Solved I think my system is infected, windows 10 guest user build automatically

[FullStackDev]

Hi, First sorry for my bad english
I have serous problem with my windows 10 from 3 days ago till now that my computer is almost infected..I think.
3 days ago when every time I log in to system a quest11 account was made.
Now I writing this I have find this problem on windows :
I have windows 10 Enterprise

• some weird services created.

CDPUserSvc_5ac123e ( path Execute: C:\Windows\system32\svchost.exe -k UnistackSvcGroup )
DevicesFlowUserSvc_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k DevicesFlow )
MessagingService_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k UnistackSvcGroup )
OneSyncSvc_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k UnistackSvcGroup)
PrintWorkflowUserSvc_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k PrintWorkflow )
Windows Push Notifications User Service_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k UnistackSvcGroup )
User Data Access_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k UnistackSvcGroup )
Contact Data_5ac123e ( path Execute C:\Windows\system32\svchost.exe -k UnistackSvcGroup)
User Data Storage_5ac123e ( path Execute C:\Windows\System32\svchost.exe -k UnistackSvcGroup )
all this services executed path is like ---> C:\Windows\System32\svchost.exe -k UnistackSvcGroup

• always on login a quest account named quest11 created.

this user created every time I login to windows .. I deleted user when login but after some times ( 20 min or I dont know) this user created )

• I can't search for windows application from desktop ( windows toolbar )

this just happen today

• almost all my windows default app store application not execute..I can't run theme.

this just happen today

• I check Windows error reporting from Computer Managment ( Event Viewer -> Windows Logs -> Security ) and below is some of last log in and logout try to that guest account I think...and from this erro I find out that some user login to guest account in network mode ( 3 means network mode base on windows help )

First:
Special privileges assigned to new logon.
Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
SeDelegateSessionUserImpersonatePrivilege
Another one:
An account was successfully logged on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Information:
Logon Type: 3
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: No

Impersonation Level: Impersonation

New Logon:
Security ID: ANONYMOUS LOGON
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x9ED98FA
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: CODER
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, I.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Another One:
A user's local group membership was enumerated.

Subject:
Security ID: SYSTEM
Account Name: CODER$
Account Domain: WORKGROUP
Logon ID: 0x3E7

User:
Security ID: CODER\guest11
Account Name: guest11
Account Domain: CODER

Process Information:
Process ID: 0x934
Process Name: D:\Program Files\ESET\ESET Security\ekrn.exe

And more .......


Some other information:

• I know that my system memory user very much recently
• I know that in previous 2 days my system update 180 MB each day ( I dont upload any things (
• my language change area on taskbar of windows is hiding.
• firefox default style change for webapges recently
• I Have Eset smart security 10... but eset can't find any things.

I also attach some screenshots from various things

I know this is serous problem and this virus try to infect my files every day more... but I dont know what to do ...can some one help me.. Thanks.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[FullStackDev]

Hi. Thanks. I Read Your Instructions Completely. I just backup some of my important Information to one Encrypted Volume ( True Crypt )
Base on Instruction that provided ... I download Avast Home, Farbar Recovery Scan Tool and now I want run them.
Question: Send these two files here? or open new topic?
FRST.txt and Addition.txt

 

[Broni]

You post all logs right here. Pasted.

 

[FullStackDev]

Result of running FRST.
I check all check box in options section. And I have another file called shortcuts.txt do I need send this file too?

 

[Broni]

Do not check any additional boxes. Run it as it is.
I don't need shortcuts.

 

[FullStackDev]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2019
Ran by Administrator (administrator) on CODER (Acer Aspire A515-51G) (12-06-2019 12:49:06)
Running from E:\TechSpot_Virus_Removal_Instructions\TechSpot Instruction
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 10 Enterprise Version 1709 16299.192 (X64) Language: English (United States)
Default browser: "M:\FirefoxPortable\App\Firefox64\firefox.exe" -osint -url "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] L:\Applications\Portable Application For Use\Launchy\Launchy.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(ESET, spol. s r.o. -> ESET) D:\Program Files\ESET\ESET Security\egui.exe
(ESET, spol. s r.o. -> ESET) D:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc. -> Tonec Inc.) D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(TrueCrypt Foundation -> TrueCrypt Foundation) E:\TrueCrypt\TrueCrypt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-11-22] (Acronis International GmbH -> )
HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381312 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET Security\ecmds.exe [324216 2017-10-10] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620720 2017-11-22] (Acronis International GmbH -> )
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\MountPoints2: {94497376-2854-11e8-8b9a-9822ef5d28ca} - "G:\.\StartModem.exe"
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [309168 2016-02-02] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [261552 2016-02-02] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
IFEO\osppsvc.exe: [Debugger] SppExtComObjPatcher.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk [2018-03-19]
ShortcutTarget: Outlook 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> )
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-07-05]
ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BF79A1-3FBD-4FBC-ADE3-1DF80D1C9B67} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {096FD4F4-9B45-4F79-972E-195DA43546F5} - System32\Tasks\Microsoft\Windows\PLA\MyDataCollector => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1462272 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
Task: {0973A22E-04AE-4CDC-BD04-7506C35BB1B1} - System32\Tasks\Stop VI => C:\Users\Administrator\Desktop\stop.bat
Task: {09B1DBE4-3B37-42B9-B688-92D0268E04BB} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [445744 2017-02-15] (Acer Incorporated -> Acer Incorporated)
Task: {0AC40EA4-FFFA-41F7-AD50-22706DEA6576} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2017-02-22] (Acer Incorporated -> Acer Incorporated)
Task: {18E48433-E259-413B-A5BD-F13CADABDE36} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {29581800-DE6F-4DAA-88E4-24E875539A5E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CODER-Administrator Coder => D:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {393F8911-A151-4E38-A558-7B78F2D9FBF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {396CDF69-AB09-417A-8893-1B7822BFD6F8} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4645168 2017-05-24] (Acer Incorporated -> )
Task: {42CDFE7E-E565-4E86-8F8D-789B756E559E} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2767664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
Task: {54CBFF78-B6CC-463F-A01D-8CF8BC00D10A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd -> Piriform Ltd)
Task: {60116705-1C0D-4B43-9B08-2F815F8AF822} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1864640 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6D3F7826-1A11-4D90-8D45-130DC0483413} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {6FEE2E7B-90DA-42EE-AF01-1946C5FDB0EF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {78F053F1-B562-4691-ABE2-BF0E663B4F4E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7C3706F7-5604-4DB7-A95F-4331AA274CF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D260263-EC70-41C9-BEBB-D8DBAD5A7D1C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-02-22] (Acer Incorporated -> )
Task: {933EDA72-8974-4A57-A8B8-60BD97E7135C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {990748EC-D28B-4409-9C4D-569F2B0A5CC1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [964544 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A53C7E44-37C0-4964-89D9-83D24EFEC47D} - System32\Tasks\Microsoft\Windows\PLA\System Resource Report => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1462272 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
Task: {A54A85BE-4325-4930-AEAF-E471B3E016B3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A9BC49B2-B000-43D4-B4D3-BCF5067B2D15} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {ABC2A8CE-766D-49C9-9126-FDEA4B45FB34} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update => {A6BA00FE-40E8-477C-B713-C64A14F18ADB} C:\Windows\System32\wuautoappupdate.dll [57856 2017-11-26] (Microsoft Windows -> Microsoft Corporation)
Task: {E4290767-9AFE-4B69-B222-0D9FF0E0462A} - System32\Tasks\klcp_update => d:\program files (x86)\k-lite codec pack\tools\codectweaktool.exe [1179648 2018-03-19] () [File not signed]
Task: {E5CD5C38-9DE6-4985-92F3-1BF170B7CDFE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [521152 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E6440054-6A9E-4EF8-BD1B-2DBA0BB6E66E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )
Task: {ED014DF2-C992-4016-AB07-3EC5E44D0C34} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {F261EE35-9E83-41C7-B60A-55C09B520852} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FB235D23-1341-4308-827B-C038FE425E5E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536 2016-12-06] (Intel(R) Trust Services -> Intel(R) Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.8.8
Tcpip\..\Interfaces\{4bc6fbac-6a36-4a4a-a401-f4a4f901f0e2}: [NameServer] 10.255.255.254
Tcpip\..\Interfaces\{d660a15d-478e-4d1a-891a-9b9d571f15d7}: [DhcpNameServer] 8.8.8.8 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 5dfsawqm.default
FF DefaultProfile: as51hvxm.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Pencil\Profiles\5dfsawqm.default [2019-04-26]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\as51hvxm.default [2019-06-12]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1jxc1iaw.dev-edition-default [2018-08-01]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cmop4avn.NonDevWorks [2018-08-15]
FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2018-03-26] [Legacy] [not signed]
FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-21] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-21] (Adobe Systems Incorporated -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google Inc. -> Google, Inc.)
FF Plugin-x32: @IPCWebComponents -> D:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2721824 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
S3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-17] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
S3 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [15872 2018-03-25] (Docker Inc -> Docker Inc.)
R2 ekrn; D:\Program Files\ESET\ESET Security\ekrn.exe [2648184 2017-10-10] (ESET, spol. s r.o. -> ESET)
S3 FileZilla Server; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S2 FosCloudSvr; D:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe [91776 2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
S2 FosIPCameraPluginService; D:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe [186496 2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
S2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
S3 hns; C:\Windows\System32\HostNetSvc.dll [1412096 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-12-06] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Jenkins; D:\Program Files (x86)\Jenkins\jenkins.exe [360448 2018-07-18] (CloudBees, Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-02-19] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742456 2017-11-22] (Acronis International GmbH -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [38016 2017-10-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-02-15] (Acer Incorporated -> Acer Incorporated)
S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-02-15] (Acer Incorporated -> Acer Incorporated)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
S3 VMAuthdService; D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [96232 2018-01-08] (VMware, Inc. -> VMware, Inc.)
S3 vmcompute; C:\Windows\system32\vmcompute.exe [2542592 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
S4 VMwareHostd; D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14347240 2018-01-08] (VMware, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-31] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-31] (Microsoft Corporation -> Microsoft Corporation)
S3 KMSEmulator; "C:\ProgramData\KMSAutoS\bin\KMSSS.exe" -Port 1688 -PWin RandomKMSPID -PO14 RandomKMSPID -PO15 RandomKMSPID -PO16 RandomKMSPID -AI 43200 -RI 43200 -Log -IP [X]
S2 Memcached11211; C:\memcached\memcached.exe -d runservice -p 11211 [X]
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 postgres; "C:\xampp\pgsql\9.5\bin\pg_ctl.exe" runservice -N "postgres" -D "C:\xampp\pgsql\9.5\data"
S4 postgressql; "C:\xampp\pgsql\9.5\bin\pg_ctl.exe" runservice -N "postgressql" -D "C:\xampp\pgsql\9.5\data"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254128 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswblog.sys [320624 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57888 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [257832 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166848 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1031000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476768 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [220640 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380160 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133352 2017-12-11] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-04-07] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180088 2017-10-11] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50752 2017-04-07] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [78192 2017-04-07] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [102160 2017-09-25] (ESET, spol. s r.o. -> ESET)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [564304 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [379664 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 hvsocketcontrol; C:\Windows\system32\drivers\hvsocketcontrol.sys [26112 2018-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [89912 2016-08-30] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R1 ISODrive; D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (Jaksta Technologies Pty Ltd -> e2eSoft)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [22320 2017-02-15] (Acer Incorporated -> Acer Incorporated)
S3 mtkmbim; C:\Windows\System32\drivers\mtkmbim7_x64.sys [208896 2012-12-13] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_2fc0d3600c3c3d39\nvlddmkm.sys [17036560 2018-01-10] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2412976 2017-04-16] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [947712 2017-01-16] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-12-15] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [690520 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R4 truecrypt; E:\TrueCrypt\truecrypt-x64.sys [230864 2014-01-03] (TrueCrypt Foundation -> TrueCrypt Foundation)
S3 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation -> Oracle Corporation)
R1 VfpExt; C:\Windows\System32\drivers\vfpext.sys [1207808 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331976 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-03-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288296 2018-03-31] (Microsoft Windows -> Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-02-22] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-31] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-12 12:47 - 2019-06-12 12:49 - 000000000 ____D C:\FRST
2019-06-12 12:42 - 2019-06-12 12:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2019-06-12 12:39 - 2019-06-12 12:39 - 000000630 _____ C:\Users\Administrator\Desktop\Do____.txt
2019-06-12 12:37 - 2019-06-12 12:37 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-06-12 12:35 - 2019-06-12 12:35 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-06-12 12:33 - 2019-06-12 12:33 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-06-12 12:33 - 2019-06-12 12:33 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-06-12 12:33 - 2019-06-12 12:32 - 001031000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000476768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000380160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-06-12 12:33 - 2019-06-12 12:32 - 000320624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000257832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000254128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000220640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000196000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000166848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000015488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2019-06-12 12:27 - 2019-06-12 12:33 - 000000000 ____D C:\ProgramData\AVAST Software
2019-06-12 11:22 - 2019-06-12 11:22 - 000008645 _____ C:\Users\Administrator\.bash_history
2019-06-12 11:17 - 2019-06-12 11:17 - 000000784 _____ C:\Users\Administrator\Desktop\github_c#_things - Shortcut.lnk
2019-06-12 11:03 - 2019-06-12 11:03 - 000000070 _____ C:\Users\Administrator\Desktop\learn.txt
2019-06-12 10:39 - 2019-06-12 10:39 - 000175550 _____ C:\Users\Administrator\Desktop\مراحل دریافت کارت ملی هوشمند + نمودار.html
2019-06-12 10:39 - 2019-06-12 10:39 - 000000000 ____D C:\Users\Administrator\Desktop\مراحل دریافت کارت ملی هوشمند + نمودار_files
2019-06-12 10:20 - 2019-06-12 10:20 - 000000458 _____ C:\Users\Administrator\Desktop\شرط بندی.txt
2019-06-12 10:00 - 2019-06-12 10:00 - 000000396 _____ C:\Users\Administrator\Desktop\مراحل گرفتن کارت هوشمند ملی.txt
2019-06-12 09:30 - 2019-06-12 09:30 - 000000007 _____ C:\Users\Administrator\Desktop\instagram.txt
2019-06-12 09:22 - 2019-06-12 09:22 - 000000209 _____ C:\Users\Administrator\Desktop\virus_things.txt
2019-06-11 11:59 - 2019-06-11 11:59 - 000000069 _____ C:\Users\Administrator\Desktop\نصب آواست.txt
2019-06-11 08:15 - 2019-06-11 10:28 - 000018443 _____ C:\Users\Administrator\Desktop\توضیحات فاز ذوم.txt
2019-06-11 07:54 - 2019-06-11 07:54 - 000000000 _____ C:\Users\Administrator\Desktop\حساب IDPay ات رو فعال کن و تو انجمن ها که کار می کنی و راه نمایی می کنی ..اون رو قرار بده برای پرداخت آنلاین.txt
2019-06-10 10:59 - 2019-06-12 12:41 - 000000931 _____ C:\Users\Administrator\Desktop\virus - Shortcut.lnk
2019-06-10 10:53 - 2019-06-10 10:53 - 000001144 _____ C:\Users\Administrator\Desktop\Project - messagespersiaaustraliaanswered=✔ - Shortcut.lnk
2019-06-09 23:06 - 2019-06-09 23:06 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5456C697.sys
2019-06-09 23:06 - 2019-06-09 23:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-09 23:03 - 2019-06-09 23:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-06-09 23:03 - 2019-06-09 23:03 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2019-06-09 14:56 - 2019-06-09 14:56 - 000000000 _____ C:\Users\Administrator\Desktop\Use SlideShare Fpr Share Contract Form
2019-06-08 03:19 - 2019-06-08 03:22 - 000003402 _____ C:\Windows\System32\Tasks\Stop VI
2019-06-08 02:40 - 2019-06-09 08:10 - 000000574 _____ C:\Users\Administrator\Desktop\stop.bat_
2019-06-07 19:02 - 2019-06-07 19:02 - 000000738 _____ C:\Users\Administrator\AppData\Local\recently-used.xbel
2019-06-05 22:21 - 2019-06-05 22:21 - 000002153 _____ C:\Users\Administrator\Desktop\لیست ارائه دروس.lnk
2019-06-05 15:24 - 2019-06-05 15:24 - 000000853 _____ C:\Users\Administrator\Desktop\Archive T,TT2,TT3,TT4,TT4 Deleted...Copy From AData.lnk
2019-06-05 14:45 - 2019-06-05 14:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\gtk-3.0
2019-06-05 13:04 - 2019-06-05 13:04 - 000000051 _____ C:\Users\Administrator\Desktop\MacAddress.txt
2019-06-05 12:45 - 2019-06-05 12:45 - 000000775 _____ C:\Users\Administrator\Desktop\Cut From HTDocs - Shortcut.lnk
2019-06-05 10:40 - 2019-06-05 10:41 - 001060857 _____ C:\Users\Administrator\Downloads\video.mp4
2019-06-05 09:19 - 2019-06-05 09:19 - 000001459 _____ C:\Users\Administrator\Desktop\project86066 - Shortcut.lnk
2019-06-04 22:46 - 2019-06-04 22:46 - 000000798 _____ C:\Users\Administrator\Desktop\check files.lnk
2019-06-04 14:44 - 2019-06-04 14:44 - 000001342 _____ C:\Users\Administrator\Desktop\PHP Personal Finance - Shortcut.lnk
2019-06-04 10:52 - 2019-06-04 10:52 - 000000901 _____ C:\Users\Administrator\Desktop\Eclips - Shortcut.lnk
2019-06-03 15:01 - 2019-06-03 15:01 - 000000919 _____ C:\Users\Administrator\Desktop\استفاده برای روشن بودن سیستم در روز و کلیک برای دریافت پول بیت کوین......بررسی اون سایت مربوط به حجاوااسکریپت که بیت کوین جمع می کرد.lnk
2019-06-03 14:58 - 2019-06-03 14:58 - 000000000 ____D C:\Users\Administrator\workspace
2019-06-03 11:36 - 2019-06-03 11:37 - 000000186 _____ C:\Users\Administrator\Desktop\piam2.txt
2019-06-02 11:43 - 2019-06-02 11:43 - 003180712 _____ C:\Users\Administrator\Downloads\61204038_2128133783970722_9090820503427527366_n.mp4

 

[FullStackDev]

2019-06-02 11:42 - 2019-06-02 11:42 - 002094038 _____ C:\Users\Administrator\Downloads\60740600_193844208264326_2299228890290000967_n.mp4
2019-06-01 14:42 - 2019-06-08 13:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\PHP Language Server
2019-06-01 13:58 - 2019-06-01 13:58 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Obsidium
2019-06-01 13:35 - 2019-06-01 13:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Visual Studio Code
2019-05-31 18:14 - 2019-05-31 18:14 - 000118247 _____ C:\Windows\SysWOW64\package-lock.json
2019-05-31 17:30 - 2019-06-01 00:20 - 000000000 ____D C:\Users\Administrator\Desktop\convert CSV to QIF
2019-05-26 13:21 - 2019-05-26 13:21 - 000001097 _____ C:\Users\Administrator\Desktop\fireox addone for download images - Shortcut.lnk
2019-05-23 11:02 - 2019-05-23 11:02 - 000001122 _____ C:\Users\Administrator\Desktop\plese learn this vendor componenets.lnk
2019-05-23 10:24 - 2019-05-23 10:24 - 000000011 _____ C:\Users\Administrator\Desktop\مزاحم حجت.txt
2019-05-22 17:59 - 2019-05-22 17:59 - 000000971 _____ C:\Users\Administrator\Desktop\website_image_downloader - Shortcut.lnk
2019-05-22 12:17 - 2019-05-22 12:17 - 000000000 ____D C:\Users\Administrator\Downloads\خرید دیجی کالا
2019-05-20 13:57 - 2019-05-20 13:57 - 000000910 _____ C:\Users\Administrator\Desktop\سرور پایتون.lnk
2019-05-19 12:49 - 2019-06-10 22:26 - 000000201 _____ C:\Users\Administrator\Desktop\these_name.txt
2019-05-19 12:01 - 2019-05-19 22:30 - 000000170 _____ C:\Users\Administrator\Desktop\Piamak.txt
2019-05-17 22:32 - 2019-05-17 22:32 - 000001131 _____ C:\Users\Administrator\Desktop\Project-Python-Platform_Blogs-Auto-Publisher - Shortcut.lnk
2019-05-16 10:23 - 2019-05-16 10:24 - 000000000 ____D C:\Users\Administrator\Desktop\agahi jadid
2019-05-16 10:10 - 2019-05-16 10:10 - 000001459 _____ C:\Users\Administrator\Desktop\research about this.lnk
2019-05-16 10:06 - 2019-05-16 10:06 - 000001513 _____ C:\Users\Administrator\Desktop\project20057460 - Shortcut.lnk
2019-05-14 09:45 - 2019-05-14 09:45 - 000001022 _____ C:\Users\Administrator\Desktop\python website image downloader - Shortcut.lnk
2019-05-13 21:23 - 2019-05-13 21:23 - 000001232 _____ C:\Users\Administrator\Desktop\پروژه احسان - انشار مطالب انگلیسی برای شبکه اجتماعی - Shortcut.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-12 12:33 - 2017-09-29 18:16 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-06-12 12:26 - 2018-04-12 14:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2019-06-12 12:26 - 2018-04-06 16:57 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2019-06-12 11:22 - 2018-03-16 10:10 - 000000000 ____D C:\Users\Administrator
2019-06-12 10:39 - 2018-03-26 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2019-06-12 08:25 - 2018-03-20 01:08 - 000005216 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CODER-Administrator Coder
2019-06-12 08:15 - 2018-03-16 13:03 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2019-06-12 08:15 - 2018-03-15 17:44 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-12 00:06 - 2018-03-16 16:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2019-06-11 23:55 - 2018-03-19 00:18 - 000000000 ____D C:\Users\Administrator\.p2
2019-06-11 22:40 - 2018-03-31 00:08 - 000000000 ____D C:\Users\Administrator\AppData\Local\Eclipse
2019-06-10 22:28 - 2019-01-17 14:24 - 000004320 _____ C:\Users\Administrator\Desktop\ask-do.txt
2019-06-10 11:21 - 2018-03-15 17:22 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-06-10 10:57 - 2018-03-15 17:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-10 10:57 - 2017-09-29 13:15 - 001310720 _____ C:\Windows\system32\config\BBI
2019-06-10 09:56 - 2018-04-01 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VMware
2019-06-10 09:56 - 2018-04-01 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\VMware
2019-06-10 09:24 - 2018-06-29 09:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\MechCAD
2019-06-08 15:35 - 2018-03-26 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2019-06-08 02:44 - 2018-10-26 10:42 - 000035696 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2019-06-08 02:40 - 2018-06-15 13:15 - 000000769 _____ C:\Users\Administrator\Desktop\kill.bat
2019-06-07 20:30 - 2018-03-21 19:28 - 000000279 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\This PC.lnk
2019-06-07 16:27 - 2018-03-15 17:40 - 000003178 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2019-06-07 00:01 - 2018-03-16 10:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2019-06-06 12:11 - 2018-03-16 13:43 - 000007650 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2019-06-06 06:29 - 2018-03-21 15:58 - 000003362 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D690AB43-282C-486B-B0DB-82BD1691ED6E}
2019-06-06 06:29 - 2018-03-16 13:01 - 000002974 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:29 - 2018-03-16 13:00 - 000003044 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:29 - 2018-03-16 13:00 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:29 - 2018-03-16 13:00 - 000002898 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:29 - 2018-03-16 13:00 - 000002846 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:29 - 2018-03-16 13:00 - 000002804 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:28 - 2018-03-16 13:01 - 000003236 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:28 - 2018-03-16 13:00 - 000003458 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:27 - 2018-09-16 10:00 - 000003186 _____ C:\Windows\System32\Tasks\KMSAutoNet
2019-06-06 02:13 - 2018-04-20 10:31 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Code
2019-06-03 23:42 - 2019-02-03 11:05 - 000001148 _____ C:\Users\Administrator\Desktop\eclipse-php-2018-12-R-win32-x86_64.zip - Shortcut.lnk
2019-06-03 23:27 - 2018-03-27 09:22 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2019-06-01 15:49 - 2018-04-05 09:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Composer
2019-06-01 11:24 - 2018-03-31 13:14 - 000000000 ____D C:\Program Files\Beyond Compare 4
2019-05-24 15:30 - 2017-09-29 18:14 - 000000000 ____D C:\Windows\INF
2019-05-23 16:20 - 2018-04-18 16:59 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Electrum
2019-05-22 13:59 - 2018-08-21 22:23 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Atom
2019-05-21 09:21 - 2018-11-30 18:28 - 000000000 ____D C:\Users\Administrator\Downloads\Soroush Downloads
2019-05-19 01:30 - 2017-09-29 18:16 - 000000000 ____D C:\Windows\system32\NDF
2019-05-17 17:27 - 2017-09-29 18:07 - 000000000 ____D C:\Windows\CbsTemp

==================== Files in the root of some directories =======

2018-06-10 20:01 - 2019-05-07 14:12 - 000000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CC Prefs
2018-08-14 16:28 - 2018-08-25 22:09 - 000000023 _____ () C:\Users\Administrator\AppData\Roaming\brand.ini
2018-06-28 17:04 - 2018-06-28 17:04 - 000011512 _____ () C:\Users\Administrator\AppData\Roaming\Comma Separated Values.TSK
2018-08-14 16:28 - 2018-08-25 22:15 - 001210039 _____ () C:\Users\Administrator\AppData\Roaming\FosPlugin.log
2018-08-14 16:28 - 2018-08-23 16:23 - 000430524 _____ () C:\Users\Administrator\AppData\Roaming\FosRtmp.log
2018-06-10 20:01 - 2019-05-07 13:44 - 000001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-02-05 10:10 - 2019-02-05 10:10 - 000000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND
2019-06-07 19:02 - 2019-06-07 19:02 - 000000738 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2018-03-16 13:43 - 2019-06-06 12:11 - 000007650 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2018-04-06 17:00 - 2018-04-06 17:00 - 000000032 RSHOT () C:\Users\Administrator\AppData\Local\t80.dat

==================== SigCheckExt =======

2017-09-29 18:11 - 2011-12-07 23:07 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
2017-09-29 18:12 - 2017-07-30 16:20 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2017-09-29 18:11 - 2018-01-28 14:30 - 000794112 _____ C:\Windows\system32\xvidcore.dll
2018-03-26 12:23 - 2018-01-28 14:30 - 000311296 _____ C:\Windows\system32\xvidvfw.dll
2017-09-29 18:12 - 2015-10-24 21:30 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2017-09-29 18:12 - 2011-12-07 23:02 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2017-09-29 18:12 - 2012-08-24 21:22 - 000103424 _____ (Thesycon GmbH) C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll
2017-09-29 18:16 - 2013-03-01 06:17 - 000053299 _____ C:\Windows\SysWOW64\pthreadVC.dll
2017-09-29 18:13 - 2014-12-10 13:25 - 002459136 _____ (Python Software Foundation) C:\Windows\SysWOW64\python27.dll
2017-09-29 18:12 - 2017-07-30 16:20 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2017-09-29 18:11 - 2018-01-28 14:30 - 000694784 _____ C:\Windows\SysWOW64\xvidcore.dll
2018-03-26 12:23 - 2018-01-28 14:30 - 000284672 _____ C:\Windows\SysWOW64\xvidvfw.dll

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{db51eec8-8b48-11e9-8c30-e33d0289d743}
{4fac233a-2857-11e8-bb37-a15b8d95977b}
{4fac233b-2857-11e8-bb37-a15b8d95977b}
{4fac233c-2857-11e8-bb37-a15b8d95977b}
timeout 0

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
default {current}
resumeobject {4fac233f-2857-11e8-bb37-a15b8d95977b}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {4fac233a-2857-11e8-bb37-a15b8d95977b}
description EFI USB Device
badmemoryaccess Yes

Firmware Application (101fffff)
-------------------------------
identifier {4fac233b-2857-11e8-bb37-a15b8d95977b}
description EFI DVD/CDROM
badmemoryaccess Yes

Firmware Application (101fffff)
-------------------------------
identifier {4fac233c-2857-11e8-bb37-a15b8d95977b}
description EFI Network
badmemoryaccess Yes

Firmware Application (101fffff)
-------------------------------
identifier {db51eec8-8b48-11e9-8c30-e33d0289d743}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {4fac2341-2857-11e8-bb37-a15b8d95977b}
displaymessageoverride Recovery
recoveryenabled Yes
badmemoryaccess Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {4fac233f-2857-11e8-bb37-a15b8d95977b}
nx OptIn
bootmenupolicy Legacy
hypervisorlaunchtype Off
vga No
quietboot No
bootlog No
sos No

Windows Boot Loader
-------------------
identifier {4fac2341-2857-11e8-bb37-a15b8d95977b}
device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{4fac2342-2857-11e8-bb37-a15b8d95977b}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
badmemoryaccess Yes
osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{4fac2342-2857-11e8-bb37-a15b8d95977b}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {4fac233f-2857-11e8-bb37-a15b8d95977b}
device partition=C:
path \Windows\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {4fac2341-2857-11e8-bb37-a15b8d95977b}
recoveryenabled Yes
badmemoryaccess Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
badmemoryaccess Yes
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local
badmemoryaccess Yes

RAM Defects
-----------
identifier {badmemory}
badmemoryaccess Yes

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
badmemoryaccess Yes

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
badmemoryaccess Yes

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
badmemoryaccess Yes
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
badmemoryaccess Yes

Device options
--------------
identifier {4fac2342-2857-11e8-bb37-a15b8d95977b}
description Windows Recovery
badmemoryaccess Yes
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


LastRegBack: 2019-06-07 12:04
==================== End of FRST.txt ========================

 

[FullStackDev]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2019
Ran by Administrator (12-06-2019 12:52:23)
Running from E:\TechSpot_Virus_Removal_Instructions\TechSpot Instruction
Windows 10 Enterprise Version 1709 16299.192 (X64) (2018-03-15 12:56:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2378293659-431221962-3870085809-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2378293659-431221962-3870085809-503 - Limited - Disabled)
Guest (S-1-5-21-2378293659-431221962-3870085809-501 - Limited - Disabled)
guest11 (S-1-5-21-2378293659-431221962-3870085809-1065 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2378293659-431221962-3870085809-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security (Enabled - Out of date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3012 - Acer Incorporated)
Acronis True Image (HKLM-x32\...\{02907CFD-628F-400B-BB12-1F9126014B10}) (Version: 22.5.10410 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{02907CFD-628F-400B-BB12-1F9126014B10}Visible) (Version: 22.5.10410 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Axure RP (HKLM-x32\...\{008035CA-B7B7-4E56-B641-6918B0639D67}) (Version: 8.1.0.3366 - Axure RP) Hidden
Axure RP (HKLM-x32\...\Axure RP 8.1.0.3366) (Version: 8.1.0.3366 - Axure RP)
Balsamiq Mockups 3 (HKLM-x32\...\{DD3D206D-0E2A-13E1-C0CE-DC751907F1D4}) (Version: 3.5.15 - Balsamiq SRL) Hidden
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.5.15 - Balsamiq SRL)
Beyond Compare 4 (HKLM\...\{382FD58E-226F-418B-8F34-DA8EE89D9550}) (Version: 4.2.4.22795 - Scooter Software, Inc.)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
Crisp (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Crisp) (Version: 5.0.16 - Crisp IM)
D-Link Connection Manager v7.0.3ME (HKLM-x32\...\Broad Mobi HSPA Modem Normal Version_is1) (Version: - )
Docker for Windows (HKLM\...\Docker for Windows) (Version: 17.12.0-ce-win47 - Docker Inc.)
Electrum (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Electrum) (Version: 3.1.2 - Electrum Technologies GmbH)
ESET Smart Security (HKLM\...\{79097F9F-0456-4C0C-9B53-A5E2712119A6}) (Version: 10.1.235.4 - ESET, spol. s r.o.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
Gap Messenger 2.6.0 (only current user) (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\7a047109-c38b-5582-a5cf-87670e7f2e94) (Version: 2.6.0 - Gap Messenger)
Git version 2.16.2 (HKLM\...\Git_is1) (Version: 2.16.2 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\GitHubDesktop) (Version: 1.1.1 - GitHub, Inc.)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto V - The Manual (HKLM-x32\...\{752EBD91-8B95-42B5-8692-A7243A6EEEA9}) (Version: 1.0.0 - Rockstar Games)
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
heroku (HKLM-x32\...\heroku) (Version: - Heroku)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1004 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IPCWebComponents 5.0.0.3 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 5.0.0.3 - FOSCAM)
Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
Java SE Development Kit 8 Update 162 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180162}) (Version: 8.0.1620.12 - Oracle Corporation)
Jenkins 2.121.2 (HKLM-x32\...\{73B65605-756E-46F2-94F8-94E90FC9C76C}) (Version: 0.2.121.2000 - Jenkins project)
JetBrains PhpStorm 2018.1.5 (HKLM-x32\...\PhpStorm 2018.1.5) (Version: 181.5281.19 - JetBrains s.r.o.)
JetBrains PyCharm 2017.2.3 (HKLM-x32\...\PyCharm 2017.2.3) (Version: 172.3968.37 - JetBrains s.r.o.)
K-Lite Mega Codec Pack 14.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP)
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Node.js (HKLM-x32\...\{883ECC46-3EED-4960-B912-1CFAF4A8BDB7}) (Version: 8.9.1 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenVPN 2.3.18-I602 (HKLM\...\OpenVPN) (Version: 2.3.18-I602 - OpenVPN Technologies, Inc.)
Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Parnian8.Office (HKLM-x32\...\{7572F3AF-149B-4961-85AE-5B448FCA381F}) (Version: 7.8.14 - Gostareh Negar)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Pencil Prototyping (HKLM-x32\...\Pencil Prototyping) (Version: - Evolus Co., Ltd.)
PhoneGap Desktop version 0.4.5 (HKLM-x32\...\com.adobe.phonegap.desktop_is1) (Version: 0.4.5 - Adobe Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.4 - Vaclav Slavik)
Postman-win64-6.2.5 (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Postman) (Version: 6.2.5 - Postman)
PremiumSoft Navicat 11.2 for MySQL (HKLM-x32\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.2.14 - PremiumSoft CyberTech Ltd.)
Python 2.7 py2exe-0.6.9 (HKLM-x32\...\py2exe-py2.7) (Version: - )
Python 2.7 py2exe-0.6.9 (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\py2exe-py2.7) (Version: - )
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10426 - Qualcomm)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.303 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21294 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8108 - Realtek Semiconductor Corp.)
Replay Media Catcher 6 (6.0.1.7) (HKLM-x32\...\Replay Media Catcher 6) (Version: 6.0.1.7 - Applian Technologies)
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Skype version 8.32 (HKLM-x32\...\Skype_is1) (Version: 8.32 - Skype Technologies S.A.)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
Soroush Desktop Application (HKLM-x32\...\Soroush_is1) (Version: 0.16.1.0 - )
Symfony version 1.1.3 (HKLM\...\Symfony_is1) (Version: 1.1.3 - Symfony)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.6.3.1 - Tukero[X]Team)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraISO Premium V9.7 (HKLM-x32\...\UltraISO_is1) (Version: - )
Vagrant (HKLM-x32\...\{23A65850-5D62-4A42-9312-D19E58CA5376}) (Version: 2.0.3 - HashiCorp)
VMware Workstation (HKLM\...\{ADC3121A-3EBA-4016-AF64-00B8FE017080}) (Version: 14.1.1 - VMware, Inc.)
VNC Viewer 6.17.1113 (HKLM\...\{26DEBF7F-3876-43C3-8365-5A2B4C604DFA}) (Version: 6.17.1113.31799 - RealVNC Ltd)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 7.2.1-0 - Bitnami)

Packages:
=========
Eclipse Manager -> C:\Program Files\WindowsApps\46928bounde.EclipseManager_3.2.16.0_x64__a5h4egax66k6y [2018-04-02] (Ounce Digital)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt [2018-08-16] (Instagram)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9126.21535.0_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x86__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.18.12091.0_x64__8wekyb3d8bbwe [2018-04-08] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.23.10923.0_x64__8wekyb3d8bbwe [2018-04-08] (Microsoft Corporation) [MS Ad]
Trello -> C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.10.3.0_x64__7pb5ddty8z1pa [2018-04-16] (Trello, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => D:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => D:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxDTCM.dll [2017-11-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => D:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Administrator\Desktop\Pocket.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Web Server for Chrome.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=ofhbbkphhbklhfoeikjpcbhemlocgigb

==================== Loaded Modules (Whitelisted) ==============

2017-11-22 12:04 - 2017-11-22 12:04 - 000277538 _____ () [File not signed] C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2014-12-23 20:23 - 2009-12-17 02:18 - 000233472 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\imageformats\qmng4.dll
2014-12-23 20:23 - 2010-04-03 15:05 - 000380928 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\Launchy.exe
2014-12-23 20:23 - 2010-04-03 15:06 - 000081920 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\calcy.dll
2014-12-23 20:23 - 2010-04-03 15:05 - 000090112 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\controly.dll
2014-12-23 20:23 - 2010-04-03 15:06 - 000024064 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\gcalc.dll
2014-12-23 20:23 - 2010-04-03 15:06 - 000094208 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\runner.dll
2014-12-23 20:23 - 2010-04-03 15:05 - 000057344 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\verby.dll
2014-12-23 20:23 - 2010-04-03 15:05 - 000122880 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\weby.dll
2014-12-23 20:23 - 2009-12-16 23:54 - 002236416 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtCore4.dll
2014-12-23 20:23 - 2009-12-17 00:13 - 008314880 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtGui4.dll
2014-12-23 20:23 - 2009-12-16 23:56 - 000712704 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtNetwork4.dll
2017-11-22 11:51 - 2017-08-15 19:51 - 001477120 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 18:16 - 2019-06-01 13:59 - 000003811 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activation.acronis.com web-api-tih.acronis.com
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> D:\Python27\;D:\Python27\Scripts;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Docker\Docker\Resources\bin;C:\Program Files (x86)\Java\jre1.8.0_162\bin;C:\Program Files (x86)\Java\jdk1.8.0_162\bin;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\nodejs\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;D:\Program Files\HashiCorp\Vagrant\bin;D:\Program Files\Git\cmd;C:\ProgramData\ComposerSetup\bin;C:\xampp\mysql\bin;C:\xampp\apache\bin;D:\Python\phantomjs-2.1.1-windows\bin\;E:\New Soft\ffmpeg\ffmpeg-4.1-win64-static\bin;D:\Program Files\Symfony;C:\xampp\php721;C:\Program Files\WinRAR;L:\Applications\Portable Application For Use\7-ZipPortable\App\7-Zip64;C:\xampp\htdocs\Learning_Symfony\my_project_test\node_modules\.bin;C:\xampp\htdocs\Learning_Symfony\symfony-docs-3.4\_build;
HKU\S-1-5-21-2378293659-431221962-3870085809-500\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\StartupFolder: => "Outlook 2013.lnk"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "Docker for Windows"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "RGSC"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{CA14DA2D-0004-4D9E-8133-7DDEB8FA089D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{0E719808-BC3D-45DE-9189-E1FCFEEF3D5D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [{0BEB4113-76C0-4636-B3F7-387EC7CD24BB}] => (Block) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [{67404E8B-9BFB-4A8D-8929-D1CB188DD20A}] => (Block) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{8237A047-1CF2-4DAE-BBBC-CCAE041ABB11}M:\firefoxportable\app\firefox64\firefox.exe] => (Allow) M:\firefoxportable\app\firefox64\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{F3260B67-218B-48E2-885D-3C036160FBE7}M:\firefoxportable\app\firefox64\firefox.exe] => (Allow) M:\firefoxportable\app\firefox64\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5705884B-23BF-4637-8425-C1A415FA350B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{FF6F5757-9DE5-49A2-9768-10105F6AF411}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{946507FF-2089-45B0-9841-A3A20C434D94}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{B92D3EC9-264D-4366-8F75-BB4F9753F893}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{E5C7DEE5-C517-4558-95D9-9BCC05E3A0AA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> ) [File not signed]
FirewallRules: [{F0FD3C60-3CCB-4EAF-B5A1-2F9CB7DE3D18}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> ) [File not signed]
FirewallRules: [{FF380E3B-4C93-488F-99A4-6186680F390F}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{AD832412-CAFA-4BE6-AC9A-94D6BDB42BBD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{7F2C9AB4-A07B-4169-898D-3E3068820A05}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{95D55EEE-FEF7-40C6-BEEC-97B40FFE91DF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{B00A16CB-CF05-4910-8E49-86AE2CA01BD1}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{BCD6CFBE-CEFA-46EC-BC0C-C108863DBF6B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{B4387C63-29BD-4988-98AA-E944FEF4639D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{C0A96882-B509-4CCB-90D6-6BE126CF55F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{874B5086-112F-4993-B4CC-B159842D51B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CFBC87B8-E5B9-4FC1-8009-2E266A543C51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F52491F6-1697-4993-989F-0940FC02D6E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13E93A8A-3B69-4D51-A6F0-128F123741AC}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{73F70FF1-125B-41B3-855F-FF14036317B0}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{18B85441-B8DD-4939-9184-88AB7A6C61FB}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C089685-2D88-48AE-B545-1349FDF49CA4}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3968C9C8-15E0-4FB5-8D0F-54A867A2B528}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{9130D09C-359E-45CB-B276-ADC694A92CF3}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [TCP Query User{F13EECB2-0010-4006-8A92-6B23379D0AD3}D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe] => (Allow) D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{3B275A50-A906-4BF9-9931-A001D350C186}D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe] => (Allow) D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [TCP Query User{FE5A2366-7446-4E52-A2B4-B88C9D308DFA}M:\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) M:\googlechromeportable\app\chrome-bin\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [UDP Query User{3330D6A8-3F05-4397-8E8B-201A32F2D3F8}M:\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) M:\googlechromeportable\app\chrome-bin\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [DNS Server Forward Rule - TCP - b72a1c95-1b5e-4f7b-946b-ebf1ffe59baa - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - b72a1c95-1b5e-4f7b-946b-ebf1ffe59baa - 0] => (Allow) LPort=53
FirewallRules: [TCP Query User{52FE1933-BB8C-41B2-9AE7-7D9AB8B85D20}D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe] => (Allow) D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe (hxxp://www.ruby-lang.org/) [File not signed]
FirewallRules: [UDP Query User{29EFD8C4-7C52-4ED7-8404-036094AD7439}D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe] => (Allow) D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe (hxxp://www.ruby-lang.org/) [File not signed]
FirewallRules: [{038B5F15-3567-4CAA-8841-07B1A854FA44}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F22E319F-F408-484D-8BDB-2B001E7357B5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FC17FC89-6C67-4993-971D-C3A4ABAD6447}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B27FE67B-7BDA-47B6-B96E-4636AFB6B52C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BC3518A8-64C3-424D-9F52-7E9CC1CD2770}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4A970330-DD1B-4EF8-A5F5-80C45BE56514}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2FD192D5-43BA-4886-819F-AAB47366EB6E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{3A685FE8-F5AC-4F3A-BB27-081DD88F001D}E:\eclipse-java\eclipse\eclipse.exe] => (Allow) E:\eclipse-java\eclipse\eclipse.exe No File
FirewallRules: [UDP Query User{E364DFF8-FCAD-447B-9306-433451C7160D}E:\eclipse-java\eclipse\eclipse.exe] => (Allow) E:\eclipse-java\eclipse\eclipse.exe No File
FirewallRules: [{C9C86E01-3A2E-47EF-8CCC-24B164938090}] => (Allow) D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{EEADF240-900B-4176-8F0C-8900293F1380}] => (Allow) D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{F93975AE-30C4-4E2D-8A39-5703463C2889}] => (Allow) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
FirewallRules: [{EE49ED2B-E5A7-4E41-ADFB-E9F1376200FC}] => (Allow) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
FirewallRules: [TCP Query User{106A2FCD-28D2-481D-BADC-C3DA7935BB97}D:\python27\pythonw.exe] => (Allow) D:\python27\pythonw.exe () [File not signed]
FirewallRules: [UDP Query User{C2B5B1FC-10E4-4944-BE94-7729621DB653}D:\python27\pythonw.exe] => (Allow) D:\python27\pythonw.exe () [File not signed]
FirewallRules: [{A8FB4216-EF01-4BB8-8DF5-A692CAC2DF27}] => (Block) D:\python27\pythonw.exe () [File not signed]
FirewallRules: [{30C95746-097A-479C-A6CA-FA356DC63E12}] => (Block) D:\python27\pythonw.exe () [File not signed]
FirewallRules: [TCP Query User{F953D62C-1BB2-4E82-81DB-F2CFE8F4322C}E:\xampp\mysql\bin\mysqld.exe] => (Allow) E:\xampp\mysql\bin\mysqld.exe No File
FirewallRules: [UDP Query User{A6DA7857-B515-4AB9-AB32-B7C33FFEAA45}E:\xampp\mysql\bin\mysqld.exe] => (Allow) E:\xampp\mysql\bin\mysqld.exe No File
FirewallRules: [{A4C7C420-60C7-41C4-9CC9-8029BADBA66B}] => (Block) E:\xampp\mysql\bin\mysqld.exe No File
FirewallRules: [{164140E8-4D9B-4066-BBC2-2357CFB0A1C7}] => (Block) E:\xampp\mysql\bin\mysqld.exe No File
FirewallRules: [TCP Query User{F60C26B2-E2D5-4645-A403-393E4B737E61}C:\everything-1.2.1.371.exe] => (Allow) C:\everything-1.2.1.371.exe No File
FirewallRules: [UDP Query User{A3B72C70-1F2F-4FA8-AE00-E1E52340CE1E}C:\everything-1.2.1.371.exe] => (Allow) C:\everything-1.2.1.371.exe No File
FirewallRules: [{0062DAFD-9C22-42FA-8A84-E7F88F00D04E}] => (Block) C:\everything-1.2.1.371.exe No File
FirewallRules: [{7083CDEB-14BE-40F6-ADE9-163998C56547}] => (Block) C:\everything-1.2.1.371.exe No File
FirewallRules: [{4E482B8F-01AC-4440-BF46-E112D0597DE4}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{79AC4258-4C3F-4A9B-889C-B10AF8A62313}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{89301777-E67B-46C3-BE81-23AB249290F1}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{BC3D41AF-05BB-433F-8220-412BD206CA5D}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [TCP Query User{604A7DFB-A2A6-47CD-A461-55149002693B}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{589F34C3-39A7-4CE8-B56C-A25B08B4CD5A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{0B3CD393-D80A-4958-8879-1A09DA2FC06D}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{92206858-FD35-4CE3-9DF4-7514298A8E60}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{9E49BEA1-4446-4F02-A082-1BFF07BF0301}D:\portable\eclipse-php\eclipse.exe] => (Allow) D:\portable\eclipse-php\eclipse.exe (Eclipse Foundation, Inc. -> )
FirewallRules: [UDP Query User{56FB9283-1BEE-4888-933B-A4EE13DE9C21}D:\portable\eclipse-php\eclipse.exe] => (Allow) D:\portable\eclipse-php\eclipse.exe (Eclipse Foundation, Inc. -> )
FirewallRules: [TCP Query User{63F7BF1A-7F77-4DF1-A02C-21C8D66A4099}D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [UDP Query User{CC2DE639-C0FB-4A98-BC60-7E6898E211FB}D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [TCP Query User{D4E87016-D82A-40F6-8611-599C22077A9F}C:\program files\java\jdk1.8.0_162\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_162\bin\java.exe
FirewallRules: [UDP Query User{A04CC4B1-82AC-42BE-B91B-BD0D8DAE507B}C:\program files\java\jdk1.8.0_162\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_162\bin\java.exe
FirewallRules: [{9192B726-6E93-4F0D-9471-11C7E05F82EC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4666A8F5-ED4B-4A7F-8B56-27677D630B82}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B6239F34-EAA8-46C0-BD2A-8124C3779B9E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1702E87A-33B1-436A-BAB5-74A9191FF907}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8BD6C664-B7CA-4EBE-9632-C68F8E1A1F53}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0C6F264F-2295-4A44-8077-D0AA240097DA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D51C14A9-05AD-4786-8343-EE7A4A7A1A98}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0DBE2910-325A-417F-AA95-1D9301F1C4EE}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1C7A00E0-F93B-4427-830F-3593B44F1239}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
FirewallRules: [{D9B91157-D71B-484B-87EE-9104D2BBBF03}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
FirewallRules: [{21221ACB-6A49-490E-972F-535D5F9BDE76}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]

 

[FullStackDev]

FirewallRules: [{492E8379-1AE0-46BB-8382-B1A1A0B61FB5}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
FirewallRules: [{911F6A20-2DA2-4762-8E50-1C582D8F4A15}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{F33635DA-EE52-49D8-B2FC-D2D174B8092C}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{5A71994C-3A2B-4EEC-8EB5-4DB9C6FC738E}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{2C46D851-25CA-46E1-9293-F65042B92CAF}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{F7A4E5C6-F26D-4BBC-8463-D1CA974EA875}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{58058DA7-527A-4B1A-8E56-7DA1B10C5B05}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{1A33BA71-2323-4DAA-A551-8D0933F5BEA5}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{2DEF0581-E648-43D5-B265-084CF478659B}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{8FB1089A-5CEC-4C37-B189-2B1C01F0A643}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8CB625BD-8674-45DC-9F29-59F40034298D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DF8F7F88-1844-4803-86C9-25D170CA9868}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{12119C07-C7D5-4D65-AA11-72FCF7141354}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{53E88463-2EE0-4D71-834B-E11D1C06F45F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{550DE14A-8343-4E3E-92AD-8EB3D05F8A5F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E07084C6-A3C7-4735-8568-19DD2CCDAF96}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{79969CF7-2CA8-4EC2-940D-8FB53573F372}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3873667B-63A5-4116-8A77-E12A3777C1FA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{89051CDC-1384-45F2-B7A0-FC1F979AB64A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A1FDE13B-EA89-42DC-AAD8-0AC7F10ED33D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D854A422-DE09-4DBB-8ACA-5F76E982B356}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{743D4CBD-ECB3-4C19-9722-294C52B67E25}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{02835931-86C2-4C2C-9BCA-422AD3B8E08E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C60BDE99-FA4E-43A9-8749-79CC22D66CFC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D53D5CF7-5305-4476-8705-F0AE2CB7EAED}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9ECF389B-D9B4-448D-ABA0-3240EEEFA59A}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe (MetaQuotes Software Corp. -> MetaQuotes Software Corp.)
FirewallRules: [{7201D7DB-0CFB-4F57-ABDA-B9608D117817}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{78DBFC94-CD8C-43BE-99D4-FA1BE9D9E8A1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9B4F6B89-7426-484E-87CE-6F3AF3118440}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3568E0C4-25F2-4054-9B43-FD4E26DD388F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0A98024E-8BC2-4481-BC70-CAD691516D8E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BB21D8AE-EB75-4F68-BB35-9ED39F747036}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{75829F78-5043-45BE-9AD2-C84D2F639F9D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B2FBF2E3-F423-4C1A-845C-FB37C0ADBE33}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{04A45637-8F04-4C31-A6D0-CE0017F38EB7}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2ECBF512-9A71-473C-B313-4C948F4ABB38}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3C51E832-140C-4C70-AAEC-66F86C44A2F5}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7ZipSfx.000\bin\tools\aria2c.exe No File
FirewallRules: [{F3B34D20-53B2-4167-A4CA-3AD9030C5C52}] => (Allow) D:\Program Files (x86)\Jenkins\jre\bin\java.exe
FirewallRules: [{8A249D55-B3A2-46ED-ADF0-F7073C75CFC1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1FC387E5-11C6-4E16-BD03-E4D6321902DB}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F862AE53-7356-437F-8203-762EDE4C9670}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{84F9A2DB-57B2-469C-97DF-3C93C76D0A10}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9527A937-20F1-4A51-9C8E-58E7C4EE4878}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{928CD643-1FA9-4D90-9CEE-3FAB9A688311}] => (Allow) D:\Portable\Utorrent\App\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{379EAE77-8730-4A16-A43D-4B5180162C5F}] => (Allow) D:\Portable\Utorrent\App\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [DNS Server Forward Rule - TCP - 9cc55fed-a673-4a10-b801-8a5e90c758c2 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 9cc55fed-a673-4a10-b801-8a5e90c758c2 - 0] => (Allow) LPort=53
FirewallRules: [{6185A46E-1A3E-46AD-B72A-BCD76435A896}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{380DB46D-BFAF-4568-89C6-CED7C0420ACC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1357FEC1-415B-4253-9015-7E73475129D2}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A7D23EB0-B7D4-416B-A216-F44A2B6AE42C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C97985A1-FD72-4002-B7AC-242A42DE0EB8}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{17A1CAFA-B49C-4A3B-B845-1142DC9F8320}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{616DC261-3870-4170-A08D-F5EEF74FD6FC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9D4D2B72-DFC1-4104-9172-B4C1DB4D082E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E3D8BCBC-C6F9-4FD9-92AF-9E207DEA0EC3}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{90107887-01BE-4FB6-A095-6600C67A1628}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{9AD2E8AD-32EE-4391-A104-8BB5054CE435}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{94281599-651F-44A4-9ADD-F5C420A38342}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B6655CDA-F756-450A-9A25-73D317EC56EC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D3836698-B623-434B-B33C-71E752B8532F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7C6CA454-FB4F-4FEC-B836-3A0BBAA4C663}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E4BA41C5-9FA1-4FAB-8492-204A100C6CD1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9838A325-FD47-4F46-925D-5FB9E1FA3ECC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6A0CAEBE-EC31-47FD-A291-71A1C5301B13}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0D81D271-8614-41E8-9991-7C7A3A7371E4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{3F7E0E80-6CB6-49E6-B6C9-4EA9360FE362}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{CD9FF453-F4C9-44A1-880E-B87DD07A6B98}] => (Allow) D:\Program Files\Anno 2070\Anno5.exe () [File not signed]
FirewallRules: [{A8DDAB56-ABB5-4CEC-B25D-F51FE9C12974}] => (Allow) D:\Program Files\Anno 2070\Anno5.exe () [File not signed]
FirewallRules: [{E71CEC64-4637-493F-987A-9312F1EAB2C0}] => (Allow) D:\Program Files\Anno 2070\AutoPatcher.exe (Related Designs Software) [File not signed]
FirewallRules: [{DBC40916-A7C7-487A-9B90-93714300461B}] => (Allow) D:\Program Files\Anno 2070\AutoPatcher.exe (Related Designs Software) [File not signed]
FirewallRules: [{3AF98CE7-EE65-4EF0-8203-01F84507BDF0}] => (Allow) D:\Program Files\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
FirewallRules: [{25AA78DA-0321-4D4D-B80D-2399025FF3B6}] => (Allow) D:\Program Files\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
FirewallRules: [{1933A7A3-4910-49F5-BBB7-D850171F1816}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{393A2EAF-3E4D-49D4-980C-C462E8CD5102}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C489736B-7C3D-45BB-A2A2-639C8D25D069}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A6A13504-DD59-4A99-837F-E579E611F00B}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8A3FAC95-21C3-42E2-9A8B-57396B2601FD}] => (Allow) C:\Program Files\Docker\Docker\Resources\com.docker.proxy.exe (Docker Inc -> )
FirewallRules: [{B2644480-D57A-43B9-B539-59C6E825E7E2}] => (Allow) LPort=445
FirewallRules: [{1AE2AD95-1546-4BE2-9A77-39314B32B7CA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{43787800-2BFD-4869-BE9B-A83C401DDBCE}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1D846517-9DA8-4177-BBE2-43D1991CE541}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6DAAF372-D4BC-4B7C-A33C-5877455AD8F5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{52083C70-1EC8-4C48-9C8C-784E6812A772}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CA05F10B-5AE4-487A-8B16-89FD9CC03B28}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AEADAD04-581C-4139-867A-75FCBD758610}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{41CB95F2-CB9C-4310-B0F9-03A63AC0DD85}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AE58DE86-0FB9-43FE-896C-30D2096AC680}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0DAA9C5D-B228-4AFB-BE9C-AED85CA98C7A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{86C6A761-9D72-441D-AF7E-7A6BAD83424A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3E23600F-70F7-4822-BE86-5F218993E3F5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E3158F9D-C91A-495B-AB62-64E5A1A06085}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{93FCB6EE-EB94-4A9E-B7EC-3C1ECAB2FD23}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B65CD422-56D3-45FD-8FE8-0B5C05D7DC2E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1B7C6DB7-EC77-4550-B930-FF434D4BFF80}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5BF23895-013B-4EC4-AB4F-41120A509214}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{52E97857-7B4C-485A-9197-3DAF967586BF}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2D16448C-B177-41C0-85DB-DF0F245308EA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{962DA67E-31BE-430D-95E1-3A932992D9F1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AFFD8E48-BCA1-40F2-9493-A9094AF67243}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4CED368C-B0EC-436E-B0F6-B25220092923}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{30540F42-75F4-47C4-A6A2-7C189C116572}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7280A1AB-F1C3-41C6-96C1-1C1626D2CB31}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FC1608A4-1CDF-4A9D-B5EC-5FB5419B0501}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{192A412F-4CDA-4D3F-B90F-78F4B8B92A10}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{97CB41D4-8D01-43E2-A663-4B7323BB8B3A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2B0B2E33-C83C-4F26-BDB2-F65D64DEDBC6}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C82C1415-4627-4A15-9DE8-4405DDB5BE04}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1C48E7E1-F72A-4F50-A126-CD516FE9C1D5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{371880ED-547A-4CE7-901F-ABEDC03FB3FD}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B8984FA8-CD21-4E38-A869-FA97EFF08B5D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C4A3AAA8-9F0C-41A7-9385-7851959430B9}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C0F1CCC5-B4E8-4100-99E9-22E67E87AE1B}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1535AA04-E38F-43CA-BBAE-B96A638DCE6F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DF3B1568-3860-40D4-BE00-758E46DD6CBF}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F863047A-0173-4691-889C-86E3AE914C8D}] => (Allow) LPort=1688

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9 #2
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Hyper-V Virtual Ethernet Adapter #3
Description: Hyper-V Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: VMSMP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2019 11:46:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program xampp-control.exe version 3.2.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2b8c

Start Time: 01d520ee61863697

Termination Time: 4294967295

Application Path: C:\xampp\xampp-control.exe

Report Id: fe3a0f02-22b4-4d78-847a-70b0439efe46

Faulting package full name:

Faulting package-relative application ID:

Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).

For more information, see Help and Support Center at http://www.mysql.com.

Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).

For more information, see Help and Support Center at http://www.mysql.com.

Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).

For more information, see Help and Support Center at http://www.mysql.com.

Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).

For more information, see Help and Support Center at http://www.mysql.com.

Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).

For more information, see Help and Support Center at http://www.mysql.com.

Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).

For more information, see Help and Support Center at http://www.mysql.com.

Error: (06/12/2019 11:44:34 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).

For more information, see Help and Support Center at http://www.mysql.com.


System errors:
=============
Error: (06/12/2019 10:16:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/12/2019 10:11:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/12/2019 08:30:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/12/2019 08:24:04 AM) (Source: DCOM) (EventID: 10016) (User: CODER)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user CODER\Administrator SID (S-1-5-21-2378293659-431221962-3870085809-500) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (06/12/2019 08:18:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/12/2019 08:17:58 AM) (Source: DCOM) (EventID: 10016) (User: CODER)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user CODER\Administrator SID (S-1-5-21-2378293659-431221962-3870085809-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/12/2019 08:15:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/12/2019 08:15:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-04-11 08:37:07.615
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../Wirekeyview&threatid=2147657007&enterprise=0
Name: HackTool:Win32/Wirekeyview
ID: 2147657007
Severity: High
Category: Tool
Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\wirelesskeyview.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\wirelesskeyview.exe->(UPX)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-11 08:37:07.612
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../PasswordFox&threatid=2147670744&enterprise=0
Name: HackTool:Win32/PasswordFox
ID: 2147670744
Severity: High
Category: Tool
Path: file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\passwordfox.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-11 08:37:07.610
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in32/Netpass&threatid=2147605535&enterprise=0
Name: HackTool:Win32/Netpass
ID: 2147605535
Severity: High
Category: Tool
Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\netpass.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\netpass.exe->(UPX)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-11 08:37:07.608
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...Mailpassview&threatid=2147571412&enterprise=0
Name: HackTool:Win32/Mailpassview
ID: 2147571412
Severity: High
Category: Tool
Path: file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\mailpv.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-11 08:37:07.606
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Passview&threatid=2147597639&enterprise=0
Name: HackTool:Win32/Passview
ID: 2147597639
Severity: High
Category: Tool
Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\iepv.exe;containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\rdpv.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\iepv.exe->(UPX);file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\rdpv.exe->(UPX);file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\sniffpass.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-10 15:24:42.142
Description:

 

[FullStackDev]

Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.351.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 15:24:42.142
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 15:24:42.134
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.351.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 15:24:42.134
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.351.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 15:24:42.133
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.351.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2019-06-12 12:52:20.310
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-12 12:52:20.308
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-12 12:48:17.458
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-12 12:48:17.456
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-12 12:47:48.393
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-12 12:47:48.391
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-12 12:47:40.331
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-12 12:47:40.329
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.12 11/08/2017
Motherboard: KBL Charmander_KL
Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 35%
Total physical RAM: 12163.6 MB
Available physical RAM: 7899.52 MB
Total Virtual: 14019.6 MB
Available Virtual: 9924.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:0.64 GB) NTFS
Drive d: (Software) (Fixed) (Total:330 GB) (Free:66.6 GB) NTFS
Drive e: (Data) (Fixed) (Total:600.93 GB) (Free:3.8 GB) NTFS
Drive l: (Files) (Fixed) (Total:4 GB) (Free:0.39 GB) NTFS
Drive m: (PORTABLE) (Fixed) (Total:1.99 GB) (Free:0.23 GB) FAT32
Drive u: (JAVA-ANDROI) (Fixed) (Total:4.99 GB) (Free:0.76 GB) FAT32

\\?\Volume{5617f0d0-8818-4d60-861b-2c1496ee7fed}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{8c0a6d0d-376f-4327-ac68-a09f68a626ea}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 7FA1AE37)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[FullStackDev]

I do all steps and download all 3 step RogueKiller & Malwarebytes & AdwCleaner

One thing: problem exist and when AdwCleaner Restart that computer and when I try to login I see quest11 account again
I remove it again manually

here the reports:

 

[FullStackDev]

RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.16299) 64 bits
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190514_092255, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/06/13 13:28:19 (Duration : 00:12:21)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Bad.Extension (Malicious)] com.docker.service [Docker Inc] -- %ProgramFiles%\Docker\Docker\com.docker.service -> Stopped
[PUP.HackTool (Potentially Malicious)] KMSEmulator -- %programdata%\KMSAutoS\bin\KMSSS.exe -> Stopped
[Bad.Extension (Malicious)] HKEY_CLASSES_ROOT\CLSID\{539E424E-EE72-4439-BB27-6B646D119406} -- [D:\Program Files\Microsoft Office\Office15\Wordcnvpxy.cnv] -> Deleted
[Tr.Gen (Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TNod -- -> Deleted
[Bad.Extension (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\com.docker.service -- [%ProgramFiles%\Docker\Docker\com.docker.service] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMSEmulator -- [%programdata%\KMSAutoS\bin\KMSSS.exe] -> Deleted
[Bad.Extension (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\com.docker.service -- [%ProgramFiles%\Docker\Docker\com.docker.service] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KMSEmulator -- [%programdata%\KMSAutoS\bin\KMSSS.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3C51E832-140C-4C70-AAEC-66F86C44A2F5} -- [%localappdata%\Temp\7ZipSfx.000\bin\tools\aria2c.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3C51E832-140C-4C70-AAEC-66F86C44A2F5} -- [%localappdata%\Temp\7ZipSfx.000\bin\tools\aria2c.exe] -> Deleted
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
[PUP.HackTool (Potentially Malicious)] TNod User & Password Finder -- %programdata%\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder -> Deleted

 

[FullStackDev]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/13/19
Scan Time: 1:36 PM
Log File: 7d93cf14-8dba-11e9-8a7f-9829a647503a.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.0
Update Package Version: 1.0.0
License: Free

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: CODER\Administrator

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 325524
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 1 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [5325], [353142],1.0.0
RiskWare.GameHack, C:\PROGRAM FILES (X86)\GRAND THEFT AUTO V\STEAM_API64.DLL, Quarantined, [7582], [305544],1.0.0
RiskWare.Agent, C:\PROGRAMDATA\RogueKiller\quarantine\FCADFAA7D4DB8FCB.vir\Uninstall.lnk, Quarantined, [3946], [352776],1.0.0
RiskWare.Agent, D:\PROGRAM FILES (X86)\TNOD\UNINST-TNOD.EXE, Quarantined, [3946], [352776],1.0.0

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[FullStackDev]

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-13-2019
# Duration: 00:00:01
# OS: Windows 10 Enterprise
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Applian Technologies

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1298 octets] - [13/06/2019 13:49:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

[FullStackDev]

Another Information:
com.docker.service & KMSEmulator STOPED by RogueKiller not removed. I dont know this is normal or not..

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[FullStackDev]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2019
Ran by Administrator (administrator) on CODER (Acer Aspire A515-51G) (14-06-2019 09:14:22)
Running from E:\TechSpot_Virus_Removal_Instructions\TechSpot Instruction
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 10 Enterprise Version 1709 16299.192 (X64) Language: English (United States)
Default browser: "M:\FirefoxPortable\App\Firefox64\firefox.exe" -osint -url "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
() [File not signed] L:\Applications\Portable Application For Use\Launchy\Launchy.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(ESET, spol. s r.o. -> ESET) D:\Program Files\ESET\ESET Security\egui.exe
(ESET, spol. s r.o. -> ESET) D:\Program Files\ESET\ESET Security\ekrn.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc -> Google Inc.) M:\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxext.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) M:\FirefoxPortable\App\Firefox64\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Rare Ideas, LLC -> PortableApps.com) M:\FirefoxPortable\FirefoxPortable.exe
(Rare Ideas, LLC -> PortableApps.com) M:\GoogleChromePortable\GoogleChromePortable.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ShenZhen Foscam Intelligent Technology Co,Ltd -> ) D:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe
(ShenZhen Foscam Intelligent Technology Co,Ltd -> ) D:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe
(TrueCrypt Foundation -> TrueCrypt Foundation) E:\TrueCrypt\TrueCrypt.exe
Failed to access process -> svchost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-11-22] (Acronis International GmbH -> )
HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381312 2017-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [egui] => D:\Program Files\ESET\ESET Security\ecmds.exe [324216 2017-10-10] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-11-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620720 2017-11-22] (Acronis International GmbH -> )
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\MountPoints2: {94497376-2854-11e8-8b9a-9822ef5d28ca} - "G:\.\StartModem.exe"
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [309168 2016-02-02] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [261552 2016-02-02] (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd)
IFEO\osppsvc.exe: [Debugger] SppExtComObjPatcher.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk [2018-03-19]
ShortcutTarget: Outlook 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> )
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-07-05]
ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BF79A1-3FBD-4FBC-ADE3-1DF80D1C9B67} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {096FD4F4-9B45-4F79-972E-195DA43546F5} - System32\Tasks\Microsoft\Windows\PLA\MyDataCollector => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1462272 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
Task: {0973A22E-04AE-4CDC-BD04-7506C35BB1B1} - System32\Tasks\Stop VI => C:\Users\Administrator\Desktop\stop.bat
Task: {09B1DBE4-3B37-42B9-B688-92D0268E04BB} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [445744 2017-02-15] (Acer Incorporated -> Acer Incorporated)
Task: {0AC40EA4-FFFA-41F7-AD50-22706DEA6576} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2017-02-22] (Acer Incorporated -> Acer Incorporated)
Task: {18E48433-E259-413B-A5BD-F13CADABDE36} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {29581800-DE6F-4DAA-88E4-24E875539A5E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CODER-Administrator Coder => D:\Program Files\Microsoft Office\Office15\MsoSync.exe [469640 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {393F8911-A151-4E38-A558-7B78F2D9FBF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {396CDF69-AB09-417A-8893-1B7822BFD6F8} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4645168 2017-05-24] (Acer Incorporated -> )
Task: {42CDFE7E-E565-4E86-8F8D-789B756E559E} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2767664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
Task: {54CBFF78-B6CC-463F-A01D-8CF8BC00D10A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd -> Piriform Ltd)
Task: {60116705-1C0D-4B43-9B08-2F815F8AF822} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1864640 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6D3F7826-1A11-4D90-8D45-130DC0483413} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {6FEE2E7B-90DA-42EE-AF01-1946C5FDB0EF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {78F053F1-B562-4691-ABE2-BF0E663B4F4E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7C3706F7-5604-4DB7-A95F-4331AA274CF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D260263-EC70-41C9-BEBB-D8DBAD5A7D1C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-02-22] (Acer Incorporated -> )
Task: {933EDA72-8974-4A57-A8B8-60BD97E7135C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {990748EC-D28B-4409-9C4D-569F2B0A5CC1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [964544 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A53C7E44-37C0-4964-89D9-83D24EFEC47D} - System32\Tasks\Microsoft\Windows\PLA\System Resource Report => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1462272 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
Task: {A54A85BE-4325-4930-AEAF-E471B3E016B3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A9BC49B2-B000-43D4-B4D3-BCF5067B2D15} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
Task: {ABC2A8CE-766D-49C9-9126-FDEA4B45FB34} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update => {A6BA00FE-40E8-477C-B713-C64A14F18ADB} C:\Windows\System32\wuautoappupdate.dll [57856 2017-11-26] (Microsoft Windows -> Microsoft Corporation)
Task: {ACB0FAB4-27E6-4AA4-96D7-644992BBB499} - System32\Tasks\DELUSER => C:\Users\Administrator\Desktop\del.bat [24 2019-06-13] () [File not signed]
Task: {E4290767-9AFE-4B69-B222-0D9FF0E0462A} - System32\Tasks\klcp_update => d:\program files (x86)\k-lite codec pack\tools\codectweaktool.exe [1179648 2018-03-19] () [File not signed]
Task: {E5CD5C38-9DE6-4985-92F3-1BF170B7CDFE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [521152 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E6440054-6A9E-4EF8-BD1B-2DBA0BB6E66E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )
Task: {ED014DF2-C992-4016-AB07-3EC5E44D0C34} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {F261EE35-9E83-41C7-B60A-55C09B520852} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FB235D23-1341-4308-827B-C038FE425E5E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536 2016-12-06] (Intel(R) Trust Services -> Intel(R) Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.8.8
Tcpip\..\Interfaces\{4bc6fbac-6a36-4a4a-a401-f4a4f901f0e2}: [NameServer] 10.255.255.254
Tcpip\..\Interfaces\{d660a15d-478e-4d1a-891a-9b9d571f15d7}: [DhcpNameServer] 8.8.8.8 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 5dfsawqm.default
FF DefaultProfile: as51hvxm.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Pencil\Profiles\5dfsawqm.default [2019-04-26]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\as51hvxm.default [2019-06-13]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1jxc1iaw.dev-edition-default [2018-08-01]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cmop4avn.NonDevWorks [2018-08-15]
FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - D:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-02-28] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2018-03-26] [Legacy] [not signed]
FF HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-21] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-04-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-21] (Adobe Systems Incorporated -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google Inc. -> Google, Inc.)
FF Plugin-x32: @IPCWebComponents -> D:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-03-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2721824 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
S3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-17] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; D:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corporation -> Microsoft Corp.)
R2 ekrn; D:\Program Files\ESET\ESET Security\ekrn.exe [2648184 2017-10-10] (ESET, spol. s r.o. -> ESET)
S3 FileZilla Server; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 FosCloudSvr; D:\Program Files (x86)\IPCWebComponents\IPCPlgSvr.exe [91776 2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
R2 FosIPCameraPluginService; D:\Program Files (x86)\IPCWebComponents\FosIPCCoreManager.exe [186496 2017-05-27] (ShenZhen Foscam Intelligent Technology Co,Ltd -> )
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
S3 hns; C:\Windows\System32\HostNetSvc.dll [1412096 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-12-06] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Jenkins; D:\Program Files (x86)\Jenkins\jenkins.exe [360448 2018-07-18] (CloudBees, Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-02-19] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 MBAMService; D:\Program Files\Malewarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-11-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742456 2017-11-22] (Acronis International GmbH -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [38016 2017-10-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-02-15] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-02-15] (Acer Incorporated -> Acer Incorporated)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
S3 VMAuthdService; D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [96232 2018-01-08] (VMware, Inc. -> VMware, Inc.)
S3 vmcompute; C:\Windows\system32\vmcompute.exe [2542592 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
S4 VMwareHostd; D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14347240 2018-01-08] (VMware, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-31] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-31] (Microsoft Corporation -> Microsoft Corporation)
S2 Memcached11211; C:\memcached\memcached.exe -d runservice -p 11211 [X]
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 postgres; "C:\xampp\pgsql\9.5\bin\pg_ctl.exe" runservice -N "postgres" -D "C:\xampp\pgsql\9.5\data"
S4 postgressql; "C:\xampp\pgsql\9.5\bin\pg_ctl.exe" runservice -N "postgressql" -D "C:\xampp\pgsql\9.5\data"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254128 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswblog.sys [320624 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57888 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [257832 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166848 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1031000 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476768 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [220640 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380160 2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133352 2017-12-11] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-04-07] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180088 2017-10-11] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50752 2017-04-07] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [78192 2017-04-07] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [102160 2017-09-25] (ESET, spol. s r.o. -> ESET)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [564304 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [379664 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 hvsocketcontrol; C:\Windows\system32\drivers\hvsocketcontrol.sys [26112 2018-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [89912 2016-08-30] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R1 ISODrive; D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (Jaksta Technologies Pty Ltd -> e2eSoft)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [22320 2017-02-15] (Acer Incorporated -> Acer Incorporated)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 mtkmbim; C:\Windows\System32\drivers\mtkmbim7_x64.sys [208896 2012-12-13] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvac.inf_amd64_2fc0d3600c3c3d39\nvlddmkm.sys [17036560 2018-01-10] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2412976 2017-04-16] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [947712 2017-01-16] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-12-15] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [690520 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R4 truecrypt; E:\TrueCrypt\truecrypt-x64.sys [230864 2014-01-03] (TrueCrypt Foundation -> TrueCrypt Foundation)
S3 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation -> Oracle Corporation)
R1 VfpExt; C:\Windows\System32\drivers\vfpext.sys [1207808 2018-01-01] (Microsoft Windows -> Microsoft Corporation)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331976 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2018-03-19] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-03-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [288296 2018-03-31] (Microsoft Windows -> Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-02-22] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-31] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-14 01:09 - 2019-06-14 01:10 - 011279328 _____ C:\Users\Administrator\Downloads\1058292343265.mp4
2019-06-14 01:09 - 2019-06-14 01:09 - 012680095 _____ C:\Users\Administrator\Downloads\1058291343259.mp4
2019-06-13 23:55 - 2019-06-13 23:56 - 000003590 _____ C:\Windows\System32\Tasks\DELUSER
2019-06-13 23:53 - 2019-06-13 23:54 - 000000024 _____ C:\Users\Administrator\Desktop\del.bat
2019-06-13 22:14 - 2019-06-13 22:19 - 000000000 _____ C:\Windows\SysWOW64\net
2019-06-13 13:53 - 2019-06-13 13:53 - 000000788 _____ C:\Users\Administrator\Desktop\newnew - Shortcut.lnk
2019-06-13 13:48 - 2019-06-13 13:48 - 000001445 _____ C:\Users\Administrator\Desktop\Step2.txt - Shortcut.lnk
2019-06-13 13:48 - 2019-06-13 13:48 - 000001166 _____ C:\Users\Administrator\Desktop\TechSpot Instruction - Shortcut (2).lnk
2019-06-13 13:17 - 2019-06-13 15:02 - 000000000 ____D C:\Users\Administrator\Desktop\do
2019-06-13 13:09 - 2019-06-13 13:33 - 000000000 ____D C:\ProgramData\RogueKiller
2019-06-13 13:07 - 2019-06-13 13:53 - 000000000 ____D C:\AdwCleaner
2019-06-13 13:07 - 2019-06-13 09:32 - 007025360 _____ (Malwarebytes) C:\Users\Administrator\Desktop\AdwCleaner.exe
2019-06-13 13:06 - 2019-06-13 13:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbamtray
2019-06-13 13:06 - 2019-06-13 13:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
2019-06-13 13:06 - 2019-06-13 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-13 13:06 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-06-13 13:06 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-06-13 13:02 - 2019-06-13 14:00 - 000000000 ____D C:\Program Files\RogueKiller
2019-06-13 13:02 - 2019-06-13 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-06-12 14:06 - 2019-06-12 14:06 - 000001166 _____ C:\Users\Administrator\Desktop\TechSpot Instruction - Shortcut.lnk
2019-06-12 12:47 - 2019-06-14 09:14 - 000000000 ____D C:\FRST
2019-06-12 12:42 - 2019-06-12 12:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2019-06-12 12:37 - 2019-06-12 12:37 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-06-12 12:35 - 2019-06-12 12:35 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-06-12 12:33 - 2019-06-14 08:43 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-06-12 12:33 - 2019-06-12 12:33 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-06-12 12:33 - 2019-06-12 12:32 - 001031000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000476768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000380160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-06-12 12:33 - 2019-06-12 12:32 - 000320624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000257832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000254128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000220640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000196000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000166848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-06-12 12:33 - 2019-06-12 12:32 - 000015488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2019-06-12 12:27 - 2019-06-12 12:33 - 000000000 ____D C:\ProgramData\AVAST Software
2019-06-12 11:22 - 2019-06-12 11:22 - 000008645 _____ C:\Users\Administrator\.bash_history
2019-06-12 11:17 - 2019-06-12 11:17 - 000000784 _____ C:\Users\Administrator\Desktop\github_c#_things - Shortcut.lnk
2019-06-10 10:59 - 2019-06-12 12:41 - 000000931 _____ C:\Users\Administrator\Desktop\virus - Shortcut.lnk
2019-06-10 10:53 - 2019-06-10 10:53 - 000001144 _____ C:\Users\Administrator\Desktop\Project - messagespersiaaustraliaanswered=✔ - Shortcut.lnk
2019-06-09 23:06 - 2019-06-13 13:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-09 23:06 - 2019-06-09 23:06 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5456C697.sys
2019-06-09 23:03 - 2019-06-09 23:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-06-09 23:03 - 2019-06-09 23:03 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2019-06-08 03:19 - 2019-06-13 17:27 - 000002406 _____ C:\Windows\System32\Tasks\Stop VI
2019-06-08 02:40 - 2019-06-09 08:10 - 000000574 _____ C:\Users\Administrator\Desktop\stop.bat_
2019-06-07 19:02 - 2019-06-07 19:02 - 000000738 _____ C:\Users\Administrator\AppData\Local\recently-used.xbel
2019-06-05 22:21 - 2019-06-05 22:21 - 000002153 _____ C:\Users\Administrator\Desktop\لیست ارائه دروس.lnk
2019-06-05 15:24 - 2019-06-05 15:24 - 000000853 _____ C:\Users\Administrator\Desktop\Archive T,TT2,TT3,TT4,TT4 Deleted...Copy From AData.lnk
2019-06-05 14:45 - 2019-06-05 14:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\gtk-3.0
2019-06-05 12:45 - 2019-06-05 12:45 - 000000775 _____ C:\Users\Administrator\Desktop\Cut From HTDocs - Shortcut.lnk
2019-06-05 10:40 - 2019-06-05 10:41 - 001060857 _____ C:\Users\Administrator\Downloads\video.mp4
2019-06-05 09:19 - 2019-06-05 09:19 - 000001459 _____ C:\Users\Administrator\Desktop\project86066 - Shortcut.lnk
2019-06-04 22:46 - 2019-06-04 22:46 - 000000798 _____ C:\Users\Administrator\Desktop\check files.lnk
2019-06-04 14:44 - 2019-06-04 14:44 - 000001342 _____ C:\Users\Administrator\Desktop\PHP Personal Finance - Shortcut.lnk
2019-06-04 10:52 - 2019-06-04 10:52 - 000000901 _____ C:\Users\Administrator\Desktop\Eclips - Shortcut.lnk
2019-06-03 15:01 - 2019-06-03 15:01 - 000000919 _____ C:\Users\Administrator\Desktop\استفاده برای روشن بودن سیستم در روز و کلیک برای دریافت پول بیت کوین......بررسی اون سایت مربوط به حجاوااسکریپت که بیت کوین جمع می کرد.lnk
2019-06-03 14:58 - 2019-06-03 14:58 - 000000000 ____D C:\Users\Administrator\workspace
2019-06-02 11:43 - 2019-06-02 11:43 - 003180712 _____ C:\Users\Administrator\Downloads\61204038_2128133783970722_9090820503427527366_n.mp4
2019-06-02 11:42 - 2019-06-02 11:42 - 002094038 _____ C:\Users\Administrator\Downloads\60740600_193844208264326_2299228890290000967_n.mp4
2019-06-01 14:42 - 2019-06-08 13:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\PHP Language Server
2019-06-01 13:58 - 2019-06-01 13:58 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Obsidium
2019-06-01 13:35 - 2019-06-01 13:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Visual Studio Code
2019-05-31 18:14 - 2019-05-31 18:14 - 000118247 _____ C:\Windows\SysWOW64\package-lock.json
2019-05-31 17:30 - 2019-06-01 00:20 - 000000000 ____D C:\Users\Administrator\Desktop\convert CSV to QIF
2019-05-26 13:21 - 2019-05-26 13:21 - 000001097 _____ C:\Users\Administrator\Desktop\fireox addone for download images - Shortcut.lnk
2019-05-23 11:02 - 2019-05-23 11:02 - 000001122 _____ C:\Users\Administrator\Desktop\plese learn this vendor componenets.lnk
2019-05-22 17:59 - 2019-05-22 17:59 - 000000971 _____ C:\Users\Administrator\Desktop\website_image_downloader - Shortcut.lnk
2019-05-22 12:17 - 2019-05-22 12:17 - 000000000 ____D C:\Users\Administrator\Downloads\خرید دیجی کالا
2019-05-20 13:57 - 2019-05-20 13:57 - 000000910 _____ C:\Users\Administrator\Desktop\سرور پایتون.lnk
2019-05-17 22:32 - 2019-05-17 22:32 - 000001131 _____ C:\Users\Administrator\Desktop\Project-Python-Platform_Blogs-Auto-Publisher - Shortcut.lnk
2019-05-16 10:23 - 2019-05-16 10:24 - 000000000 ____D C:\Users\Administrator\Desktop\agahi jadid
2019-05-16 10:10 - 2019-05-16 10:10 - 000001459 _____ C:\Users\Administrator\Desktop\research about this.lnk
2019-05-16 10:06 - 2019-05-16 10:06 - 000001513 _____ C:\Users\Administrator\Desktop\project20057460 - Shortcut.lnk

 

[FullStackDev]

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-14 09:14 - 2018-04-06 16:57 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2019-06-14 08:42 - 2018-03-16 13:03 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2019-06-14 08:42 - 2018-03-15 17:44 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-14 01:01 - 2018-04-12 14:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2019-06-13 18:49 - 2018-03-15 17:22 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-06-13 16:50 - 2018-03-16 16:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2019-06-13 16:50 - 2018-03-15 17:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-13 16:49 - 2018-03-16 10:10 - 000000000 ____D C:\Users\Administrator
2019-06-13 16:49 - 2017-09-29 13:15 - 001310720 _____ C:\Windows\system32\config\BBI
2019-06-13 15:40 - 2018-03-20 01:08 - 000005216 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CODER-Administrator Coder
2019-06-13 13:43 - 2018-05-16 15:46 - 000000000 ____D C:\Program Files (x86)\Grand Theft Auto V
2019-06-13 13:17 - 2019-05-10 19:19 - 000229672 _____ C:\Users\Administrator\Desktop\2.zip
2019-06-13 13:06 - 2017-09-29 18:16 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-06-12 10:39 - 2018-03-26 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DMCache
2019-06-11 23:55 - 2018-03-19 00:18 - 000000000 ____D C:\Users\Administrator\.p2
2019-06-11 22:40 - 2018-03-31 00:08 - 000000000 ____D C:\Users\Administrator\AppData\Local\Eclipse
2019-06-10 22:28 - 2019-01-17 14:24 - 000004320 _____ C:\Users\Administrator\Desktop\ask-do.txt
2019-06-10 09:56 - 2018-04-01 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VMware
2019-06-10 09:56 - 2018-04-01 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\VMware
2019-06-10 09:24 - 2018-06-29 09:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\MechCAD
2019-06-08 15:35 - 2018-03-26 12:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDM
2019-06-08 02:44 - 2018-10-26 10:42 - 000035696 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2019-06-08 02:40 - 2018-06-15 13:15 - 000000769 _____ C:\Users\Administrator\Desktop\kill.bat
2019-06-07 20:30 - 2018-03-21 19:28 - 000000279 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\This PC.lnk
2019-06-07 16:27 - 2018-03-15 17:40 - 000003178 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2019-06-07 00:01 - 2018-03-16 10:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2019-06-06 12:11 - 2018-03-16 13:43 - 000007650 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2019-06-06 06:29 - 2018-03-21 15:58 - 000003362 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D690AB43-282C-486B-B0DB-82BD1691ED6E}
2019-06-06 06:29 - 2018-03-16 13:01 - 000002974 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:29 - 2018-03-16 13:00 - 000003044 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:29 - 2018-03-16 13:00 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:29 - 2018-03-16 13:00 - 000002898 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:29 - 2018-03-16 13:00 - 000002846 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:29 - 2018-03-16 13:00 - 000002804 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:28 - 2018-03-16 13:01 - 000003236 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:28 - 2018-03-16 13:00 - 000003458 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-06 06:27 - 2018-09-16 10:00 - 000003186 _____ C:\Windows\System32\Tasks\KMSAutoNet
2019-06-06 02:13 - 2018-04-20 10:31 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Code
2019-06-03 23:42 - 2019-02-03 11:05 - 000001148 _____ C:\Users\Administrator\Desktop\eclipse-php-2018-12-R-win32-x86_64.zip - Shortcut.lnk
2019-06-03 23:27 - 2018-03-27 09:22 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2019-06-01 15:49 - 2018-04-05 09:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Composer
2019-06-01 11:24 - 2018-03-31 13:14 - 000000000 ____D C:\Program Files\Beyond Compare 4
2019-05-24 15:30 - 2017-09-29 18:14 - 000000000 ____D C:\Windows\INF
2019-05-23 16:20 - 2018-04-18 16:59 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Electrum
2019-05-22 13:59 - 2018-08-21 22:23 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Atom
2019-05-21 09:21 - 2018-11-30 18:28 - 000000000 ____D C:\Users\Administrator\Downloads\Soroush Downloads
2019-05-19 01:30 - 2017-09-29 18:16 - 000000000 ____D C:\Windows\system32\NDF
2019-05-17 17:27 - 2017-09-29 18:07 - 000000000 ____D C:\Windows\CbsTemp

==================== Files in the root of some directories =======

2018-06-10 20:01 - 2019-05-07 14:12 - 000000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CC Prefs
2018-08-14 16:28 - 2018-08-25 22:09 - 000000023 _____ () C:\Users\Administrator\AppData\Roaming\brand.ini
2018-06-28 17:04 - 2018-06-28 17:04 - 000011512 _____ () C:\Users\Administrator\AppData\Roaming\Comma Separated Values.TSK
2018-08-14 16:28 - 2018-08-25 22:15 - 001210039 _____ () C:\Users\Administrator\AppData\Roaming\FosPlugin.log
2018-08-14 16:28 - 2018-08-23 16:23 - 000430524 _____ () C:\Users\Administrator\AppData\Roaming\FosRtmp.log
2018-06-10 20:01 - 2019-05-07 13:44 - 000001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-02-05 10:10 - 2019-02-05 10:10 - 000000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND
2019-06-07 19:02 - 2019-06-07 19:02 - 000000738 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel
2018-03-16 13:43 - 2019-06-06 12:11 - 000007650 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2018-04-06 17:00 - 2018-04-06 17:00 - 000000032 RSHOT () C:\Users\Administrator\AppData\Local\t80.dat

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-06-07 12:04
==================== End of FRST.txt ============================

 

[FullStackDev]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2019
Ran by Administrator (14-06-2019 09:18:11)
Running from E:\TechSpot_Virus_Removal_Instructions\TechSpot Instruction
Windows 10 Enterprise Version 1709 16299.192 (X64) (2018-03-15 12:56:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2378293659-431221962-3870085809-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2378293659-431221962-3870085809-503 - Limited - Disabled)
Guest (S-1-5-21-2378293659-431221962-3870085809-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2378293659-431221962-3870085809-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security (Enabled - Out of date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3012 - Acer Incorporated)
Acronis True Image (HKLM-x32\...\{02907CFD-628F-400B-BB12-1F9126014B10}) (Version: 22.5.10410 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{02907CFD-628F-400B-BB12-1F9126014B10}Visible) (Version: 22.5.10410 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Axure RP (HKLM-x32\...\{008035CA-B7B7-4E56-B641-6918B0639D67}) (Version: 8.1.0.3366 - Axure RP) Hidden
Axure RP (HKLM-x32\...\Axure RP 8.1.0.3366) (Version: 8.1.0.3366 - Axure RP)
Balsamiq Mockups 3 (HKLM-x32\...\{DD3D206D-0E2A-13E1-C0CE-DC751907F1D4}) (Version: 3.5.15 - Balsamiq SRL) Hidden
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.5.15 - Balsamiq SRL)
Beyond Compare 4 (HKLM\...\{382FD58E-226F-418B-8F34-DA8EE89D9550}) (Version: 4.2.4.22795 - Scooter Software, Inc.)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
Crisp (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Crisp) (Version: 5.0.16 - Crisp IM)
D-Link Connection Manager v7.0.3ME (HKLM-x32\...\Broad Mobi HSPA Modem Normal Version_is1) (Version: - )
Docker for Windows (HKLM\...\Docker for Windows) (Version: 17.12.0-ce-win47 - Docker Inc.)
Electrum (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Electrum) (Version: 3.1.2 - Electrum Technologies GmbH)
ESET Smart Security (HKLM\...\{79097F9F-0456-4C0C-9B53-A5E2712119A6}) (Version: 10.1.235.4 - ESET, spol. s r.o.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
Gap Messenger 2.6.0 (only current user) (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\7a047109-c38b-5582-a5cf-87670e7f2e94) (Version: 2.6.0 - Gap Messenger)
Git version 2.16.2 (HKLM\...\Git_is1) (Version: 2.16.2 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\GitHubDesktop) (Version: 1.1.1 - GitHub, Inc.)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto V - The Manual (HKLM-x32\...\{752EBD91-8B95-42B5-8692-A7243A6EEEA9}) (Version: 1.0.0 - Rockstar Games)
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
heroku (HKLM-x32\...\heroku) (Version: - Heroku)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1004 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IPCWebComponents 5.0.0.3 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 5.0.0.3 - FOSCAM)
Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
Java SE Development Kit 8 Update 162 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180162}) (Version: 8.0.1620.12 - Oracle Corporation)
Jenkins 2.121.2 (HKLM-x32\...\{73B65605-756E-46F2-94F8-94E90FC9C76C}) (Version: 0.2.121.2000 - Jenkins project)
JetBrains PhpStorm 2018.1.5 (HKLM-x32\...\PhpStorm 2018.1.5) (Version: 181.5281.19 - JetBrains s.r.o.)
JetBrains PyCharm 2017.2.3 (HKLM-x32\...\PyCharm 2017.2.3) (Version: 172.3968.37 - JetBrains s.r.o.)
K-Lite Mega Codec Pack 14.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.5 - KLCP)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Node.js (HKLM-x32\...\{883ECC46-3EED-4960-B912-1CFAF4A8BDB7}) (Version: 8.9.1 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenVPN 2.3.18-I602 (HKLM\...\OpenVPN) (Version: 2.3.18-I602 - OpenVPN Technologies, Inc.)
Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Parnian8.Office (HKLM-x32\...\{7572F3AF-149B-4961-85AE-5B448FCA381F}) (Version: 7.8.14 - Gostareh Negar)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Pencil Prototyping (HKLM-x32\...\Pencil Prototyping) (Version: - Evolus Co., Ltd.)
PhoneGap Desktop version 0.4.5 (HKLM-x32\...\com.adobe.phonegap.desktop_is1) (Version: 0.4.5 - Adobe Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.4 - Vaclav Slavik)
Postman-win64-6.2.5 (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\Postman) (Version: 6.2.5 - Postman)
PremiumSoft Navicat 11.2 for MySQL (HKLM-x32\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.2.14 - PremiumSoft CyberTech Ltd.)
Python 2.7 py2exe-0.6.9 (HKLM-x32\...\py2exe-py2.7) (Version: - )
Python 2.7 py2exe-0.6.9 (HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\py2exe-py2.7) (Version: - )
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10426 - Qualcomm)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.303 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21294 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8108 - Realtek Semiconductor Corp.)
Replay Media Catcher 6 (6.0.1.7) (HKLM-x32\...\Replay Media Catcher 6) (Version: 6.0.1.7 - Applian Technologies)
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
Skype version 8.32 (HKLM-x32\...\Skype_is1) (Version: 8.32 - Skype Technologies S.A.)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
Soroush Desktop Application (HKLM-x32\...\Soroush_is1) (Version: 0.16.1.0 - )
Symfony version 1.1.3 (HKLM\...\Symfony_is1) (Version: 1.1.3 - Symfony)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraISO Premium V9.7 (HKLM-x32\...\UltraISO_is1) (Version: - )
Vagrant (HKLM-x32\...\{23A65850-5D62-4A42-9312-D19E58CA5376}) (Version: 2.0.3 - HashiCorp)
VMware Workstation (HKLM\...\{ADC3121A-3EBA-4016-AF64-00B8FE017080}) (Version: 14.1.1 - VMware, Inc.)
VNC Viewer 6.17.1113 (HKLM\...\{26DEBF7F-3876-43C3-8365-5A2B4C604DFA}) (Version: 6.17.1113.31799 - RealVNC Ltd)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 7.2.1-0 - Bitnami)

Packages:
=========
Eclipse Manager -> C:\Program Files\WindowsApps\46928bounde.EclipseManager_3.2.16.0_x64__a5h4egax66k6y [2018-04-02] (Ounce Digital)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt [2018-08-16] (Instagram)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9126.21535.0_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.2.0_x86__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.18.12091.0_x64__8wekyb3d8bbwe [2018-04-08] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.23.10923.0_x64__8wekyb3d8bbwe [2018-04-08] (Microsoft Corporation) [MS Ad]
Trello -> C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.10.3.0_x64__7pb5ddty8z1pa [2018-04-16] (Trello, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2378293659-431221962-3870085809-500_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => D:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => D:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malewarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxDTCM.dll [2017-11-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2018-01-11] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Program Files\ESET\ESET Security\shellExt.dll [2017-10-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files\Malewarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => D:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => D:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Administrator\Desktop\Pocket.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Web Server for Chrome.lnk -> M:\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.) -> --user-data-dir="M:\GoogleChromePortable\Data\profile" --profile-directory=Default --app-id=ofhbbkphhbklhfoeikjpcbhemlocgigb

==================== Loaded Modules (Whitelisted) ==============

2017-11-22 12:04 - 2017-11-22 12:04 - 000277538 _____ () [File not signed] C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2014-12-23 20:23 - 2009-12-17 02:18 - 000233472 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\imageformats\qmng4.dll
2014-12-23 20:23 - 2010-04-03 15:05 - 000380928 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\Launchy.exe
2014-12-23 20:23 - 2010-04-03 15:06 - 000081920 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\calcy.dll
2014-12-23 20:23 - 2010-04-03 15:05 - 000090112 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\controly.dll
2014-12-23 20:23 - 2010-04-03 15:06 - 000024064 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\gcalc.dll
2014-12-23 20:23 - 2010-04-03 15:06 - 000094208 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\runner.dll
2014-12-23 20:23 - 2010-04-03 15:05 - 000057344 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\verby.dll
2014-12-23 20:23 - 2010-04-03 15:05 - 000122880 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\plugins\weby.dll
2014-12-23 20:23 - 2009-12-16 23:54 - 002236416 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtCore4.dll
2014-12-23 20:23 - 2009-12-17 00:13 - 008314880 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtGui4.dll
2014-12-23 20:23 - 2009-12-16 23:56 - 000712704 _____ () [File not signed] L:\Applications\Portable Application For Use\Launchy\QtNetwork4.dll
2017-11-22 11:51 - 2017-08-15 19:51 - 001477120 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 18:16 - 2019-06-13 13:43 - 000003734 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activation.acronis.com web-api-tih.acronis.com
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> D:\Python27\;D:\Python27\Scripts;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Docker\Docker\Resources\bin;C:\Program Files (x86)\Java\jre1.8.0_162\bin;C:\Program Files (x86)\Java\jdk1.8.0_162\bin;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\nodejs\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;D:\Program Files\HashiCorp\Vagrant\bin;D:\Program Files\Git\cmd;C:\ProgramData\ComposerSetup\bin;C:\xampp\mysql\bin;C:\xampp\apache\bin;D:\Python\phantomjs-2.1.1-windows\bin\;E:\New Soft\ffmpeg\ffmpeg-4.1-win64-static\bin;D:\Program Files\Symfony;C:\xampp\php721;C:\Program Files\WinRAR;L:\Applications\Portable Application For Use\7-ZipPortable\App\7-Zip64;C:\xampp\htdocs\Learning_Symfony\my_project_test\node_modules\.bin;C:\xampp\htdocs\Learning_Symfony\symfony-docs-3.4\_build;
HKU\S-1-5-21-2378293659-431221962-3870085809-500\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\StartupFolder: => "Outlook 2013.lnk"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "Docker for Windows"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "RGSC"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2378293659-431221962-3870085809-500\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{CA14DA2D-0004-4D9E-8133-7DDEB8FA089D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{0E719808-BC3D-45DE-9189-E1FCFEEF3D5D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [{0BEB4113-76C0-4636-B3F7-387EC7CD24BB}] => (Block) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [{67404E8B-9BFB-4A8D-8929-D1CB188DD20A}] => (Block) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{8237A047-1CF2-4DAE-BBBC-CCAE041ABB11}M:\firefoxportable\app\firefox64\firefox.exe] => (Allow) M:\firefoxportable\app\firefox64\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{F3260B67-218B-48E2-885D-3C036160FBE7}M:\firefoxportable\app\firefox64\firefox.exe] => (Allow) M:\firefoxportable\app\firefox64\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5705884B-23BF-4637-8425-C1A415FA350B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{FF6F5757-9DE5-49A2-9768-10105F6AF411}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{946507FF-2089-45B0-9841-A3A20C434D94}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{B92D3EC9-264D-4366-8F75-BB4F9753F893}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{E5C7DEE5-C517-4558-95D9-9BCC05E3A0AA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> ) [File not signed]
FirewallRules: [{F0FD3C60-3CCB-4EAF-B5A1-2F9CB7DE3D18}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> ) [File not signed]
FirewallRules: [{FF380E3B-4C93-488F-99A4-6186680F390F}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{AD832412-CAFA-4BE6-AC9A-94D6BDB42BBD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{7F2C9AB4-A07B-4169-898D-3E3068820A05}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{95D55EEE-FEF7-40C6-BEEC-97B40FFE91DF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{B00A16CB-CF05-4910-8E49-86AE2CA01BD1}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{BCD6CFBE-CEFA-46EC-BC0C-C108863DBF6B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{B4387C63-29BD-4988-98AA-E944FEF4639D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{C0A96882-B509-4CCB-90D6-6BE126CF55F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{874B5086-112F-4993-B4CC-B159842D51B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CFBC87B8-E5B9-4FC1-8009-2E266A543C51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F52491F6-1697-4993-989F-0940FC02D6E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13E93A8A-3B69-4D51-A6F0-128F123741AC}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{73F70FF1-125B-41B3-855F-FF14036317B0}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{18B85441-B8DD-4939-9184-88AB7A6C61FB}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C089685-2D88-48AE-B545-1349FDF49CA4}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3968C9C8-15E0-4FB5-8D0F-54A867A2B528}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{9130D09C-359E-45CB-B276-ADC694A92CF3}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [TCP Query User{F13EECB2-0010-4006-8A92-6B23379D0AD3}D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe] => (Allow) D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{3B275A50-A906-4BF9-9931-A001D350C186}D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe] => (Allow) D:\program files\jetbrains\pycharm 2017.2.3\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [TCP Query User{FE5A2366-7446-4E52-A2B4-B88C9D308DFA}M:\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) M:\googlechromeportable\app\chrome-bin\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [UDP Query User{3330D6A8-3F05-4397-8E8B-201A32F2D3F8}M:\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) M:\googlechromeportable\app\chrome-bin\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [DNS Server Forward Rule - TCP - b72a1c95-1b5e-4f7b-946b-ebf1ffe59baa - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - b72a1c95-1b5e-4f7b-946b-ebf1ffe59baa - 0] => (Allow) LPort=53
FirewallRules: [TCP Query User{52FE1933-BB8C-41B2-9AE7-7D9AB8B85D20}D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe] => (Allow) D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe (hxxp://www.ruby-lang.org/) [File not signed]
FirewallRules: [UDP Query User{29EFD8C4-7C52-4ED7-8404-036094AD7439}D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe] => (Allow) D:\program files\hashicorp\vagrant\embedded\mingw64\bin\ruby.exe (hxxp://www.ruby-lang.org/) [File not signed]
FirewallRules: [{038B5F15-3567-4CAA-8841-07B1A854FA44}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F22E319F-F408-484D-8BDB-2B001E7357B5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FC17FC89-6C67-4993-971D-C3A4ABAD6447}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B27FE67B-7BDA-47B6-B96E-4636AFB6B52C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BC3518A8-64C3-424D-9F52-7E9CC1CD2770}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4A970330-DD1B-4EF8-A5F5-80C45BE56514}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2FD192D5-43BA-4886-819F-AAB47366EB6E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{3A685FE8-F5AC-4F3A-BB27-081DD88F001D}E:\eclipse-java\eclipse\eclipse.exe] => (Allow) E:\eclipse-java\eclipse\eclipse.exe No File
FirewallRules: [UDP Query User{E364DFF8-FCAD-447B-9306-433451C7160D}E:\eclipse-java\eclipse\eclipse.exe] => (Allow) E:\eclipse-java\eclipse\eclipse.exe No File
FirewallRules: [{C9C86E01-3A2E-47EF-8CCC-24B164938090}] => (Allow) D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{EEADF240-900B-4176-8F0C-8900293F1380}] => (Allow) D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{F93975AE-30C4-4E2D-8A39-5703463C2889}] => (Allow) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
FirewallRules: [{EE49ED2B-E5A7-4E41-ADFB-E9F1376200FC}] => (Allow) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG) [File not signed]
FirewallRules: [TCP Query User{106A2FCD-28D2-481D-BADC-C3DA7935BB97}D:\python27\pythonw.exe] => (Allow) D:\python27\pythonw.exe () [File not signed]
FirewallRules: [UDP Query User{C2B5B1FC-10E4-4944-BE94-7729621DB653}D:\python27\pythonw.exe] => (Allow) D:\python27\pythonw.exe () [File not signed]
FirewallRules: [{A8FB4216-EF01-4BB8-8DF5-A692CAC2DF27}] => (Block) D:\python27\pythonw.exe () [File not signed]
FirewallRules: [{30C95746-097A-479C-A6CA-FA356DC63E12}] => (Block) D:\python27\pythonw.exe () [File not signed]
FirewallRules: [TCP Query User{F953D62C-1BB2-4E82-81DB-F2CFE8F4322C}E:\xampp\mysql\bin\mysqld.exe] => (Allow) E:\xampp\mysql\bin\mysqld.exe No File
FirewallRules: [UDP Query User{A6DA7857-B515-4AB9-AB32-B7C33FFEAA45}E:\xampp\mysql\bin\mysqld.exe] => (Allow) E:\xampp\mysql\bin\mysqld.exe No File
FirewallRules: [{A4C7C420-60C7-41C4-9CC9-8029BADBA66B}] => (Block) E:\xampp\mysql\bin\mysqld.exe No File
FirewallRules: [{164140E8-4D9B-4066-BBC2-2357CFB0A1C7}] => (Block) E:\xampp\mysql\bin\mysqld.exe No File
FirewallRules: [TCP Query User{F60C26B2-E2D5-4645-A403-393E4B737E61}C:\everything-1.2.1.371.exe] => (Allow) C:\everything-1.2.1.371.exe No File
FirewallRules: [UDP Query User{A3B72C70-1F2F-4FA8-AE00-E1E52340CE1E}C:\everything-1.2.1.371.exe] => (Allow) C:\everything-1.2.1.371.exe No File
FirewallRules: [{0062DAFD-9C22-42FA-8A84-E7F88F00D04E}] => (Block) C:\everything-1.2.1.371.exe No File
FirewallRules: [{7083CDEB-14BE-40F6-ADE9-163998C56547}] => (Block) C:\everything-1.2.1.371.exe No File
FirewallRules: [{4E482B8F-01AC-4440-BF46-E112D0597DE4}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{79AC4258-4C3F-4A9B-889C-B10AF8A62313}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{89301777-E67B-46C3-BE81-23AB249290F1}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{BC3D41AF-05BB-433F-8220-412BD206CA5D}] => (Allow) D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [TCP Query User{604A7DFB-A2A6-47CD-A461-55149002693B}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{589F34C3-39A7-4CE8-B56C-A25B08B4CD5A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{0B3CD393-D80A-4958-8879-1A09DA2FC06D}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{92206858-FD35-4CE3-9DF4-7514298A8E60}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{9E49BEA1-4446-4F02-A082-1BFF07BF0301}D:\portable\eclipse-php\eclipse.exe] => (Allow) D:\portable\eclipse-php\eclipse.exe (Eclipse Foundation, Inc. -> )
FirewallRules: [UDP Query User{56FB9283-1BEE-4888-933B-A4EE13DE9C21}D:\portable\eclipse-php\eclipse.exe] => (Allow) D:\portable\eclipse-php\eclipse.exe (Eclipse Foundation, Inc. -> )
FirewallRules: [TCP Query User{63F7BF1A-7F77-4DF1-A02C-21C8D66A4099}D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [UDP Query User{CC2DE639-C0FB-4A98-BC60-7E6898E211FB}D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [TCP Query User{D4E87016-D82A-40F6-8611-599C22077A9F}C:\program files\java\jdk1.8.0_162\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_162\bin\java.exe
FirewallRules: [UDP Query User{A04CC4B1-82AC-42BE-B91B-BD0D8DAE507B}C:\program files\java\jdk1.8.0_162\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_162\bin\java.exe
FirewallRules: [{9192B726-6E93-4F0D-9471-11C7E05F82EC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4666A8F5-ED4B-4A7F-8B56-27677D630B82}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B6239F34-EAA8-46C0-BD2A-8124C3779B9E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1702E87A-33B1-436A-BAB5-74A9191FF907}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8BD6C664-B7CA-4EBE-9632-C68F8E1A1F53}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)

 

[FullStackDev]

FirewallRules: [{0C6F264F-2295-4A44-8077-D0AA240097DA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D51C14A9-05AD-4786-8343-EE7A4A7A1A98}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0DBE2910-325A-417F-AA95-1D9301F1C4EE}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1C7A00E0-F93B-4427-830F-3593B44F1239}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
FirewallRules: [{D9B91157-D71B-484B-87EE-9104D2BBBF03}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
FirewallRules: [{21221ACB-6A49-490E-972F-535D5F9BDE76}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
FirewallRules: [{492E8379-1AE0-46BB-8382-B1A1A0B61FB5}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd -> Jaksta Technologies Pty Ltd) [File not signed]
FirewallRules: [{911F6A20-2DA2-4762-8E50-1C582D8F4A15}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{F33635DA-EE52-49D8-B2FC-D2D174B8092C}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{5A71994C-3A2B-4EEC-8EB5-4DB9C6FC738E}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{2C46D851-25CA-46E1-9293-F65042B92CAF}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{F7A4E5C6-F26D-4BBC-8463-D1CA974EA875}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{58058DA7-527A-4B1A-8E56-7DA1B10C5B05}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{1A33BA71-2323-4DAA-A551-8D0933F5BEA5}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{2DEF0581-E648-43D5-B265-084CF478659B}] => (Allow) D:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe (Jaksta Technologies Pty Ltd -> )
FirewallRules: [{8FB1089A-5CEC-4C37-B189-2B1C01F0A643}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8CB625BD-8674-45DC-9F29-59F40034298D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DF8F7F88-1844-4803-86C9-25D170CA9868}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{12119C07-C7D5-4D65-AA11-72FCF7141354}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{53E88463-2EE0-4D71-834B-E11D1C06F45F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{550DE14A-8343-4E3E-92AD-8EB3D05F8A5F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E07084C6-A3C7-4735-8568-19DD2CCDAF96}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{79969CF7-2CA8-4EC2-940D-8FB53573F372}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3873667B-63A5-4116-8A77-E12A3777C1FA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{89051CDC-1384-45F2-B7A0-FC1F979AB64A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A1FDE13B-EA89-42DC-AAD8-0AC7F10ED33D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D854A422-DE09-4DBB-8ACA-5F76E982B356}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{743D4CBD-ECB3-4C19-9722-294C52B67E25}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{02835931-86C2-4C2C-9BCA-422AD3B8E08E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C60BDE99-FA4E-43A9-8749-79CC22D66CFC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D53D5CF7-5305-4476-8705-F0AE2CB7EAED}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9ECF389B-D9B4-448D-ABA0-3240EEEFA59A}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe (MetaQuotes Software Corp. -> MetaQuotes Software Corp.)
FirewallRules: [{7201D7DB-0CFB-4F57-ABDA-B9608D117817}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{78DBFC94-CD8C-43BE-99D4-FA1BE9D9E8A1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9B4F6B89-7426-484E-87CE-6F3AF3118440}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3568E0C4-25F2-4054-9B43-FD4E26DD388F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0A98024E-8BC2-4481-BC70-CAD691516D8E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BB21D8AE-EB75-4F68-BB35-9ED39F747036}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{75829F78-5043-45BE-9AD2-C84D2F639F9D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B2FBF2E3-F423-4C1A-845C-FB37C0ADBE33}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{04A45637-8F04-4C31-A6D0-CE0017F38EB7}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2ECBF512-9A71-473C-B313-4C948F4ABB38}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F3B34D20-53B2-4167-A4CA-3AD9030C5C52}] => (Allow) D:\Program Files (x86)\Jenkins\jre\bin\java.exe
FirewallRules: [{8A249D55-B3A2-46ED-ADF0-F7073C75CFC1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1FC387E5-11C6-4E16-BD03-E4D6321902DB}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F862AE53-7356-437F-8203-762EDE4C9670}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{84F9A2DB-57B2-469C-97DF-3C93C76D0A10}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9527A937-20F1-4A51-9C8E-58E7C4EE4878}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{928CD643-1FA9-4D90-9CEE-3FAB9A688311}] => (Allow) D:\Portable\Utorrent\App\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{379EAE77-8730-4A16-A43D-4B5180162C5F}] => (Allow) D:\Portable\Utorrent\App\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [DNS Server Forward Rule - TCP - 9cc55fed-a673-4a10-b801-8a5e90c758c2 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 9cc55fed-a673-4a10-b801-8a5e90c758c2 - 0] => (Allow) LPort=53
FirewallRules: [{6185A46E-1A3E-46AD-B72A-BCD76435A896}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{380DB46D-BFAF-4568-89C6-CED7C0420ACC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1357FEC1-415B-4253-9015-7E73475129D2}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A7D23EB0-B7D4-416B-A216-F44A2B6AE42C}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C97985A1-FD72-4002-B7AC-242A42DE0EB8}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{17A1CAFA-B49C-4A3B-B845-1142DC9F8320}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{616DC261-3870-4170-A08D-F5EEF74FD6FC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9D4D2B72-DFC1-4104-9172-B4C1DB4D082E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E3D8BCBC-C6F9-4FD9-92AF-9E207DEA0EC3}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{90107887-01BE-4FB6-A095-6600C67A1628}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{9AD2E8AD-32EE-4391-A104-8BB5054CE435}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{94281599-651F-44A4-9ADD-F5C420A38342}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B6655CDA-F756-450A-9A25-73D317EC56EC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D3836698-B623-434B-B33C-71E752B8532F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7C6CA454-FB4F-4FEC-B836-3A0BBAA4C663}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E4BA41C5-9FA1-4FAB-8492-204A100C6CD1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9838A325-FD47-4F46-925D-5FB9E1FA3ECC}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6A0CAEBE-EC31-47FD-A291-71A1C5301B13}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0D81D271-8614-41E8-9991-7C7A3A7371E4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{3F7E0E80-6CB6-49E6-B6C9-4EA9360FE362}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{CD9FF453-F4C9-44A1-880E-B87DD07A6B98}] => (Allow) D:\Program Files\Anno 2070\Anno5.exe () [File not signed]
FirewallRules: [{A8DDAB56-ABB5-4CEC-B25D-F51FE9C12974}] => (Allow) D:\Program Files\Anno 2070\Anno5.exe () [File not signed]
FirewallRules: [{E71CEC64-4637-493F-987A-9312F1EAB2C0}] => (Allow) D:\Program Files\Anno 2070\AutoPatcher.exe (Related Designs Software) [File not signed]
FirewallRules: [{DBC40916-A7C7-487A-9B90-93714300461B}] => (Allow) D:\Program Files\Anno 2070\AutoPatcher.exe (Related Designs Software) [File not signed]
FirewallRules: [{3AF98CE7-EE65-4EF0-8203-01F84507BDF0}] => (Allow) D:\Program Files\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
FirewallRules: [{25AA78DA-0321-4D4D-B80D-2399025FF3B6}] => (Allow) D:\Program Files\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
FirewallRules: [{1933A7A3-4910-49F5-BBB7-D850171F1816}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{393A2EAF-3E4D-49D4-980C-C462E8CD5102}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C489736B-7C3D-45BB-A2A2-639C8D25D069}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A6A13504-DD59-4A99-837F-E579E611F00B}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8A3FAC95-21C3-42E2-9A8B-57396B2601FD}] => (Allow) C:\Program Files\Docker\Docker\Resources\com.docker.proxy.exe (Docker Inc -> )
FirewallRules: [{B2644480-D57A-43B9-B539-59C6E825E7E2}] => (Allow) LPort=445
FirewallRules: [{1AE2AD95-1546-4BE2-9A77-39314B32B7CA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{43787800-2BFD-4869-BE9B-A83C401DDBCE}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1D846517-9DA8-4177-BBE2-43D1991CE541}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6DAAF372-D4BC-4B7C-A33C-5877455AD8F5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{52083C70-1EC8-4C48-9C8C-784E6812A772}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CA05F10B-5AE4-487A-8B16-89FD9CC03B28}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AEADAD04-581C-4139-867A-75FCBD758610}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{41CB95F2-CB9C-4310-B0F9-03A63AC0DD85}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AE58DE86-0FB9-43FE-896C-30D2096AC680}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0DAA9C5D-B228-4AFB-BE9C-AED85CA98C7A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{86C6A761-9D72-441D-AF7E-7A6BAD83424A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3E23600F-70F7-4822-BE86-5F218993E3F5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E3158F9D-C91A-495B-AB62-64E5A1A06085}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{93FCB6EE-EB94-4A9E-B7EC-3C1ECAB2FD23}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B65CD422-56D3-45FD-8FE8-0B5C05D7DC2E}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1B7C6DB7-EC77-4550-B930-FF434D4BFF80}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5BF23895-013B-4EC4-AB4F-41120A509214}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{52E97857-7B4C-485A-9197-3DAF967586BF}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2D16448C-B177-41C0-85DB-DF0F245308EA}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{962DA67E-31BE-430D-95E1-3A932992D9F1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AFFD8E48-BCA1-40F2-9493-A9094AF67243}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4CED368C-B0EC-436E-B0F6-B25220092923}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{30540F42-75F4-47C4-A6A2-7C189C116572}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7280A1AB-F1C3-41C6-96C1-1C1626D2CB31}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FC1608A4-1CDF-4A9D-B5EC-5FB5419B0501}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{192A412F-4CDA-4D3F-B90F-78F4B8B92A10}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{97CB41D4-8D01-43E2-A663-4B7323BB8B3A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2B0B2E33-C83C-4F26-BDB2-F65D64DEDBC6}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C82C1415-4627-4A15-9DE8-4405DDB5BE04}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1C48E7E1-F72A-4F50-A126-CD516FE9C1D5}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{371880ED-547A-4CE7-901F-ABEDC03FB3FD}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B8984FA8-CD21-4E38-A869-FA97EFF08B5D}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C4A3AAA8-9F0C-41A7-9385-7851959430B9}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C0F1CCC5-B4E8-4100-99E9-22E67E87AE1B}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1535AA04-E38F-43CA-BBAE-B96A638DCE6F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DF3B1568-3860-40D4-BE00-758E46DD6CBF}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F863047A-0173-4691-889C-86E3AE914C8D}] => (Allow) LPort=1688

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9 #2
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Hyper-V Virtual Ethernet Adapter #3
Description: Hyper-V Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: VMSMP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2019 12:55:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2125

Error: (06/14/2019 12:55:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2125

Error: (06/14/2019 12:55:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2019 12:55:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1062

Error: (06/14/2019 12:55:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1062

Error: (06/14/2019 12:55:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/13/2019 11:42:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2500

Error: (06/13/2019 11:42:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2500


System errors:
=============
Error: (06/14/2019 09:11:15 AM) (Source: DCOM) (EventID: 10016) (User: CODER)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user CODER\Administrator SID (S-1-5-21-2378293659-431221962-3870085809-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/14/2019 08:57:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/14/2019 08:45:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/14/2019 08:42:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/14/2019 08:42:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/14/2019 08:42:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/14/2019 08:42:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/13/2019 08:41:10 PM) (Source: DCOM) (EventID: 10016) (User: CODER)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user CODER\Administrator SID (S-1-5-21-2378293659-431221962-3870085809-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-04-11 08:37:07.615
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../Wirekeyview&threatid=2147657007&enterprise=0
Name: HackTool:Win32/Wirekeyview
ID: 2147657007
Severity: High
Category: Tool
Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\wirelesskeyview.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\wirelesskeyview.exe->(UPX)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-11 08:37:07.612
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../PasswordFox&threatid=2147670744&enterprise=0
Name: HackTool:Win32/PasswordFox
ID: 2147670744
Severity: High
Category: Tool
Path: file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\passwordfox.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-11 08:37:07.610
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in32/Netpass&threatid=2147605535&enterprise=0
Name: HackTool:Win32/Netpass
ID: 2147605535
Severity: High
Category: Tool
Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\netpass.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\netpass.exe->(UPX)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-11 08:37:07.608
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...Mailpassview&threatid=2147571412&enterprise=0
Name: HackTool:Win32/Mailpassview
ID: 2147571412
Severity: High
Category: Tool
Path: file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\mailpv.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-11 08:37:07.606
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...n32/Passview&threatid=2147597639&enterprise=0
Name: HackTool:Win32/Passview
ID: 2147597639
Severity: High
Category: Tool
Path: containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\iepv.exe;containerfile:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\rdpv.exe;file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\iepv.exe->(UPX);file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\rdpv.exe->(UPX);file:_L:\Applications\Portable Application For Use\nirsoft_package_1.11.55\NirSoft\sniffpass.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.351.0, AS: 1.265.351.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14700.5, NIS: 2.1.14600.4

Date: 2018-04-10 15:24:42.142
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.351.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 15:24:42.142
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 15:24:42.134
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.351.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 15:24:42.134
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.351.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-04-10 15:24:42.133
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.351.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2019-06-14 09:13:25.424
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-14 09:13:25.422
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-14 09:13:03.206
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-14 09:13:03.203
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-14 09:12:53.080
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-14 09:12:53.077
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-14 09:12:49.883
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-14 09:12:49.879
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.12 11/08/2017
Motherboard: KBL Charmander_KL
Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 37%
Total physical RAM: 12163.6 MB
Available physical RAM: 7556.68 MB
Total Virtual: 14019.6 MB
Available Virtual: 10021.01 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:0.76 GB) NTFS
Drive d: (Software) (Fixed) (Total:330 GB) (Free:67.45 GB) NTFS
Drive e: (Data) (Fixed) (Total:600.93 GB) (Free:3.61 GB) NTFS
Drive l: (Files) (Fixed) (Total:4 GB) (Free:0.39 GB) NTFS
Drive m: (PORTABLE) (Fixed) (Total:1.99 GB) (Free:0.21 GB) FAT32
Drive u: (JAVA-ANDROI) (Fixed) (Total:4.99 GB) (Free:0.76 GB) FAT32

\\?\Volume{5617f0d0-8818-4d60-861b-2c1496ee7fed}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{8c0a6d0d-376f-4327-ac68-a09f68a626ea}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 7FA1AE37)

Partition: GPT.

==================== End of Addition.txt ============================

 

[FullStackDev]

Just now , guest11 user again created.. I run FRST again and in result log file ..I see differences.. do you want me send this new FRST and addition files?

 

[Broni]

You're running two AV programs, Avast and Eset. You must uninstall one of them.
Eset normally creates some phantom user as a part of its antitheft feature and I suspect this is that guest11 account.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[FullStackDev]

I uninstall Avast from computer.
and here the Fixlog.txt file