpeg-4.1-win64-static\bin;D:\Program Files\Symfony;C:\xampp\php721;C:\Program Files\WinRAR;L:\Applications\Portable Application For Use\7-ZipPortable\App\7-Zip64;C:\xampp\htdocs\Learning_Symfony\my_project_test\node_modules\.bin;C:\xampp\htdocs\Learning_Symfony\symfony-docs-3.4\_build;
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
    HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
    HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
    HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
    HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\StartupFolder: => "Outlook 2013.lnk"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "Docker for Windows"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "RGSC"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "Skype for Desktop"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{CA14DA2D-0004-4D9E-8133-7DDEB8FA089D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
    FirewallRules: [UDP Query User{0E719808-BC3D-45DE-9189-E1FCFEEF3D5D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
    FirewallRules: [{0BEB4113-76C0-4636-B3F7-387EC7CD24BB}] => (Block) C:\program files\android\android studio\jre\bin\java.exe
    FirewallRules: [{67404E8B-9BFB-4A8D-8929-D1CB188DD20A}] => (Block) C:\program files\android\android studio\jre\bin\java.exe
    FirewallRules: [TCP Query User{8237A047-1CF2-4DAE-BBBC-CCAE041ABB11}M:\firefoxportable\app\firefox64\firefox.exe] => (Allow) M:\firefoxportable\app\firefox64\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [UDP Query User{F3260B67-218B-48E2-885D-3C036160FBE7}M:\firefoxportable\app\firefox64\firefox.exe] => (Allow) M:\firefoxportable\app\firefox64\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{5705884B-23BF-4637-8425-C1A415FA350B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
    FirewallRules: [{FF6F5757-9DE5-49A2-9768-10105F6AF411}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
    FirewallRules: [{946507FF-2089-45B0-9841-A3A20C434D94}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
    FirewallRules: [{B92D3EC9-264D-4366-8F75-BB4F9753F893}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
    FirewallRules: [{E5C7DEE5-C517-4558-95D9-9BCC05E3A0AA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> ) [File not signed]
    FirewallRules: [{F0FD3C60-3CCB-4EAF-B5A1-2F9CB7DE3D18}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> ) [File not signed]
    FirewallRules: [{FF380E3B-4C93-488F-99A4-6186680F390F}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
    FirewallRules: [{AD832412-CAFA-4BE6-AC9A-94D6BDB42BBD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
    FirewallRules: [{7F2C9AB4-A07B-4169-898D-3E3068820A05}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
    FirewallRules: [{95D55EEE-FEF7-40C6-BEEC-97B40FFE91DF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
    FirewallRules: [{B00A16CB-CF05-4910-8E49-86AE2CA01BD1}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
    FirewallRules: [{BCD6CFBE-CEFA-46EC-BC0C-C108863DBF6B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
    FirewallRules: [{B4387C63-29BD-4988-98AA-E944FEF4639D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
    FirewallRules: [{C0A96882-B509-4CCB-90D6-6BE126CF55F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{874B5086-112F-4993-B4CC-B159842D51B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{CFBC87B8-E5B9-4FC1-8009-2E266A543C51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F52491F6-1697-4993-989F-0940FC02D6E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{13E93A8A-3B69-4D51-A6F0-128F123741AC}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{73F70FF1-125B-41B3-855F-FF14036317B0}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{18B85441-B8DD-4939-9184-88AB7A6C61FB}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{1C089685-2D88-48AE-B545-1349FDF49CA4}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [TCP Query User{3968C9C8-15E0-4FB5-8D0F-54A867A2B528}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe (Node.js Foundation -> Node.js)
    FirewallRules: [UDP Query User{9130D09C-359E-45CB-B276-ADC694A92CF3}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe (Node.js Foundation -> Node.js)
    FirewallRules: [TCP Query User{F13EECB2-0010-4006-8A92-6B23379D0AD3}D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe] => (Allow) D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
    FirewallRules: [UDP Query User{3B275A50-A906-4BF9-9931-A001D350C186}D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe] => (Allow) D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
    FirewallRules: [TCP Query User{FE5A2366-7446-4E52-A2B4-B88C9D308DFA}M:\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) M:\googlechromeportable\app\chrome-bin\chrome.exe (Google Inc -> Google Inc.)
    FirewallRules: [UDP Query User{3330D6A8-3F05-4397-8E8B-201A32F2D3F8}M:\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) M:\googlechromeportable\app\chrome-bin\chrome.exe (Google Inc -> Google Inc.)
    FirewallRules: [DNS Server Forward Rule - TCP - b72a1c95-1b5e-4f7b-946b-ebf1ffe59baa - 0] => (Allow) LPort=53
    FirewallRules: [DNS Server Forward Rule - UDP - b72a1c95-1b5e-4f7b-946b-ebf1ffe59baa - 0] => (Allow) LPort=53
    FirewallRules: [TCP Query User{52FE1933-BB8C-41B2-9AE7-7D9AB8B85D20}D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe] => (Allow) D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe (hxxp://www.ruby-lang.org/) [File not signed]
    FirewallRules: [UDP Query User{29EFD8C4-7C52-4ED7-8404-036094AD7439}D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe] => (Allow) D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe (hxxp://www.ruby-lang.org/) [File not signed]
    FirewallRules: [{038B5F15-3567-4CAA-8841-07B1A854FA44}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{F22E319F-F408-484D-8BDB-2B001E7357B5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{FC17FC89-6C67-4993-971D-C3A4ABAD6447}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B27FE67B-7BDA-47B6-B96E-4636AFB6B52C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{BC3518A8-64C3-424D-9F52-7E9CC1CD2770}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{4A970330-DD1B-4EF8-A5F5-80C45BE56514}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{2FD192D5-43BA-4886-819F-AAB47366EB6E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [TCP Query User{3A685FE8-F5AC-4F3A-BB27-081DD88F001D}E:\eclipse-java\eclipse\eclipse.exe] => (Allow) E:\eclipse-java\eclipse\eclipse.exe No File
    FirewallRules: [UDP Query User{E364DFF8-FCAD-447B-9306-433451C7160D}E:\eclipse-java\eclipse\eclipse.exe] => (Allow) E:\eclipse-java\eclipse\eclipse.exe No File
    FirewallRules: [{C9C86E01-3A2E-47EF-8CCC-24B164938090}] => (Allow) D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
    FirewallRules: [{EEADF240-900B-4176-8F0C-8900293F1380}] => (Allow) D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
    FirewallRules: [{F93975AE-30C4-4E2D-8A39-5703463C2889}] => (Allow) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
    FirewallRules: [{EE49ED2B-E5A7-4E41-ADFB-E9F1376200FC}] => (Allow) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
    FirewallRules: [TCP Query User{106A2FCD-28D2-481D-BADC-C3DA7935BB97}D:\python27\pythonw.exe] => (Allow) D:\python27\pythonw.exe () [File not signed]
    FirewallRules: [UDP Query User{C2B5B1FC-10E4-4944-BE94-7729621DB653}D:\python27\pythonw.exe] => (Allow) D:\python27\pythonw.exe () [File not signed]
    FirewallRules: [{A8FB4216-EF01-4BB8-8DF5-A692CAC2DF27}] => (Block) D:\python27\pythonw.exe () [File not signed]
    FirewallRules: [{30C95746-097A-479C-A6CA-FA356DC63E12}] => (Block) D:\python27\pythonw.exe () [File not signed]
    FirewallRules: [TCP Query User{F953D62C-1BB2-4E82-81DB-F2CFE8F4322C}E:\xampp\mysql\bin\mysqld.exe] => (Allow) E:\xampp\mysql\bin\mysqld.exe No File
    FirewallRules: [UDP Query User{A6DA7857-B515-4AB9-AB32-B7C33FFEAA45}E:\xampp\mysql\bin\mysqld.exe] => (Allow) E:\xampp\mysql\bin\mysqld.exe No File
    FirewallRules: [{A4C7C420-60C7-41C4-9CC9-8029BADBA66B}] => (Block) E:\xampp\mysql\bin\mysqld.exe No File
    FirewallRules: [{164140E8-4D9B-4066-BBC2-2357CFB0A1C7}] => (Block) E:\xampp\mysql\bin\mysqld.exe No File
    FirewallRules: [TCP Query User{F60C26B2-E2D5-4645-A403-393E4B737E61}C:\everything-1.2.1.371.exe] => (Allow) C:\everything-1.2.1.371.exe No File
    FirewallRules: [UDP Query User{A3B72C70-1F2F-4FA8-AE00-E1E52340CE1E}C:\everything-1.2.1.371.exe] => (Allow) C:\everything-1.2.1.371.exe No File
    FirewallRules: [{0062DAFD-9C22-42FA-8A84-E7F88F00D04E}] => (Block) C:\everything-1.2.1.371.exe No File
    FirewallRules: [{7083CDEB-14BE-40F6-ADE9-163998C56547}] => (Block) C:\everything-1.2.1.371.exe No File
    FirewallRules: [{4E482B8F-01AC-4440-BF46-E112D0597DE4}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
    FirewallRules: [{79AC4258-4C3F-4A9B-889C-B10AF8A62313}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
    FirewallRules: [{89301777-E67B-46C3-BE81-23AB249290F1}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
    FirewallRules: [{BC3D41AF-05BB-433F-8220-412BD206CA5D}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
    FirewallRules: [TCP Query User{604A7DFB-A2A6-47CD-A461-55149002693B}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
    FirewallRules: [UDP Query User{589F34C3-39A7-4CE8-B56C-A25B08B4CD5A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
    FirewallRules: [TCP Query User{0B3CD393-D80A-4958-8879-1A09DA2FC06D}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
    FirewallRules: [UDP Query User{92206858-FD35-4CE3-9DF4-7514298A8E60}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
    FirewallRules: [TCP Query User{9E49BEA1-4446-4F02-A082-1BFF07BF0301}D:\portable\eclipse-php\eclipse.exe] => (Allow) D:\portable\eclipse-php\eclipse.exe (Eclipse Foundation, Inc. -> )
    FirewallRules: [UDP Query User{56FB9283-1BEE-4888-933B-A4EE13DE9C21}D:\portable\eclipse-php\eclipse.exe] => (Allow) D:\portable\eclipse-php\eclipse.exe (Eclipse Foundation, Inc. -> )
    FirewallRules: [TCP Query User{63F7BF1A-7F77-4DF1-A02C-21C8D66A4099}D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
    FirewallRules: [UDP Query User{CC2DE639-C0FB-4A98-BC60-7E6898E211FB}D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
    FirewallRules: [TCP Query User{D4E87016-D82A-40F6-8611-599C22077A9F}C:\program files\java\jdk1.8.0_162\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_162\bin\java.exe
    FirewallRules: [UDP Query User{A04CC4B1-82AC-42BE-B91B-BD0D8DAE507B}C:\program files\java\jdk1.8.0_162\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_162\bin\java.exe
    FirewallRules: [{9192B726-6E93-4F0D-9471-11C7E05F82EC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{4666A8F5-ED4B-4A7F-8B56-27677D630B82}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B6239F34-EAA8-46C0-BD2A-8124C3779B9E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1702E87A-33B1-436A-BAB5-74A9191FF907}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{8BD6C664-B7CA-4EBE-9632-C68F8E1A1F53}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0C6F264F-2295-4A44-8077-D0AA240097DA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{D51C14A9-05AD-4786-8343-EE7A4A7A1A98}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0DBE2910-325A-417F-AA95-1D9301F1C4EE}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1C7A00E0-F93B-4427-830F-3593B44F1239}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
    FirewallRules: [{D9B91157-D71B-484B-87EE-9104D2BBBF03}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
    FirewallRules: [{21221ACB-6A49-490E-972F-535D5F9BDE76}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
     
  10. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    FirewallRules: [{492E8379-1AE0-46BB-8382-B1A1A0B61FB5}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
    FirewallRules: [{911F6A20-2DA2-4762-8E50-1C582D8F4A15}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{F33635DA-EE52-49D8-B2FC-D2D174B8092C}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{5A71994C-3A2B-4EEC-8EB5-4DB9C6FC738E}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{2C46D851-25CA-46E1-9293-F65042B92CAF}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{F7A4E5C6-F26D-4BBC-8463-D1CA974EA875}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{58058DA7-527A-4B1A-8E56-7DA1B10C5B05}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{1A33BA71-2323-4DAA-A551-8D0933F5BEA5}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{2DEF0581-E648-43D5-B265-084CF478659B}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{8FB1089A-5CEC-4C37-B189-2B1C01F0A643}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{8CB625BD-8674-45DC-9F29-59F40034298D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{DF8F7F88-1844-4803-86C9-25D170CA9868}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{12119C07-C7D5-4D65-AA11-72FCF7141354}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{53E88463-2EE0-4D71-834B-E11D1C06F45F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{550DE14A-8343-4E3E-92AD-8EB3D05F8A5F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E07084C6-A3C7-4735-8568-19DD2CCDAF96}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{79969CF7-2CA8-4EC2-940D-8FB53573F372}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{3873667B-63A5-4116-8A77-E12A3777C1FA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{89051CDC-1384-45F2-B7A0-FC1F979AB64A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{A1FDE13B-EA89-42DC-AAD8-0AC7F10ED33D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{D854A422-DE09-4DBB-8ACA-5F76E982B356}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{743D4CBD-ECB3-4C19-9722-294C52B67E25}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{02835931-86C2-4C2C-9BCA-422AD3B8E08E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C60BDE99-FA4E-43A9-8749-79CC22D66CFC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{D53D5CF7-5305-4476-8705-F0AE2CB7EAED}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{9ECF389B-D9B4-448D-ABA0-3240EEEFA59A}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe (MetaQuotes Software Corp. -> MetaQuotes Software Corp.)
    FirewallRules: [{7201D7DB-0CFB-4F57-ABDA-B9608D117817}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{78DBFC94-CD8C-43BE-99D4-FA1BE9D9E8A1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{9B4F6B89-7426-484E-87CE-6F3AF3118440}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{3568E0C4-25F2-4054-9B43-FD4E26DD388F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0A98024E-8BC2-4481-BC70-CAD691516D8E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{BB21D8AE-EB75-4F68-BB35-9ED39F747036}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{75829F78-5043-45BE-9AD2-C84D2F639F9D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B2FBF2E3-F423-4C1A-845C-FB37C0ADBE33}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{04A45637-8F04-4C31-A6D0-CE0017F38EB7}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{2ECBF512-9A71-473C-B313-4C948F4ABB38}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{3C51E832-140C-4C70-AAEC-66F86C44A2F5}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7ZipSfx.000\bin\tools\aria2c.exe No File
    FirewallRules: [{F3B34D20-53B2-4167-A4CA-3AD9030C5C52}] => (Allow) D:\Program Files (x86)\Jenkins\jre\bin\java.exe
    FirewallRules: [{8A249D55-B3A2-46ED-ADF0-F7073C75CFC1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1FC387E5-11C6-4E16-BD03-E4D6321902DB}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{F862AE53-7356-437F-8203-762EDE4C9670}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{84F9A2DB-57B2-469C-97DF-3C93C76D0A10}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{9527A937-20F1-4A51-9C8E-58E7C4EE4878}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{928CD643-1FA9-4D90-9CEE-3FAB9A688311}] => (Allow) D:\Portable\Utorrent\App\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
    FirewallRules: [{379EAE77-8730-4A16-A43D-4B5180162C5F}] => (Allow) D:\Portable\Utorrent\App\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
    FirewallRules: [DNS Server Forward Rule - TCP - 9cc55fed-a673-4a10-b801-8a5e90c758c2 - 0] => (Allow) LPort=53
    FirewallRules: [DNS Server Forward Rule - UDP - 9cc55fed-a673-4a10-b801-8a5e90c758c2 - 0] => (Allow) LPort=53
    FirewallRules: [{6185A46E-1A3E-46AD-B72A-BCD76435A896}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{380DB46D-BFAF-4568-89C6-CED7C0420ACC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1357FEC1-415B-4253-9015-7E73475129D2}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{A7D23EB0-B7D4-416B-A216-F44A2B6AE42C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C97985A1-FD72-4002-B7AC-242A42DE0EB8}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{17A1CAFA-B49C-4A3B-B845-1142DC9F8320}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{616DC261-3870-4170-A08D-F5EEF74FD6FC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{9D4D2B72-DFC1-4104-9172-B4C1DB4D082E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E3D8BCBC-C6F9-4FD9-92AF-9E207DEA0EC3}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{90107887-01BE-4FB6-A095-6600C67A1628}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{9AD2E8AD-32EE-4391-A104-8BB5054CE435}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{94281599-651F-44A4-9ADD-F5C420A38342}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{B6655CDA-F756-450A-9A25-73D317EC56EC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{D3836698-B623-434B-B33C-71E752B8532F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{7C6CA454-FB4F-4FEC-B836-3A0BBAA4C663}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E4BA41C5-9FA1-4FAB-8492-204A100C6CD1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{9838A325-FD47-4F46-925D-5FB9E1FA3ECC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{6A0CAEBE-EC31-47FD-A291-71A1C5301B13}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0D81D271-8614-41E8-9991-7C7A3A7371E4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
    FirewallRules: [{3F7E0E80-6CB6-49E6-B6C9-4EA9360FE362}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
    FirewallRules: [{CD9FF453-F4C9-44A1-880E-B87DD07A6B98}] => (Allow) D:\Program Files\Anno 2070\Anno5.exe () [File not signed]
    FirewallRules: [{A8DDAB56-ABB5-4CEC-B25D-F51FE9C12974}] => (Allow) D:\Program Files\Anno 2070\Anno5.exe () [File not signed]
    FirewallRules: [{E71CEC64-4637-493F-987A-9312F1EAB2C0}] => (Allow) D:\Program Files\Anno 2070\AutoPatcher.exe (Related Designs Software) [File not signed]
    FirewallRules: [{DBC40916-A7C7-487A-9B90-93714300461B}] => (Allow) D:\Program Files\Anno 2070\AutoPatcher.exe (Related Designs Software) [File not signed]
    FirewallRules: [{3AF98CE7-EE65-4EF0-8203-01F84507BDF0}] => (Allow) D:\Program Files\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
    FirewallRules: [{25AA78DA-0321-4D4D-B80D-2399025FF3B6}] => (Allow) D:\Program Files\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
    FirewallRules: [{1933A7A3-4910-49F5-BBB7-D850171F1816}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{393A2EAF-3E4D-49D4-980C-C462E8CD5102}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C489736B-7C3D-45BB-A2A2-639C8D25D069}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{A6A13504-DD59-4A99-837F-E579E611F00B}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{8A3FAC95-21C3-42E2-9A8B-57396B2601FD}] => (Allow) C:\Program Files\Docker\Docker\Resources\com.docker.proxy.exe (Docker Inc -> )
    FirewallRules: [{B2644480-D57A-43B9-B539-59C6E825E7E2}] => (Allow) LPort=445
    FirewallRules: [{1AE2AD95-1546-4BE2-9A77-39314B32B7CA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{43787800-2BFD-4869-BE9B-A83C401DDBCE}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1D846517-9DA8-4177-BBE2-43D1991CE541}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{6DAAF372-D4BC-4B7C-A33C-5877455AD8F5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{52083C70-1EC8-4C48-9C8C-784E6812A772}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{CA05F10B-5AE4-487A-8B16-89FD9CC03B28}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{AEADAD04-581C-4139-867A-75FCBD758610}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{41CB95F2-CB9C-4310-B0F9-03A63AC0DD85}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{AE58DE86-0FB9-43FE-896C-30D2096AC680}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0DAA9C5D-B228-4AFB-BE9C-AED85CA98C7A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{86C6A761-9D72-441D-AF7E-7A6BAD83424A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{3E23600F-70F7-4822-BE86-5F218993E3F5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E3158F9D-C91A-495B-AB62-64E5A1A06085}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{93FCB6EE-EB94-4A9E-B7EC-3C1ECAB2FD23}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B65CD422-56D3-45FD-8FE8-0B5C05D7DC2E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1B7C6DB7-EC77-4550-B930-FF434D4BFF80}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{5BF23895-013B-4EC4-AB4F-41120A509214}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{52E97857-7B4C-485A-9197-3DAF967586BF}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{2D16448C-B177-41C0-85DB-DF0F245308EA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{962DA67E-31BE-430D-95E1-3A932992D9F1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{AFFD8E48-BCA1-40F2-9493-A9094AF67243}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{4CED368C-B0EC-436E-B0F6-B25220092923}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{30540F42-75F4-47C4-A6A2-7C189C116572}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{7280A1AB-F1C3-41C6-96C1-1C1626D2CB31}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{FC1608A4-1CDF-4A9D-B5EC-5FB5419B0501}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{192A412F-4CDA-4D3F-B90F-78F4B8B92A10}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{97CB41D4-8D01-43E2-A663-4B7323BB8B3A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{2B0B2E33-C83C-4F26-BDB2-F65D64DEDBC6}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C82C1415-4627-4A15-9DE8-4405DDB5BE04}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1C48E7E1-F72A-4F50-A126-CD516FE9C1D5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{371880ED-547A-4CE7-901F-ABEDC03FB3FD}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B8984FA8-CD21-4E38-A869-FA97EFF08B5D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C4A3AAA8-9F0C-41A7-9385-7851959430B9}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C0F1CCC5-B4E8-4100-99E9-22E67E87AE1B}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1535AA04-E38F-43CA-BBAE-B96A638DCE6F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{DF3B1568-3860-40D4-BE00-758E46DD6CBF}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{F863047A-0173-4691-889C-86E3AE914C8D}] => (Allow) LPort=1688

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============

    Name: VirtualBox Host-Only Ethernet Adapter
    Description: VirtualBox Host-Only Ethernet Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Oracle Corporation
    Service: VBoxNetAdp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: TAP-Windows Adapter V9
    Description: TAP-Windows Adapter V9
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: tap0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: TAP-Windows Adapter V9 #2
    Description: TAP-Windows Adapter V9
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: tap0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: VMware Virtual Ethernet Adapter for VMnet1
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet8
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Hyper-V Virtual Ethernet Adapter #3
    Description: Hyper-V Virtual Ethernet Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: VMSMP
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/12/2019 11:46:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program xampp-control.exe version 3.2.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 2b8c

    Start Time: 01d520ee61863697

    Termination Time: 4294967295

    Application Path: C:\xampp\xampp-control.exe

    Report Id: fe3a0f02-22b4-4d78-847a-70b0439efe46

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).

    For more information, see Help and Support Center at http://www.mysql.com.

    Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).

    For more information, see Help and Support Center at http://www.mysql.com.

    Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).

    For more information, see Help and Support Center at http://www.mysql.com.

    Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).

    For more information, see Help and Support Center at http://www.mysql.com.

    Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).

    For more information, see Help and Support Center at http://www.mysql.com.

    Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).

    For more information, see Help and Support Center at http://www.mysql.com.

    Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).

    For more information, see Help and Support Center at http://www.mysql.com.


    System errors:
    =============
    Error: (06/12/2019 10:16:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/12/2019 10:11:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/12/2019 08:30:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/12/2019 08:24:04 AM) (Source: DCOM) (EventID: 10016) (User: CODER)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user CODER\Administrator SID (S-1-5-21-2378293659-431221962-3870085809-500) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (06/12/2019 08:18:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/12/2019 08:17:58 AM) (Source: DCOM) (EventID: 10016) (User: CODER)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user CODER\Administrator SID (S-1-5-21-2378293659-431221962-3870085809-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/12/2019 08:15:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/12/2019 08:15:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-04-11 08:37:07.615
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li.../Wirekeyview&threatid=2147657007&enterprise=0
    Name: HackTool:Win32/Wirekeyview
    ID: 2147657007
    Severity: High
    Category: Tool
    Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\wirelesskeyview.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\wirelesskeyview.exe->(UPX)
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

    Date: 2018-04-11 08:37:07.612
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li.../PasswordFox&threatid=2147670744&enterprise=0
    Name: HackTool:Win32/PasswordFox
    ID: 2147670744
    Severity: High
    Category: Tool
    Path: file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\passwordfox.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

    Date: 2018-04-11 08:37:07.610
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...in32/Netpass&threatid=2147605535&enterprise=0
    Name: HackTool:Win32/Netpass
    ID: 2147605535
    Severity: High
    Category: Tool
    Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\netpass.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\netpass.exe->(UPX)
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

    Date: 2018-04-11 08:37:07.608
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...Mailpassview&threatid=2147571412&enterprise=0
    Name: HackTool:Win32/Mailpassview
    ID: 2147571412
    Severity: High
    Category: Tool
    Path: file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\mailpv.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

    Date: 2018-04-11 08:37:07.606
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...n32/Passview&threatid=2147597639&enterprise=0
    Name: HackTool:Win32/Passview
    ID: 2147597639
    Severity: High
    Category: Tool
    Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\iepv.exe;containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\rdpv.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\iepv.exe->(UPX);file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\rdpv.exe->(UPX);file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\sniffpass.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

    Date: 2018-04-10 15:24:42.142
    Description:
     
  11. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.265.351.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14700.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-04-10 15:24:42.142
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 119.0.0.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: Network Inspection System
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 2.1.14600.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-04-10 15:24:42.134
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.265.351.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14700.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-04-10 15:24:42.134
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.265.351.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14700.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-04-10 15:24:42.133
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.265.351.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14700.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2019-06-12 12:52:20.310
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-06-12 12:52:20.308
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2019-06-12 12:48:17.458
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-12 12:48:17.456
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-12 12:47:48.393
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-12 12:47:48.391
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-12 12:47:40.331
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-12 12:47:40.329
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    BIOS: Insyde Corp. V1.12 11/08/2017
    Motherboard: KBL Charmander_KL
    Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
    Percentage of memory in use: 35%
    Total physical RAM: 12163.6 MB
    Available physical RAM: 7899.52 MB
    Total Virtual: 14019.6 MB
    Available Virtual: 9924.86 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:0.64 GB) NTFS
    Drive d: (Software) (Fixed) (Total:330 GB) (Free:66.6 GB) NTFS
    Drive e: (Data) (Fixed) (Total:600.93 GB) (Free:3.8 GB) NTFS
    Drive l: (Files) (Fixed) (Total:4 GB) (Free:0.39 GB) NTFS
    Drive m: (PORTABLE) (Fixed) (Total:1.99 GB) (Free:0.23 GB) FAT32
    Drive u: (JAVA-ANDROI) (Fixed) (Total:4.99 GB) (Free:0.76 GB) FAT32

    \\?\Volume{5617f0d0-8818-4d60-861b-2c1496ee7fed}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
    \\?\Volume{8c0a6d0d-376f-4327-ac68-a09f68a626ea}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 1 (Size: 119.2 GB) (Disk ID: 7FA1AE37)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  12. Broni

    Broni Malware Annihilator Posts: 55,258   +456

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
     
  13. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    I do all steps and download all 3 step RogueKiller & Malwarebytes & AdwCleaner

    One thing: problem exist and when AdwCleaner Restart that computer and when I try to login I see quest11 account again
    I remove it again manually

    here the reports:
     
  14. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.16299) 64 bits
    Started in : Normal mode
    User : Administrator [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20190514_092255, Driver : Loaded
    Mode : Standard Scan, Delete -- Date : 2019/06/13 13:28:19 (Duration : 00:12:21)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [Bad.Extension (Malicious)] com.docker.service [Docker Inc] -- %ProgramFiles%\Docker\Docker\com.docker.service -> Stopped
    [PUP.HackTool (Potentially Malicious)] KMSEmulator -- %programdata%\KMSAutoS\bin\KMSSS.exe -> Stopped
    [Bad.Extension (Malicious)] HKEY_CLASSES_ROOT\CLSID\{539E424E-EE72-4439-BB27-6B646D119406} -- [D:\Program Files\Microsoft Office\Office15\Wordcnvpxy.cnv] -> Deleted
    [Tr.Gen (Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TNod -- -> Deleted
    [Bad.Extension (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\com.docker.service -- [%ProgramFiles%\Docker\Docker\com.docker.service] -> Deleted
    [PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMSEmulator -- [%programdata%\KMSAutoS\bin\KMSSS.exe] -> Deleted
    [Bad.Extension (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\com.docker.service -- [%ProgramFiles%\Docker\Docker\com.docker.service] -> Deleted
    [PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KMSEmulator -- [%programdata%\KMSAutoS\bin\KMSSS.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3C51E832-140C-4C70-AAEC-66F86C44A2F5} -- [%localappdata%\Temp\7ZipSfx.000\bin\tools\aria2c.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3C51E832-140C-4C70-AAEC-66F86C44A2F5} -- [%localappdata%\Temp\7ZipSfx.000\bin\tools\aria2c.exe] -> Deleted
    [PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
    [PUP.HackTool (Potentially Malicious)] TNod User & Password Finder -- %programdata%\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder -> Deleted
     
  15. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 6/13/19
    Scan Time: 1:36 PM
    Log File: 7d93cf14-8dba-11e9-8a7f-9829a647503a.json

    -Software Information-
    Version: 3.7.1.2839
    Components Version: 1.0.0
    Update Package Version: 1.0.0
    License: Free

    -System Information-
    OS: Windows 10 (Build 16299.192)
    CPU: x64
    File System: NTFS
    User: CODER\Administrator

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 325524
    Threats Detected: 4
    Threats Quarantined: 4
    Time Elapsed: 1 min, 45 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 4
    RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [5325], [353142],1.0.0
    RiskWare.GameHack, C:\PROGRAM FILES (X86)\GRAND THEFT AUTO V\STEAM_API64.DLL, Quarantined, [7582], [305544],1.0.0
    RiskWare.Agent, C:\PROGRAMDATA\RogueKiller\quarantine\FCADFAA7D4DB8FCB.vir\Uninstall.lnk, Quarantined, [3946], [352776],1.0.0
    RiskWare.Agent, D:\PROGRAM FILES (X86)\TNOD\UNINST-TNOD.EXE, Quarantined, [3946], [352776],1.0.0

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)
     
  16. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    # -------------------------------
    # Malwarebytes AdwCleaner 7.3.0.0
    # -------------------------------
    # Build: 04-04-2019
    # Database: 2019-04-03.1 (Local)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 06-13-2019
    # Duration: 00:00:01
    # OS: Windows 10 Enterprise
    # Cleaned: 1
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKLM\Software\Wow6432Node\Applian Technologies

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1298 octets] - [13/06/2019 13:49:39]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     
  17. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    Another Information:
    com.docker.service & KMSEmulator STOPED by RogueKiller not removed. I dont know this is normal or not..
     
  18. Broni

    Broni Malware Annihilator Posts: 55,258   +456

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  19. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2019
    Ran by Administrator (administrator) on CODER (Acer Aspire A515-51G) (14-06-2019 09:14:22)
    Running from E:\TechSpot_Virus_Removal_Instructions\TechSpot Instruction
    Loaded Profiles: Administrator (Available Profiles: Administrator)
    Platform: Windows 10 Enterprise Version 1709 16299.192 (X64) Language: English (United States)
    Default browser: "M:\FirefoxPortable\App\Firefox64\firefox.exe" -osint -url "%1"
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
    () [File not signed] L:\Applications\Portable Application For Use\Launchy\Launchy.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
    (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (AVAST Software s.r.o. -> AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software s.r.o. -> AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
    (ESET, spol. s r.o. -> ESET) D:\Program Files\ESET\ESET Security\egui.exe
    (ESET, spol. s r.o. -> ESET) D:\Program Files\ESET\ESET Security\ekrn.exe
    (Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxext.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHeciSvc.exe
    (Microsoft Corporation -> Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Rare Ideas, LLC -> PortableApps.com) M:\FirefoxPortable\FirefoxPortable.exe
    (Rare Ideas, LLC -> PortableApps.com) M:\GoogleChromePortable\GoogleChromePortable.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (ShenZhen Foscam Intelligent Technology Co,Ltd -> ) D:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe
    (ShenZhen Foscam Intelligent Technology Co,Ltd -> ) D:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe
    (TrueCrypt Foundation -> TrueCrypt Foundation) E:\TrueCrypt\TrueCrypt.exe
    Failed to access process -> svchost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-11-22] (Acronis International GmbH -> )
    HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381312 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET Security\ecmds.exe [324216 2017-10-10] (ESET, spol. s r.o. -> ESET)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620720 2017-11-22] (Acronis International GmbH -> )
    HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
    HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd -> Piriform Ltd)
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\MountPoints2: {94497376-2854-11e8-8b9a-9822ef5d28ca} - "G:\.\StartModem.exe"
    HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
    HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
    HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
    HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
    HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
    HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
    HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
    HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
    HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
    AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [309168 2016-02-02] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
    AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [261552 2016-02-02] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
    IFEO\osppsvc.exe: [Debugger] SppExtComObjPatcher.exe
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk [2018-03-19]
    ShortcutTarget: Outlook 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> )
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-07-05]
    ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00BF79A1-3FBD-4FBC-ADE3-1DF80D1C9B67} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
    Task: {096FD4F4-9B45-4F79-972E-195DA43546F5} - System32\Tasks\Microsoft\Windows\PLA\MyDataCollector => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1462272 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    Task: {0973A22E-04AE-4CDC-BD04-7506C35BB1B1} - System32\Tasks\Stop VI => C:\Users\Administrator\Desktop\stop.bat
    Task: {09B1DBE4-3B37-42B9-B688-92D0268E04BB} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [445744 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    Task: {0AC40EA4-FFFA-41F7-AD50-22706DEA6576} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2017-02-22] (Acer Incorporated -> Acer Incorporated)
    Task: {18E48433-E259-413B-A5BD-F13CADABDE36} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {29581800-DE6F-4DAA-88E4-24E875539A5E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CODER-Administrator Coder => D:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {393F8911-A151-4E38-A558-7B78F2D9FBF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {396CDF69-AB09-417A-8893-1B7822BFD6F8} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4645168 2017-05-24] (Acer Incorporated -> )
    Task: {42CDFE7E-E565-4E86-8F8D-789B756E559E} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2767664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    Task: {54CBFF78-B6CC-463F-A01D-8CF8BC00D10A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd -> Piriform Ltd)
    Task: {60116705-1C0D-4B43-9B08-2F815F8AF822} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1864640 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {6D3F7826-1A11-4D90-8D45-130DC0483413} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    Task: {6FEE2E7B-90DA-42EE-AF01-1946C5FDB0EF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {78F053F1-B562-4691-ABE2-BF0E663B4F4E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {7C3706F7-5604-4DB7-A95F-4331AA274CF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {7D260263-EC70-41C9-BEBB-D8DBAD5A7D1C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-02-22] (Acer Incorporated -> )
    Task: {933EDA72-8974-4A57-A8B8-60BD97E7135C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {990748EC-D28B-4409-9C4D-569F2B0A5CC1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [964544 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {A53C7E44-37C0-4964-89D9-83D24EFEC47D} - System32\Tasks\Microsoft\Windows\PLA\System Resource Report => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1462272 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
    Task: {A54A85BE-4325-4930-AEAF-E471B3E016B3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {A9BC49B2-B000-43D4-B4D3-BCF5067B2D15} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    Task: {ABC2A8CE-766D-49C9-9126-FDEA4B45FB34} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update => {A6BA00FE-40E8-477C-B713-C64A14F18ADB} C:\Windows\System32\wuautoappupdate.dll [57856 2017-11-26] (Microsoft Windows -> Microsoft Corporation)
    Task: {ACB0FAB4-27E6-4AA4-96D7-644992BBB499} - System32\Tasks\DELUSER => C:\Users\Administrator\Desktop\del.bat [24 2019-06-13] () [File not signed]
    Task: {E4290767-9AFE-4B69-B222-0D9FF0E0462A} - System32\Tasks\klcp_update => d:\program files (x86)\k-lite codec pack\tools\codectweaktool.exe [1179648 2018-03-19] () [File not signed]
    Task: {E5CD5C38-9DE6-4985-92F3-1BF170B7CDFE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [521152 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {E6440054-6A9E-4EF8-BD1B-2DBA0BB6E66E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )
    Task: {ED014DF2-C992-4016-AB07-3EC5E44D0C34} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {F261EE35-9E83-41C7-B60A-55C09B520852} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {FB235D23-1341-4308-827B-C038FE425E5E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536 2016-12-06] (Intel(R) Trust Services -> Intel(R) Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.8.8
    Tcpip\..\Interfaces\{4bc6fbac-6a36-4a4a-a401-f4a4f901f0e2}: [NameServer] 10.255.255.254
    Tcpip\..\Interfaces\{d660a15d-478e-4d1a-891a-9b9d571f15d7}: [DhcpNameServer] 8.8.8.8 8.8.8.8

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: 5dfsawqm.default
    FF DefaultProfile: as51hvxm.default
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Pencil\Profiles\5dfsawqm.default [2019-04-26]
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\as51hvxm.default [2019-06-13]
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1jxc1iaw.dev-edition-default [2018-08-01]
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cmop4avn.NonDevWorks [2018-08-15]
    FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
    FF Extension: (IDM Integration Module) - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
    FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2018-03-26] [Legacy] [not signed]
    FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-21] (Adobe Systems Incorporated -> )
    FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-21] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google Inc. -> Google, Inc.)
    FF Plugin-x32: @IPCWebComponents -> D:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2721824 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
    S3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-17] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
    R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 AvastWscReporter; D:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
    R2 ekrn; D:\Program Files\ESET\ESET Security\ekrn.exe [2648184 2017-10-10] (ESET, spol. s r.o. -> ESET)
    S3 FileZilla Server; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
    R2 FosCloudSvr; D:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe [91776 2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
    R2 FosIPCameraPluginService; D:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe [186496 2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
    S3 hns; C:\Windows\System32\HostNetSvc.dll [1412096 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-12-06] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Jenkins; D:\Program Files (x86)\Jenkins\jenkins.exe [360448 2018-07-18] (CloudBees, Inc.) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-02-19] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    S2 MBAMService; D:\Program Files\Malewarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
    S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
    S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742456 2017-11-22] (Acronis International GmbH -> )
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [38016 2017-10-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
    S3 VMAuthdService; D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [96232 2018-01-08] (VMware, Inc. -> VMware, Inc.)
    S3 vmcompute; C:\Windows\system32\vmcompute.exe [2542592 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
    S4 VMwareHostd; D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14347240 2018-01-08] (VMware, Inc. -> )
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-31] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-31] (Microsoft Corporation -> Microsoft Corporation)
    S2 Memcached11211; C:\memcached\memcached.exe -d runservice -p 11211 [X]
    S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
    S4 postgres; "C:\xampp\pgsql\9.5\bin\pg_ctl.exe" runservice -N "postgres" -D "C:\xampp\pgsql\9.5\data"
    S4 postgressql; "C:\xampp\pgsql\9.5\bin\pg_ctl.exe" runservice -N "postgressql" -D "C:\xampp\pgsql\9.5\data"

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254128 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswblog; C:\Windows\System32\drivers\aswblog.sys [320624 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57888 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
    R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [257832 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166848 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1031000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476768 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [220640 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380160 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133352 2017-12-11] (ESET, spol. s r.o. -> ESET)
    R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-04-07] (ESET, spol. s r.o. -> ESET)
    S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
    R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180088 2017-10-11] (ESET, spol. s r.o. -> ESET)
    R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50752 2017-04-07] (ESET, spol. s r.o. -> ESET)
    R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [78192 2017-04-07] (ESET, spol. s r.o. -> ESET)
    R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [102160 2017-09-25] (ESET, spol. s r.o. -> ESET)
    R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [564304 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [379664 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    S3 hvsocketcontrol; C:\Windows\system32\drivers\hvsocketcontrol.sys [26112 2018-03-25] (Microsoft Windows -> Microsoft Corporation)
    R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [89912 2016-08-30] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R1 ISODrive; D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
    R3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (Jaksta Technologies Pty Ltd -> e2eSoft)
    R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [22320 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    S3 mtkmbim; C:\Windows\System32\drivers\mtkmbim7_x64.sys [208896 2012-12-13] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_2fc0d3600c3c3d39\nvlddmkm.sys [17036560 2018-01-10] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2412976 2017-04-16] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
    R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [947712 2017-01-16] (Realtek Semiconductor Corp. -> Realtek )
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-12-15] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [690520 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    R4 truecrypt; E:\TrueCrypt\truecrypt-x64.sys [230864 2014-01-03] (TrueCrypt Foundation -> TrueCrypt Foundation)
    S3 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation -> Oracle Corporation)
    R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation -> Oracle Corporation)
    R1 VfpExt; C:\Windows\System32\drivers\vfpext.sys [1207808 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
    R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331976 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
    R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
    R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.)
    S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-03-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288296 2018-03-31] (Microsoft Windows -> Microsoft Corporation)
    S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-02-22] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
    S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-31] (Microsoft Windows -> Microsoft Corporation)
    U3 aswbdisk; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-14 01:09 - 2019-06-14 01:10 - 011279328 _____ C:\Users\Administrator\Downloads\1058292343265.mp4
    2019-06-14 01:09 - 2019-06-14 01:09 - 012680095 _____ C:\Users\Administrator\Downloads\1058291343259.mp4
    2019-06-13 23:55 - 2019-06-13 23:56 - 000003590 _____ C:\Windows\System32\Tasks\DELUSER
    2019-06-13 23:53 - 2019-06-13 23:54 - 000000024 _____ C:\Users\Administrator\Desktop\del.bat
    2019-06-13 22:14 - 2019-06-13 22:19 - 000000000 _____ C:\Windows\SysWOW64\net
    2019-06-13 13:53 - 2019-06-13 13:53 - 000000788 _____ C:\Users\Administrator\Desktop\newnew - Shortcut.lnk
    2019-06-13 13:48 - 2019-06-13 13:48 - 000001445 _____ C:\Users\Administrator\Desktop\Step2.txt - Shortcut.lnk
    2019-06-13 13:48 - 2019-06-13 13:48 - 000001166 _____ C:\Users\Administrator\Desktop\TechSpot Instruction - Shortcut (2).lnk
    2019-06-13 13:17 - 2019-06-13 15:02 - 000000000 ____D C:\Users\Administrator\Desktop\do
    2019-06-13 13:09 - 2019-06-13 13:33 - 000000000 ____D C:\ProgramData\RogueKiller
    2019-06-13 13:07 - 2019-06-13 13:53 - 000000000 ____D C:\AdwCleaner
    2019-06-13 13:07 - 2019-06-13 09:32 - 007025360 _____ (Malwarebytes) C:\Users\Administrator\Desktop\AdwCleaner.exe
    2019-06-13 13:06 - 2019-06-13 13:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbamtray
    2019-06-13 13:06 - 2019-06-13 13:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
    2019-06-13 13:06 - 2019-06-13 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-06-13 13:06 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
    2019-06-13 13:06 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2019-06-13 13:02 - 2019-06-13 14:00 - 000000000 ____D C:\Program Files\RogueKiller
    2019-06-13 13:02 - 2019-06-13 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2019-06-12 14:06 - 2019-06-12 14:06 - 000001166 _____ C:\Users\Administrator\Desktop\TechSpot Instruction - Shortcut.lnk
    2019-06-12 12:47 - 2019-06-14 09:14 - 000000000 ____D C:\FRST
    2019-06-12 12:42 - 2019-06-12 12:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
    2019-06-12 12:37 - 2019-06-12 12:37 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
    2019-06-12 12:35 - 2019-06-12 12:35 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
    2019-06-12 12:33 - 2019-06-14 08:43 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2019-06-12 12:33 - 2019-06-12 12:33 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
    2019-06-12 12:33 - 2019-06-12 12:32 - 001031000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000476768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000380160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2019-06-12 12:33 - 2019-06-12 12:32 - 000320624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000257832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000254128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000220640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000196000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000166848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
    2019-06-12 12:33 - 2019-06-12 12:32 - 000015488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
    2019-06-12 12:27 - 2019-06-12 12:33 - 000000000 ____D C:\ProgramData\AVAST Software
    2019-06-12 11:22 - 2019-06-12 11:22 - 000008645 _____ C:\Users\Administrator\.bash_history
    2019-06-12 11:17 - 2019-06-12 11:17 - 000000784 _____ C:\Users\Administrator\Desktop\github_c#_things - Shortcut.lnk
    2019-06-10 10:59 - 2019-06-12 12:41 - 000000931 _____ C:\Users\Administrator\Desktop\virus - Shortcut.lnk
    2019-06-10 10:53 - 2019-06-10 10:53 - 000001144 _____ C:\Users\Administrator\Desktop\Project - messagespersiaaustraliaanswered=✔ - Shortcut.lnk
    2019-06-09 23:06 - 2019-06-13 13:06 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-06-09 23:06 - 2019-06-09 23:06 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5456C697.sys
    2019-06-09 23:03 - 2019-06-09 23:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2019-06-09 23:03 - 2019-06-09 23:03 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2019-06-08 03:19 - 2019-06-13 17:27 - 000002406 _____ C:\Windows\System32\Tasks\Stop VI
    2019-06-08 02:40 - 2019-06-09 08:10 - 000000574 _____ C:\Users\Administrator\Desktop\stop.bat_
    2019-06-07 19:02 - 2019-06-07 19:02 - 000000738 _____ C:\Users\Administrator\AppData\Local\recently-used.xbel
    2019-06-05 22:21 - 2019-06-05 22:21 - 000002153 _____ C:\Users\Administrator\Desktop\لیست ارائه دروس.lnk
    2019-06-05 15:24 - 2019-06-05 15:24 - 000000853 _____ C:\Users\Administrator\Desktop\Archive T,TT2,TT3,TT4,TT4 Deleted...Copy From AData.lnk
    2019-06-05 14:45 - 2019-06-05 14:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\gtk-3.0
    2019-06-05 12:45 - 2019-06-05 12:45 - 000000775 _____ C:\Users\Administrator\Desktop\Cut From HTDocs - Shortcut.lnk
    2019-06-05 10:40 - 2019-06-05 10:41 - 001060857 _____ C:\Users\Administrator\Downloads\video.mp4
    2019-06-05 09:19 - 2019-06-05 09:19 - 000001459 _____ C:\Users\Administrator\Desktop\project86066 - Shortcut.lnk
    2019-06-04 22:46 - 2019-06-04 22:46 - 000000798 _____ C:\Users\Administrator\Desktop\check files.lnk
    2019-06-04 14:44 - 2019-06-04 14:44 - 000001342 _____ C:\Users\Administrator\Desktop\PHP Personal Finance - Shortcut.lnk
    2019-06-04 10:52 - 2019-06-04 10:52 - 000000901 _____ C:\Users\Administrator\Desktop\Eclips - Shortcut.lnk
    2019-06-03 15:01 - 2019-06-03 15:01 - 000000919 _____ C:\Users\Administrator\Desktop\استفاده برای روشن بودن سیستم در روز و کلیک برای دریافت پول بیت کوین......بررسی اون سایت مربوط به حجاوااسکریپت که بیت کوین جمع می کرد.lnk
    2019-06-03 14:58 - 2019-06-03 14:58 - 000000000 ____D C:\Users\Administrator\workspace
    2019-06-02 11:43 - 2019-06-02 11:43 - 003180712 _____ C:\Users\Administrator\Downloads\61204038_2128133783970722_9090820503427527366_n.mp4
    2019-06-02 11:42 - 2019-06-02 11:42 - 002094038 _____ C:\Users\Administrator\Downloads\60740600_193844208264326_2299228890290000967_n.mp4
    2019-06-01 14:42 - 2019-06-08 13:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\PHP Language Server
    2019-06-01 13:58 - 2019-06-01 13:58 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Obsidium
    2019-06-01 13:35 - 2019-06-01 13:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Visual Studio Code
    2019-05-31 18:14 - 2019-05-31 18:14 - 000118247 _____ C:\Windows\SysWOW64\package-lock.json
    2019-05-31 17:30 - 2019-06-01 00:20 - 000000000 ____D C:\Users\Administrator\Desktop\convert CSV to QIF
    2019-05-26 13:21 - 2019-05-26 13:21 - 000001097 _____ C:\Users\Administrator\Desktop\fireox addone for download images - Shortcut.lnk
    2019-05-23 11:02 - 2019-05-23 11:02 - 000001122 _____ C:\Users\Administrator\Desktop\plese learn this vendor componenets.lnk
    2019-05-22 17:59 - 2019-05-22 17:59 - 000000971 _____ C:\Users\Administrator\Desktop\website_image_downloader - Shortcut.lnk
    2019-05-22 12:17 - 2019-05-22 12:17 - 000000000 ____D C:\Users\Administrator\Downloads\خرید دیجی کالا
    2019-05-20 13:57 - 2019-05-20 13:57 - 000000910 _____ C:\Users\Administrator\Desktop\سرور پایتون.lnk
    2019-05-17 22:32 - 2019-05-17 22:32 - 000001131 _____ C:\Users\Administrator\Desktop\Project-Python-Platform_Blogs-Auto-Publisher - Shortcut.lnk
    2019-05-16 10:23 - 2019-05-16 10:24 - 000000000 ____D C:\Users\Administrator\Desktop\agahi jadid
    2019-05-16 10:10 - 2019-05-16 10:10 - 000001459 _____ C:\Users\Administrator\Desktop\research about this.lnk
    2019-05-16 10:06 - 2019-05-16 10:06 - 000001513 _____ C:\Users\Administrator\Desktop\project20057460 - Shortcut.lnk
     
  20. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-14 09:14 - 2018-04-06 16:57 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
    2019-06-14 08:42 - 2018-03-16 13:03 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
    2019-06-14 08:42 - 2018-03-15 17:44 - 000000000 ____D C:\ProgramData\NVIDIA
    2019-06-14 01:01 - 2018-04-12 14:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
    2019-06-13 18:49 - 2018-03-15 17:22 - 000000000 ____D C:\Windows\system32\SleepStudy
    2019-06-13 16:50 - 2018-03-16 16:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2019-06-13 16:50 - 2018-03-15 17:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-06-13 16:49 - 2018-03-16 10:10 - 000000000 ____D C:\Users\Administrator
    2019-06-13 16:49 - 2017-09-29 13:15 - 001310720 _____ C:\Windows\system32\config\BBI
    2019-06-13 15:40 - 2018-03-20 01:08 - 000005216 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CODER-Administrator Coder
    2019-06-13 13:43 - 2018-05-16 15:46 - 000000000 ____D C:\Program Files (x86)\Grand Theft Auto V
    2019-06-13 13:17 - 2019-05-10 19:19 - 000229672 _____ C:\Users\Administrator\Desktop\2.zip
    2019-06-13 13:06 - 2017-09-29 18:16 - 000000000 ___HD C:\Windows\ELAMBKUP
    2019-06-12 10:39 - 2018-03-26 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
    2019-06-11 23:55 - 2018-03-19 00:18 - 000000000 ____D C:\Users\Administrator\.p2
    2019-06-11 22:40 - 2018-03-31 00:08 - 000000000 ____D C:\Users\Administrator\AppData\Local\Eclipse
    2019-06-10 22:28 - 2019-01-17 14:24 - 000004320 _____ C:\Users\Administrator\Desktop\ask-do.txt
    2019-06-10 09:56 - 2018-04-01 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VMware
    2019-06-10 09:56 - 2018-04-01 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\VMware
    2019-06-10 09:24 - 2018-06-29 09:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\MechCAD
    2019-06-08 15:35 - 2018-03-26 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
    2019-06-08 02:44 - 2018-10-26 10:42 - 000035696 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
    2019-06-08 02:40 - 2018-06-15 13:15 - 000000769 _____ C:\Users\Administrator\Desktop\kill.bat
    2019-06-07 20:30 - 2018-03-21 19:28 - 000000279 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\This PC.lnk
    2019-06-07 16:27 - 2018-03-15 17:40 - 000003178 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
    2019-06-07 00:01 - 2018-03-16 10:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
    2019-06-06 12:11 - 2018-03-16 13:43 - 000007650 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
    2019-06-06 06:29 - 2018-03-21 15:58 - 000003362 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D690AB43-282C-486B-B0DB-82BD1691ED6E}
    2019-06-06 06:29 - 2018-03-16 13:01 - 000002974 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:29 - 2018-03-16 13:00 - 000003044 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:29 - 2018-03-16 13:00 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:29 - 2018-03-16 13:00 - 000002898 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:29 - 2018-03-16 13:00 - 000002846 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:29 - 2018-03-16 13:00 - 000002804 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:28 - 2018-03-16 13:01 - 000003236 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:28 - 2018-03-16 13:00 - 000003458 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-06-06 06:27 - 2018-09-16 10:00 - 000003186 _____ C:\Windows\System32\Tasks\KMSAutoNet
    2019-06-06 02:13 - 2018-04-20 10:31 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Code
    2019-06-03 23:42 - 2019-02-03 11:05 - 000001148 _____ C:\Users\Administrator\Desktop\eclipse-php-2018-12-R-win32-x86_64.zip - Shortcut.lnk
    2019-06-03 23:27 - 2018-03-27 09:22 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
    2019-06-01 15:49 - 2018-04-05 09:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Composer
    2019-06-01 11:24 - 2018-03-31 13:14 - 000000000 ____D C:\Program Files\Beyond Compare 4
    2019-05-24 15:30 - 2017-09-29 18:14 - 000000000 ____D C:\Windows\INF
    2019-05-23 16:20 - 2018-04-18 16:59 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Electrum
    2019-05-22 13:59 - 2018-08-21 22:23 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Atom
    2019-05-21 09:21 - 2018-11-30 18:28 - 000000000 ____D C:\Users\Administrator\Downloads\Soroush Downloads
    2019-05-19 01:30 - 2017-09-29 18:16 - 000000000 ____D C:\Windows\system32\NDF
    2019-05-17 17:27 - 2017-09-29 18:07 - 000000000 ____D C:\Windows\CbsTemp

    ==================== Files in the root of some directories =======

    2018-06-10 20:01 - 2019-05-07 14:12 - 000000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CC Prefs
    2018-08-14 16:28 - 2018-08-25 22:09 - 000000023 _____ () C:\Users\Administrator\AppData\Roaming\brand.ini
    2018-06-28 17:04 - 2018-06-28 17:04 - 000011512 _____ () C:\Users\Administrator\AppData\Roaming\Comma Separated Values.TSK
    2018-08-14 16:28 - 2018-08-25 22:15 - 001210039 _____ () C:\Users\Administrator\AppData\Roaming\FosPlugin.log
    2018-08-14 16:28 - 2018-08-23 16:23 - 000430524 _____ () C:\Users\Administrator\AppData\Roaming\FosRtmp.log
    2018-06-10 20:01 - 2019-05-07 13:44 - 000001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
    2019-02-05 10:10 - 2019-02-05 10:10 - 000000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND
    2019-06-07 19:02 - 2019-06-07 19:02 - 000000738 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
    2018-03-16 13:43 - 2019-06-06 12:11 - 000007650 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
    2018-04-06 17:00 - 2018-04-06 17:00 - 000000032 RSHOT () C:\Users\Administrator\AppData\Local\t80.dat

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2019-06-07 12:04
    ==================== End of FRST.txt ============================
     
  21. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2019
    Ran by Administrator (14-06-2019 09:18:11)
    Running from E:\TechSpot_Virus_Removal_Instructions\TechSpot Instruction
    Windows 10 Enterprise Version 1709 16299.192 (X64) (2018-03-15 12:56:37)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2378293659-431221962-3870085809-500 - Administrator - Enabled) => C:\Users\Administrator
    DefaultAccount (S-1-5-21-2378293659-431221962-3870085809-503 - Limited - Disabled)
    Guest (S-1-5-21-2378293659-431221962-3870085809-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-2378293659-431221962-3870085809-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: ESET Smart Security (Enabled - Out of date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
    AS: ESET Smart Security (Enabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3012 - Acer Incorporated)
    Acronis True Image (HKLM-x32\...\{02907CFD-628F-400B-BB12-1F9126014B10}) (Version: 22.5.10410 - Acronis) Hidden
    Acronis True Image (HKLM-x32\...\{02907CFD-628F-400B-BB12-1F9126014B10}Visible) (Version: 22.5.10410 - Acronis)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
    Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
    Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
    Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
    Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
    Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
    ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
    Axure RP (HKLM-x32\...\{008035CA-B7B7-4E56-B641-6918B0639D67}) (Version: 8.1.0.3366 - Axure RP) Hidden
    Axure RP (HKLM-x32\...\Axure RP 8.1.0.3366) (Version: 8.1.0.3366 - Axure RP)
    Balsamiq Mockups 3 (HKLM-x32\...\{DD3D206D-0E2A-13E1-C0CE-DC751907F1D4}) (Version: 3.5.15 - Balsamiq SRL) Hidden
    Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.5.15 - Balsamiq SRL)
    Beyond Compare 4 (HKLM\...\{382FD58E-226F-418B-8F34-DA8EE89D9550}) (Version: 4.2.4.22795 - Scooter Software, Inc.)
    Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
    Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
    Crisp (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Crisp) (Version: 5.0.16 - Crisp IM)
    D-Link Connection Manager v7.0.3ME (HKLM-x32\...\Broad Mobi HSPA Modem Normal Version_is1) (Version: - )
    Docker for Windows (HKLM\...\Docker for Windows) (Version: 17.12.0-ce-win47 - Docker Inc.)
    Electrum (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Electrum) (Version: 3.1.2 - Electrum Technologies GmbH)
    ESET Smart Security (HKLM\...\{79097F9F-0456-4C0C-9B53-A5E2712119A6}) (Version: 10.1.235.4 - ESET, spol. s r.o.)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
    Gap Messenger 2.6.0 (only current user) (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\7a047109-c38b-5582-a5cf-87670e7f2e94) (Version: 2.6.0 - Gap Messenger)
    Git version 2.16.2 (HKLM\...\Git_is1) (Version: 2.16.2 - The Git Development Community)
    GitHub Desktop (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\GitHubDesktop) (Version: 1.1.1 - GitHub, Inc.)
    Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
    Grand Theft Auto V - The Manual (HKLM-x32\...\{752EBD91-8B95-42B5-8692-A7243A6EEEA9}) (Version: 1.0.0 - Rockstar Games)
    Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
    heroku (HKLM-x32\...\heroku) (Version: - Heroku)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1004 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    IPCWebComponents 5.0.0.3 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 5.0.0.3 - FOSCAM)
    Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
    Java SE Development Kit 8 Update 162 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180162}) (Version: 8.0.1620.12 - Oracle Corporation)
    Jenkins 2.121.2 (HKLM-x32\...\{73B65605-756E-46F2-94F8-94E90FC9C76C}) (Version: 0.2.121.2000 - Jenkins project)
    JetBrains PhpStorm 2018.1.5 (HKLM-x32\...\PhpStorm 2018.1.5) (Version: 181.5281.19 - JetBrains s.r.o.)
    JetBrains PyCharm 2017.2.3 (HKLM-x32\...\PyCharm 2017.2.3) (Version: 172.3968.37 - JetBrains s.r.o.)
    K-Lite Mega Codec Pack 14.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Node.js (HKLM-x32\...\{883ECC46-3EED-4960-B912-1CFAF4A8BDB7}) (Version: 8.9.1 - Node.js Foundation)
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
    NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
    NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    OpenVPN 2.3.18-I602 (HKLM\...\OpenVPN) (Version: 2.3.18-I602 - OpenVPN Technologies, Inc.)
    Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Parnian8.Office (HKLM-x32\...\{7572F3AF-149B-4961-85AE-5B448FCA381F}) (Version: 7.8.14 - Gostareh Negar)
    PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
    Pencil Prototyping (HKLM-x32\...\Pencil Prototyping) (Version: - Evolus Co., Ltd.)
    PhoneGap Desktop version 0.4.5 (HKLM-x32\...\com.adobe.phonegap.desktop_is1) (Version: 0.4.5 - Adobe Inc.)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.4 - Vaclav Slavik)
    Postman-win64-6.2.5 (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Postman) (Version: 6.2.5 - Postman)
    PremiumSoft Navicat 11.2 for MySQL (HKLM-x32\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.2.14 - PremiumSoft CyberTech Ltd.)
    Python 2.7 py2exe-0.6.9 (HKLM-x32\...\py2exe-py2.7) (Version: - )
    Python 2.7 py2exe-0.6.9 (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\py2exe-py2.7) (Version: - )
    Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
    Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
    Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10426 - Qualcomm)
    Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.303 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21294 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8108 - Realtek Semiconductor Corp.)
    Replay Media Catcher 6 (6.0.1.7) (HKLM-x32\...\Replay Media Catcher 6) (Version: 6.0.1.7 - Applian Technologies)
    Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
    Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
    RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
    Skype version 8.32 (HKLM-x32\...\Skype_is1) (Version: 8.32 - Skype Technologies S.A.)
    Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
    Soroush Desktop Application (HKLM-x32\...\Soroush_is1) (Version: 0.16.1.0 - )
    Symfony version 1.1.3 (HKLM\...\Symfony_is1) (Version: 1.1.3 - Symfony)
    TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
    TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    UltraISO Premium V9.7 (HKLM-x32\...\UltraISO_is1) (Version: - )
    Vagrant (HKLM-x32\...\{23A65850-5D62-4A42-9312-D19E58CA5376}) (Version: 2.0.3 - HashiCorp)
    VMware Workstation (HKLM\...\{ADC3121A-3EBA-4016-AF64-00B8FE017080}) (Version: 14.1.1 - VMware, Inc.)
    VNC Viewer 6.17.1113 (HKLM\...\{26DEBF7F-3876-43C3-8365-5A2B4C604DFA}) (Version: 6.17.1113.31799 - RealVNC Ltd)
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
    XAMPP (HKLM-x32\...\xampp) (Version: 7.2.1-0 - Bitnami)

    Packages:
    =========
    Eclipse Manager -> C:\Program Files\WindowsApps\46928bounde.EclipseManager_3.2.16.0_x64__a5h4egax66k6y [2018-04-02] (Ounce Digital)
    Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt [2018-08-16] (Instagram)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9126.21535.0_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x86__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.18.12091.0_x64__8wekyb3d8bbwe [2018-04-08] (Microsoft Studios) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.23.10923.0_x64__8wekyb3d8bbwe [2018-04-08] (Microsoft Corporation) [MS Ad]
    Trello -> C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.10.3.0_x64__7pb5ddty8z1pa [2018-04-16] (Trello, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc. -> Tonec Inc.)
    ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
    ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
    ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
    ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] (Notepad++ -> )
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
    ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
    ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
    ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
    ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => D:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
    ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => D:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malewarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
    ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxDTCM.dll [2017-11-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
    ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
    ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malewarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => D:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
    ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Administrator\Desktop\Pocket.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Web Server for Chrome.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=ofhbbkphhbklhfoeikjpcbhemlocgigb

    ==================== Loaded Modules (Whitelisted) ==============

    2017-11-22 12:04 - 2017-11-22 12:04 - 000277538 _____ () [File not signed] C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
    2014-12-23 20:23 - 2009-12-17 02:18 - 000233472 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\imageformats\qmng4.dll
    2014-12-23 20:23 - 2010-04-03 15:05 - 000380928 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\Launchy.exe
    2014-12-23 20:23 - 2010-04-03 15:06 - 000081920 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\calcy.dll
    2014-12-23 20:23 - 2010-04-03 15:05 - 000090112 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\controly.dll
    2014-12-23 20:23 - 2010-04-03 15:06 - 000024064 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\gcalc.dll
    2014-12-23 20:23 - 2010-04-03 15:06 - 000094208 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\runner.dll
    2014-12-23 20:23 - 2010-04-03 15:05 - 000057344 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\verby.dll
    2014-12-23 20:23 - 2010-04-03 15:05 - 000122880 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\weby.dll
    2014-12-23 20:23 - 2009-12-16 23:54 - 002236416 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtCore4.dll
    2014-12-23 20:23 - 2009-12-17 00:13 - 008314880 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtGui4.dll
    2014-12-23 20:23 - 2009-12-16 23:56 - 000712704 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtNetwork4.dll
    2017-11-22 11:51 - 2017-08-15 19:51 - 001477120 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-09-29 18:16 - 2019-06-13 13:43 - 000003734 _____ C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 activation.acronis.com web-api-tih.acronis.com
    127.0.0.1 tonec.com
    127.0.0.1 www.tonec.com
    127.0.0.1 registeridm.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 adobeereg.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 125.252.224.90
    127.0.0.1 125.252.224.91
    127.0.0.1 hl2rcv.adobe.com
    127.0.0.1 lm.licenses.adobe.com
    127.0.0.1 lmlicenses.wip4.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> D:\Python27\;D:\Python27\Scripts;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Docker\Docker\Resources\bin;C:\Program Files (x86)\Java\jre1.8.0_162\bin;C:\Program Files (x86)\Java\jdk1.8.0_162\bin;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\nodejs\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;D:\Program Files\HashiCorp\Vagrant\bin;D:\Program Files\Git\cmd;C:\ProgramData\ComposerSetup\bin;C:\xampp\mysql\bin;C:\xampp\apache\bin;D:\Python\phantomjs-2.1.1-windows\bin\;E:\New Soft\ffmpeg\ffmpeg-4.1-win64-static\bin;D:\Program Files\Symfony;C:\xampp\php721;C:\Program Files\WinRAR;L:\Applications\Portable Application For Use\7-ZipPortable\App\7-Zip64;C:\xampp\htdocs\Learning_Symfony\my_project_test\node_modules\.bin;C:\xampp\htdocs\Learning_Symfony\symfony-docs-3.4\_build;
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
    HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
    HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
    HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
    HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\StartupFolder: => "Outlook 2013.lnk"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "Docker for Windows"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "RGSC"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "Skype for Desktop"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{CA14DA2D-0004-4D9E-8133-7DDEB8FA089D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
    FirewallRules: [UDP Query User{0E719808-BC3D-45DE-9189-E1FCFEEF3D5D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
    FirewallRules: [{0BEB4113-76C0-4636-B3F7-387EC7CD24BB}] => (Block) C:\program files\android\android studio\jre\bin\java.exe
    FirewallRules: [{67404E8B-9BFB-4A8D-8929-D1CB188DD20A}] => (Block) C:\program files\android\android studio\jre\bin\java.exe
    FirewallRules: [TCP Query User{8237A047-1CF2-4DAE-BBBC-CCAE041ABB11}M:\firefoxportable\app\firefox64\firefox.exe] => (Allow) M:\firefoxportable\app\firefox64\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [UDP Query User{F3260B67-218B-48E2-885D-3C036160FBE7}M:\firefoxportable\app\firefox64\firefox.exe] => (Allow) M:\firefoxportable\app\firefox64\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{5705884B-23BF-4637-8425-C1A415FA350B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
    FirewallRules: [{FF6F5757-9DE5-49A2-9768-10105F6AF411}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
    FirewallRules: [{946507FF-2089-45B0-9841-A3A20C434D94}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
    FirewallRules: [{B92D3EC9-264D-4366-8F75-BB4F9753F893}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
    FirewallRules: [{E5C7DEE5-C517-4558-95D9-9BCC05E3A0AA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> ) [File not signed]
    FirewallRules: [{F0FD3C60-3CCB-4EAF-B5A1-2F9CB7DE3D18}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> ) [File not signed]
    FirewallRules: [{FF380E3B-4C93-488F-99A4-6186680F390F}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
    FirewallRules: [{AD832412-CAFA-4BE6-AC9A-94D6BDB42BBD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
    FirewallRules: [{7F2C9AB4-A07B-4169-898D-3E3068820A05}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
    FirewallRules: [{95D55EEE-FEF7-40C6-BEEC-97B40FFE91DF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
    FirewallRules: [{B00A16CB-CF05-4910-8E49-86AE2CA01BD1}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
    FirewallRules: [{BCD6CFBE-CEFA-46EC-BC0C-C108863DBF6B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
    FirewallRules: [{B4387C63-29BD-4988-98AA-E944FEF4639D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
    FirewallRules: [{C0A96882-B509-4CCB-90D6-6BE126CF55F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{874B5086-112F-4993-B4CC-B159842D51B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{CFBC87B8-E5B9-4FC1-8009-2E266A543C51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F52491F6-1697-4993-989F-0940FC02D6E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{13E93A8A-3B69-4D51-A6F0-128F123741AC}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{73F70FF1-125B-41B3-855F-FF14036317B0}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{18B85441-B8DD-4939-9184-88AB7A6C61FB}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{1C089685-2D88-48AE-B545-1349FDF49CA4}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [TCP Query User{3968C9C8-15E0-4FB5-8D0F-54A867A2B528}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe (Node.js Foundation -> Node.js)
    FirewallRules: [UDP Query User{9130D09C-359E-45CB-B276-ADC694A92CF3}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe (Node.js Foundation -> Node.js)
    FirewallRules: [TCP Query User{F13EECB2-0010-4006-8A92-6B23379D0AD3}D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe] => (Allow) D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
    FirewallRules: [UDP Query User{3B275A50-A906-4BF9-9931-A001D350C186}D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe] => (Allow) D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
    FirewallRules: [TCP Query User{FE5A2366-7446-4E52-A2B4-B88C9D308DFA}M:\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) M:\googlechromeportable\app\chrome-bin\chrome.exe (Google Inc -> Google Inc.)
    FirewallRules: [UDP Query User{3330D6A8-3F05-4397-8E8B-201A32F2D3F8}M:\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) M:\googlechromeportable\app\chrome-bin\chrome.exe (Google Inc -> Google Inc.)
    FirewallRules: [DNS Server Forward Rule - TCP - b72a1c95-1b5e-4f7b-946b-ebf1ffe59baa - 0] => (Allow) LPort=53
    FirewallRules: [DNS Server Forward Rule - UDP - b72a1c95-1b5e-4f7b-946b-ebf1ffe59baa - 0] => (Allow) LPort=53
    FirewallRules: [TCP Query User{52FE1933-BB8C-41B2-9AE7-7D9AB8B85D20}D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe] => (Allow) D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe (hxxp://www.ruby-lang.org/) [File not signed]
    FirewallRules: [UDP Query User{29EFD8C4-7C52-4ED7-8404-036094AD7439}D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe] => (Allow) D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe (hxxp://www.ruby-lang.org/) [File not signed]
    FirewallRules: [{038B5F15-3567-4CAA-8841-07B1A854FA44}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{F22E319F-F408-484D-8BDB-2B001E7357B5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{FC17FC89-6C67-4993-971D-C3A4ABAD6447}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B27FE67B-7BDA-47B6-B96E-4636AFB6B52C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{BC3518A8-64C3-424D-9F52-7E9CC1CD2770}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{4A970330-DD1B-4EF8-A5F5-80C45BE56514}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{2FD192D5-43BA-4886-819F-AAB47366EB6E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [TCP Query User{3A685FE8-F5AC-4F3A-BB27-081DD88F001D}E:\eclipse-java\eclipse\eclipse.exe] => (Allow) E:\eclipse-java\eclipse\eclipse.exe No File
    FirewallRules: [UDP Query User{E364DFF8-FCAD-447B-9306-433451C7160D}E:\eclipse-java\eclipse\eclipse.exe] => (Allow) E:\eclipse-java\eclipse\eclipse.exe No File
    FirewallRules: [{C9C86E01-3A2E-47EF-8CCC-24B164938090}] => (Allow) D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
    FirewallRules: [{EEADF240-900B-4176-8F0C-8900293F1380}] => (Allow) D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
    FirewallRules: [{F93975AE-30C4-4E2D-8A39-5703463C2889}] => (Allow) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
    FirewallRules: [{EE49ED2B-E5A7-4E41-ADFB-E9F1376200FC}] => (Allow) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
    FirewallRules: [TCP Query User{106A2FCD-28D2-481D-BADC-C3DA7935BB97}D:\python27\pythonw.exe] => (Allow) D:\python27\pythonw.exe () [File not signed]
    FirewallRules: [UDP Query User{C2B5B1FC-10E4-4944-BE94-7729621DB653}D:\python27\pythonw.exe] => (Allow) D:\python27\pythonw.exe () [File not signed]
    FirewallRules: [{A8FB4216-EF01-4BB8-8DF5-A692CAC2DF27}] => (Block) D:\python27\pythonw.exe () [File not signed]
    FirewallRules: [{30C95746-097A-479C-A6CA-FA356DC63E12}] => (Block) D:\python27\pythonw.exe () [File not signed]
    FirewallRules: [TCP Query User{F953D62C-1BB2-4E82-81DB-F2CFE8F4322C}E:\xampp\mysql\bin\mysqld.exe] => (Allow) E:\xampp\mysql\bin\mysqld.exe No File
    FirewallRules: [UDP Query User{A6DA7857-B515-4AB9-AB32-B7C33FFEAA45}E:\xampp\mysql\bin\mysqld.exe] => (Allow) E:\xampp\mysql\bin\mysqld.exe No File
    FirewallRules: [{A4C7C420-60C7-41C4-9CC9-8029BADBA66B}] => (Block) E:\xampp\mysql\bin\mysqld.exe No File
    FirewallRules: [{164140E8-4D9B-4066-BBC2-2357CFB0A1C7}] => (Block) E:\xampp\mysql\bin\mysqld.exe No File
    FirewallRules: [TCP Query User{F60C26B2-E2D5-4645-A403-393E4B737E61}C:\everything-1.2.1.371.exe] => (Allow) C:\everything-1.2.1.371.exe No File
    FirewallRules: [UDP Query User{A3B72C70-1F2F-4FA8-AE00-E1E52340CE1E}C:\everything-1.2.1.371.exe] => (Allow) C:\everything-1.2.1.371.exe No File
    FirewallRules: [{0062DAFD-9C22-42FA-8A84-E7F88F00D04E}] => (Block) C:\everything-1.2.1.371.exe No File
    FirewallRules: [{7083CDEB-14BE-40F6-ADE9-163998C56547}] => (Block) C:\everything-1.2.1.371.exe No File
    FirewallRules: [{4E482B8F-01AC-4440-BF46-E112D0597DE4}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
    FirewallRules: [{79AC4258-4C3F-4A9B-889C-B10AF8A62313}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
    FirewallRules: [{89301777-E67B-46C3-BE81-23AB249290F1}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
    FirewallRules: [{BC3D41AF-05BB-433F-8220-412BD206CA5D}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
    FirewallRules: [TCP Query User{604A7DFB-A2A6-47CD-A461-55149002693B}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
    FirewallRules: [UDP Query User{589F34C3-39A7-4CE8-B56C-A25B08B4CD5A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
    FirewallRules: [TCP Query User{0B3CD393-D80A-4958-8879-1A09DA2FC06D}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
    FirewallRules: [UDP Query User{92206858-FD35-4CE3-9DF4-7514298A8E60}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
    FirewallRules: [TCP Query User{9E49BEA1-4446-4F02-A082-1BFF07BF0301}D:\portable\eclipse-php\eclipse.exe] => (Allow) D:\portable\eclipse-php\eclipse.exe (Eclipse Foundation, Inc. -> )
    FirewallRules: [UDP Query User{56FB9283-1BEE-4888-933B-A4EE13DE9C21}D:\portable\eclipse-php\eclipse.exe] => (Allow) D:\portable\eclipse-php\eclipse.exe (Eclipse Foundation, Inc. -> )
    FirewallRules: [TCP Query User{63F7BF1A-7F77-4DF1-A02C-21C8D66A4099}D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
    FirewallRules: [UDP Query User{CC2DE639-C0FB-4A98-BC60-7E6898E211FB}D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
    FirewallRules: [TCP Query User{D4E87016-D82A-40F6-8611-599C22077A9F}C:\program files\java\jdk1.8.0_162\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_162\bin\java.exe
    FirewallRules: [UDP Query User{A04CC4B1-82AC-42BE-B91B-BD0D8DAE507B}C:\program files\java\jdk1.8.0_162\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_162\bin\java.exe
    FirewallRules: [{9192B726-6E93-4F0D-9471-11C7E05F82EC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{4666A8F5-ED4B-4A7F-8B56-27677D630B82}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B6239F34-EAA8-46C0-BD2A-8124C3779B9E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1702E87A-33B1-436A-BAB5-74A9191FF907}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{8BD6C664-B7CA-4EBE-9632-C68F8E1A1F53}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
     
  22. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    FirewallRules: [{0C6F264F-2295-4A44-8077-D0AA240097DA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{D51C14A9-05AD-4786-8343-EE7A4A7A1A98}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0DBE2910-325A-417F-AA95-1D9301F1C4EE}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1C7A00E0-F93B-4427-830F-3593B44F1239}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
    FirewallRules: [{D9B91157-D71B-484B-87EE-9104D2BBBF03}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
    FirewallRules: [{21221ACB-6A49-490E-972F-535D5F9BDE76}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
    FirewallRules: [{492E8379-1AE0-46BB-8382-B1A1A0B61FB5}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
    FirewallRules: [{911F6A20-2DA2-4762-8E50-1C582D8F4A15}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{F33635DA-EE52-49D8-B2FC-D2D174B8092C}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{5A71994C-3A2B-4EEC-8EB5-4DB9C6FC738E}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{2C46D851-25CA-46E1-9293-F65042B92CAF}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{F7A4E5C6-F26D-4BBC-8463-D1CA974EA875}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{58058DA7-527A-4B1A-8E56-7DA1B10C5B05}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{1A33BA71-2323-4DAA-A551-8D0933F5BEA5}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{2DEF0581-E648-43D5-B265-084CF478659B}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe (Jaksta Technologies Pty Ltd -> )
    FirewallRules: [{8FB1089A-5CEC-4C37-B189-2B1C01F0A643}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{8CB625BD-8674-45DC-9F29-59F40034298D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{DF8F7F88-1844-4803-86C9-25D170CA9868}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{12119C07-C7D5-4D65-AA11-72FCF7141354}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{53E88463-2EE0-4D71-834B-E11D1C06F45F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{550DE14A-8343-4E3E-92AD-8EB3D05F8A5F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E07084C6-A3C7-4735-8568-19DD2CCDAF96}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{79969CF7-2CA8-4EC2-940D-8FB53573F372}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{3873667B-63A5-4116-8A77-E12A3777C1FA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{89051CDC-1384-45F2-B7A0-FC1F979AB64A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{A1FDE13B-EA89-42DC-AAD8-0AC7F10ED33D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{D854A422-DE09-4DBB-8ACA-5F76E982B356}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{743D4CBD-ECB3-4C19-9722-294C52B67E25}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{02835931-86C2-4C2C-9BCA-422AD3B8E08E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C60BDE99-FA4E-43A9-8749-79CC22D66CFC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{D53D5CF7-5305-4476-8705-F0AE2CB7EAED}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{9ECF389B-D9B4-448D-ABA0-3240EEEFA59A}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe (MetaQuotes Software Corp. -> MetaQuotes Software Corp.)
    FirewallRules: [{7201D7DB-0CFB-4F57-ABDA-B9608D117817}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{78DBFC94-CD8C-43BE-99D4-FA1BE9D9E8A1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{9B4F6B89-7426-484E-87CE-6F3AF3118440}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{3568E0C4-25F2-4054-9B43-FD4E26DD388F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0A98024E-8BC2-4481-BC70-CAD691516D8E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{BB21D8AE-EB75-4F68-BB35-9ED39F747036}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{75829F78-5043-45BE-9AD2-C84D2F639F9D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B2FBF2E3-F423-4C1A-845C-FB37C0ADBE33}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{04A45637-8F04-4C31-A6D0-CE0017F38EB7}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{2ECBF512-9A71-473C-B313-4C948F4ABB38}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{F3B34D20-53B2-4167-A4CA-3AD9030C5C52}] => (Allow) D:\Program Files (x86)\Jenkins\jre\bin\java.exe
    FirewallRules: [{8A249D55-B3A2-46ED-ADF0-F7073C75CFC1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1FC387E5-11C6-4E16-BD03-E4D6321902DB}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{F862AE53-7356-437F-8203-762EDE4C9670}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{84F9A2DB-57B2-469C-97DF-3C93C76D0A10}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{9527A937-20F1-4A51-9C8E-58E7C4EE4878}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{928CD643-1FA9-4D90-9CEE-3FAB9A688311}] => (Allow) D:\Portable\Utorrent\App\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
    FirewallRules: [{379EAE77-8730-4A16-A43D-4B5180162C5F}] => (Allow) D:\Portable\Utorrent\App\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
    FirewallRules: [DNS Server Forward Rule - TCP - 9cc55fed-a673-4a10-b801-8a5e90c758c2 - 0] => (Allow) LPort=53
    FirewallRules: [DNS Server Forward Rule - UDP - 9cc55fed-a673-4a10-b801-8a5e90c758c2 - 0] => (Allow) LPort=53
    FirewallRules: [{6185A46E-1A3E-46AD-B72A-BCD76435A896}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{380DB46D-BFAF-4568-89C6-CED7C0420ACC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1357FEC1-415B-4253-9015-7E73475129D2}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{A7D23EB0-B7D4-416B-A216-F44A2B6AE42C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C97985A1-FD72-4002-B7AC-242A42DE0EB8}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{17A1CAFA-B49C-4A3B-B845-1142DC9F8320}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{616DC261-3870-4170-A08D-F5EEF74FD6FC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{9D4D2B72-DFC1-4104-9172-B4C1DB4D082E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E3D8BCBC-C6F9-4FD9-92AF-9E207DEA0EC3}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{90107887-01BE-4FB6-A095-6600C67A1628}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{9AD2E8AD-32EE-4391-A104-8BB5054CE435}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{94281599-651F-44A4-9ADD-F5C420A38342}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{B6655CDA-F756-450A-9A25-73D317EC56EC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{D3836698-B623-434B-B33C-71E752B8532F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{7C6CA454-FB4F-4FEC-B836-3A0BBAA4C663}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E4BA41C5-9FA1-4FAB-8492-204A100C6CD1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{9838A325-FD47-4F46-925D-5FB9E1FA3ECC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{6A0CAEBE-EC31-47FD-A291-71A1C5301B13}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0D81D271-8614-41E8-9991-7C7A3A7371E4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
    FirewallRules: [{3F7E0E80-6CB6-49E6-B6C9-4EA9360FE362}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
    FirewallRules: [{CD9FF453-F4C9-44A1-880E-B87DD07A6B98}] => (Allow) D:\Program Files\Anno 2070\Anno5.exe () [File not signed]
    FirewallRules: [{A8DDAB56-ABB5-4CEC-B25D-F51FE9C12974}] => (Allow) D:\Program Files\Anno 2070\Anno5.exe () [File not signed]
    FirewallRules: [{E71CEC64-4637-493F-987A-9312F1EAB2C0}] => (Allow) D:\Program Files\Anno 2070\AutoPatcher.exe (Related Designs Software) [File not signed]
    FirewallRules: [{DBC40916-A7C7-487A-9B90-93714300461B}] => (Allow) D:\Program Files\Anno 2070\AutoPatcher.exe (Related Designs Software) [File not signed]
    FirewallRules: [{3AF98CE7-EE65-4EF0-8203-01F84507BDF0}] => (Allow) D:\Program Files\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
    FirewallRules: [{25AA78DA-0321-4D4D-B80D-2399025FF3B6}] => (Allow) D:\Program Files\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
    FirewallRules: [{1933A7A3-4910-49F5-BBB7-D850171F1816}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{393A2EAF-3E4D-49D4-980C-C462E8CD5102}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C489736B-7C3D-45BB-A2A2-639C8D25D069}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{A6A13504-DD59-4A99-837F-E579E611F00B}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{8A3FAC95-21C3-42E2-9A8B-57396B2601FD}] => (Allow) C:\Program Files\Docker\Docker\Resources\com.docker.proxy.exe (Docker Inc -> )
    FirewallRules: [{B2644480-D57A-43B9-B539-59C6E825E7E2}] => (Allow) LPort=445
    FirewallRules: [{1AE2AD95-1546-4BE2-9A77-39314B32B7CA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{43787800-2BFD-4869-BE9B-A83C401DDBCE}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1D846517-9DA8-4177-BBE2-43D1991CE541}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{6DAAF372-D4BC-4B7C-A33C-5877455AD8F5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{52083C70-1EC8-4C48-9C8C-784E6812A772}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{CA05F10B-5AE4-487A-8B16-89FD9CC03B28}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{AEADAD04-581C-4139-867A-75FCBD758610}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{41CB95F2-CB9C-4310-B0F9-03A63AC0DD85}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{AE58DE86-0FB9-43FE-896C-30D2096AC680}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0DAA9C5D-B228-4AFB-BE9C-AED85CA98C7A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{86C6A761-9D72-441D-AF7E-7A6BAD83424A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{3E23600F-70F7-4822-BE86-5F218993E3F5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E3158F9D-C91A-495B-AB62-64E5A1A06085}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{93FCB6EE-EB94-4A9E-B7EC-3C1ECAB2FD23}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B65CD422-56D3-45FD-8FE8-0B5C05D7DC2E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1B7C6DB7-EC77-4550-B930-FF434D4BFF80}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{5BF23895-013B-4EC4-AB4F-41120A509214}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{52E97857-7B4C-485A-9197-3DAF967586BF}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{2D16448C-B177-41C0-85DB-DF0F245308EA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{962DA67E-31BE-430D-95E1-3A932992D9F1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{AFFD8E48-BCA1-40F2-9493-A9094AF67243}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{4CED368C-B0EC-436E-B0F6-B25220092923}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{30540F42-75F4-47C4-A6A2-7C189C116572}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{7280A1AB-F1C3-41C6-96C1-1C1626D2CB31}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{FC1608A4-1CDF-4A9D-B5EC-5FB5419B0501}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{192A412F-4CDA-4D3F-B90F-78F4B8B92A10}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{97CB41D4-8D01-43E2-A663-4B7323BB8B3A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{2B0B2E33-C83C-4F26-BDB2-F65D64DEDBC6}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C82C1415-4627-4A15-9DE8-4405DDB5BE04}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1C48E7E1-F72A-4F50-A126-CD516FE9C1D5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{371880ED-547A-4CE7-901F-ABEDC03FB3FD}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{B8984FA8-CD21-4E38-A869-FA97EFF08B5D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C4A3AAA8-9F0C-41A7-9385-7851959430B9}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{C0F1CCC5-B4E8-4100-99E9-22E67E87AE1B}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1535AA04-E38F-43CA-BBAE-B96A638DCE6F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{DF3B1568-3860-40D4-BE00-758E46DD6CBF}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{F863047A-0173-4691-889C-86E3AE914C8D}] => (Allow) LPort=1688

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============

    Name: VirtualBox Host-Only Ethernet Adapter
    Description: VirtualBox Host-Only Ethernet Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Oracle Corporation
    Service: VBoxNetAdp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: TAP-Windows Adapter V9
    Description: TAP-Windows Adapter V9
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: tap0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: TAP-Windows Adapter V9 #2
    Description: TAP-Windows Adapter V9
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: tap0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: VMware Virtual Ethernet Adapter for VMnet1
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet8
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Hyper-V Virtual Ethernet Adapter #3
    Description: Hyper-V Virtual Ethernet Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: VMSMP
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/14/2019 12:55:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2125

    Error: (06/14/2019 12:55:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2125

    Error: (06/14/2019 12:55:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/14/2019 12:55:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1062

    Error: (06/14/2019 12:55:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1062

    Error: (06/14/2019 12:55:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/13/2019 11:42:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2500

    Error: (06/13/2019 11:42:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2500


    System errors:
    =============
    Error: (06/14/2019 09:11:15 AM) (Source: DCOM) (EventID: 10016) (User: CODER)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user CODER\Administrator SID (S-1-5-21-2378293659-431221962-3870085809-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/14/2019 08:57:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/14/2019 08:45:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/14/2019 08:42:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/14/2019 08:42:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/14/2019 08:42:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/14/2019 08:42:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/13/2019 08:41:10 PM) (Source: DCOM) (EventID: 10016) (User: CODER)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user CODER\Administrator SID (S-1-5-21-2378293659-431221962-3870085809-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2018-04-11 08:37:07.615
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li.../Wirekeyview&threatid=2147657007&enterprise=0
    Name: HackTool:Win32/Wirekeyview
    ID: 2147657007
    Severity: High
    Category: Tool
    Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\wirelesskeyview.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\wirelesskeyview.exe->(UPX)
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

    Date: 2018-04-11 08:37:07.612
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li.../PasswordFox&threatid=2147670744&enterprise=0
    Name: HackTool:Win32/PasswordFox
    ID: 2147670744
    Severity: High
    Category: Tool
    Path: file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\passwordfox.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

    Date: 2018-04-11 08:37:07.610
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...in32/Netpass&threatid=2147605535&enterprise=0
    Name: HackTool:Win32/Netpass
    ID: 2147605535
    Severity: High
    Category: Tool
    Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\netpass.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\netpass.exe->(UPX)
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

    Date: 2018-04-11 08:37:07.608
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...Mailpassview&threatid=2147571412&enterprise=0
    Name: HackTool:Win32/Mailpassview
    ID: 2147571412
    Severity: High
    Category: Tool
    Path: file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\mailpv.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

    Date: 2018-04-11 08:37:07.606
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...n32/Passview&threatid=2147597639&enterprise=0
    Name: HackTool:Win32/Passview
    ID: 2147597639
    Severity: High
    Category: Tool
    Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\iepv.exe;containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\rdpv.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\iepv.exe->(UPX);file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\rdpv.exe->(UPX);file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\sniffpass.exe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
    Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

    Date: 2018-04-10 15:24:42.142
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.265.351.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14700.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-04-10 15:24:42.142
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 119.0.0.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: Network Inspection System
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 2.1.14600.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-04-10 15:24:42.134
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.265.351.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14700.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-04-10 15:24:42.134
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.265.351.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14700.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2018-04-10 15:24:42.133
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.265.351.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.14700.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2019-06-14 09:13:25.424
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-14 09:13:25.422
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-14 09:13:03.206
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-14 09:13:03.203
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-14 09:12:53.080
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-14 09:12:53.077
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-14 09:12:49.883
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-14 09:12:49.879
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    BIOS: Insyde Corp. V1.12 11/08/2017
    Motherboard: KBL Charmander_KL
    Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
    Percentage of memory in use: 37%
    Total physical RAM: 12163.6 MB
    Available physical RAM: 7556.68 MB
    Total Virtual: 14019.6 MB
    Available Virtual: 10021.01 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:0.76 GB) NTFS
    Drive d: (Software) (Fixed) (Total:330 GB) (Free:67.45 GB) NTFS
    Drive e: (Data) (Fixed) (Total:600.93 GB) (Free:3.61 GB) NTFS
    Drive l: (Files) (Fixed) (Total:4 GB) (Free:0.39 GB) NTFS
    Drive m: (PORTABLE) (Fixed) (Total:1.99 GB) (Free:0.21 GB) FAT32
    Drive u: (JAVA-ANDROI) (Fixed) (Total:4.99 GB) (Free:0.76 GB) FAT32

    \\?\Volume{5617f0d0-8818-4d60-861b-2c1496ee7fed}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
    \\?\Volume{8c0a6d0d-376f-4327-ac68-a09f68a626ea}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 1 (Size: 119.2 GB) (Disk ID: 7FA1AE37)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  23. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    Just now , guest11 user again created.. I run FRST again and in result log file ..I see differences.. do you want me send this new FRST and addition files?
     
    Last edited: Jun 14, 2019
  24. Broni

    Broni Malware Annihilator Posts: 55,258   +456

    You're running two AV programs, Avast and Eset. You must uninstall one of them.
    Eset normally creates some phantom user as a part of its antitheft feature and I suspect this is that guest11 account.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  25. FullStackDev

    FullStackDev TS Rookie Topic Starter Posts: 32

    I uninstall Avast from computer.
    and here the Fixlog.txt file
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...