Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 7

Notices

Reply
 
Topic Tools
  #16  
Old January 16th, 2021, 05:10 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
second file part 1:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-01-2021
Ran by Hans (16-01-2021 09:49:22)
Running from C:\Users\Hans\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-26 15:20:30)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-4200521874-2590480824-2585516950-500 - Administrator - Disabled)
Guest (S-1-5-21-4200521874-2590480824-2585516950-501 - Limited - Enabled)
Hans (S-1-5-21-4200521874-2590480824-2585516950-1000 - Administrator - Enabled) => C:\Users\Hans
HomeGroupUser$ (S-1-5-21-4200521874-2590480824-2585516950-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{0099B484-C24C-4D5F-8167-B0F6DF196E72}) (Version: 12.0.3.133 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.4.0.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Awesomium.NET Redistribution Module (HKLM-x32\...\{C34CAF35-6198-4EEB-970F-C61FC51D23BD}) (Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WT089409) (Version: 2.2.0.95 - WildTangent) Hidden
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT089410) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT089443) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT089411) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089412) (Version: 2.2.0.95 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - )
Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (HKLM-x32\...\WT089413) (Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell System Detect (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT089414) (Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (HKLM-x32\...\WT089415) (Version: 2.2.0.95 - WildTangent) Hidden
Escape Whisper Valley (TM) (HKLM-x32\...\WT089434) (Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{42938595-0D83-404D-9F73-F8177FDD531A}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (HKLM-x32\...\{FCDB1C92-03C6-4C76-8625-371224256091}) (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (HKLM-x32\...\{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Farm Frenzy (HKLM-x32\...\WT089450) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT089418) (Version: 2.2.0.95 - WildTangent) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Final Drive Fury (HKLM-x32\...\WT089499) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT089444) (Version: 2.2.0.95 - WildTangent) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
iExplorer (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Internet Explorer (HKLM-x32\...\{AA31EA7B-7917-4000-949B-38E91F848A25}) (Version: 8 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Jewel Quest (HKLM-x32\...\WT089420) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT089422) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.6.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.0 - )
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
Luxor (HKLM-x32\...\WT089507) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.302 - Logitech)
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089440) (Version: 2.2.0.95 - WildTangent) Hidden
netbrdg (HKLM-x32\...\{4537EA4B-F603-4181-89FB-2953FC695AB1}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (HKLM-x32\...\{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}) (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
Penguins! (HKLM-x32\...\WT089445) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089452) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{13A1DA5E-AFBD-491D-95FD-70EFD98A5377}) (Version: 1.18.2309 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{9b222a9c-d2a0-4c06-b687-014fb06a4313}) (Version: 1.18.5.2309 - Plex, Inc.)
Poker Superstars III (HKLM-x32\...\WT089426) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT089508) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT089433) (Version: 2.2.0.95 - WildTangent) Hidden
ProtonVPN (HKLM-x32\...\{074CACAD-CAB4-42A5-9C13-D1245FA9D6D6}) (Version: 1.17.4 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.17.4) (Version: 1.17.4 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
Q-Dir (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Q-Dir) (Version: - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 7.0 - Genie9)
Resilio Sync (HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Resilio Sync) (Version: 2.6.3 - Resilio, Inc.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (HKLM-x32\...\WT089503) (Version: 2.2.0.95 - WildTangent) Hidden
Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (HKLM-x32\...\{5316DFC9-CE99-4458-9AB3-E8726EDE0210}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
staticcr (HKLM-x32\...\{8943CE61-53BD-475E-90E1-A580869E98A2}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Stopping Plex (HKLM-x32\...\{72D77FDA-EFAC-4DA5-A67C-1A74319DCB6D}) (Version: 1.18.2309 - Plex, Inc.) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.5.26.0 - 2BrightSparks)
Synchredible (HKLM-x32\...\Synchredible_is1) (Version: 5.1.0.1 - ASCOMP Software GmbH)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.2-24922 - Synology)
System Requirements Lab for Intel (HKLM-x32\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14484 - TeamViewer)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.10.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089430) (Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WatchSeries version 1.0 (HKLM-x32\...\{55F6C93F-F7A3-4B4F-898C-5D9DE013BA0E}_is1) (Version: 1.0 - WatchSeries)
WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media)
Wedding Dash - Ready, Aim, Love! (HKLM-x32\...\WT089446) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.1.1.30 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 4.5.0.160 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises)
XYplorerFree 17.40 (HKLM-x32\...\XYplorerFree) (Version: 17.40 - Donald Lessau, Cologne Code Company)
Zuma Deluxe (HKLM-x32\...\WT089448) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\17. 0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3Done] -> {581FFA04-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3RO] -> {581FFA03-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers: [ !Resilio Sync 2.6.3RW] -> {581FFA02-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3Done] -> {581FFA04-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3RO] -> {581FFA03-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.6.3RW] -> {581FFA02-FC33-0003-0602-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll [2019-04-06] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-11-17] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (Sonic Solutions -> TODO: <Company name>)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9) [File not signed]
ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Fi lter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Hans\Desktop\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan
ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Chrome Apps\Oriental, NC Interactive Weather Rada.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan
ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan

==================== Loaded Modules (Whitelisted) =============

2011-02-23 16:37 - 2012-04-01 09:02 - 000761856 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2020-02-06 17:23 - 2020-02-06 17:23 - 000629760 _____ () [File not signed] \\?\C:\Users\Hans\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\aac_decoder.dll
2020-02-06 17:23 - 2020-02-06 17:23 - 000393728 _____ () [File not signed] \\?\C:\Users\Hans\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\ac3_encoder.dll
2020-02-01 11:57 - 2020-02-01 11:57 - 001558016 _____ () [File not signed] \\?\C:\Users\Hans\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\h264_decoder.dll
2020-06-27 19:56 - 2020-06-27 19:56 - 000817152 _____ () [File not signed] \\?\C:\Users\Hans\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\hevc_decoder.dll
2020-02-07 23:50 - 2020-02-07 23:50 - 001799680 _____ () [File not signed] \\?\C:\Users\Hans\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\libx264_encoder.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 002225664 _____ () [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 007938048 _____ () [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-02-23 16:23 - 2012-04-01 09:02 - 000264192 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
2006-03-07 09:05 - 2012-04-01 09:02 - 001564672 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2011-02-23 16:21 - 2012-04-01 09:02 - 000356352 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
2011-02-23 16:11 - 2012-04-01 09:02 - 000062464 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2011-02-23 16:39 - 2012-04-01 09:02 - 000078848 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2011-02-23 18:00 - 2012-04-01 09:02 - 000471040 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
2011-02-23 17:00 - 2012-04-01 09:02 - 000684032 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2011-02-23 17:55 - 2012-04-01 09:02 - 011503616 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2011-02-23 16:17 - 2012-04-01 09:02 - 000152576 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2011-02-23 16:24 - 2012-04-01 09:02 - 000084480 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
2011-02-23 16:24 - 2012-04-01 09:02 - 000406016 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
2011-02-23 16:38 - 2012-04-01 09:02 - 000052224 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2011-02-23 16:15 - 2012-04-01 09:02 - 000129536 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
2011-02-23 16:15 - 2012-04-01 09:02 - 000090112 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2011-02-23 16:16 - 2012-04-01 09:02 - 000044544 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2011-02-23 14:25 - 2012-04-01 09:02 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2011-02-23 17:04 - 2012-04-01 09:02 - 000171520 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
2009-09-28 20:19 - 2012-04-01 09:02 - 000868352 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2009-09-28 20:20 - 2012-04-01 09:02 - 002236416 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2009-09-28 20:21 - 2012-04-01 09:02 - 001396736 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2009-09-28 20:20 - 2012-04-01 09:02 - 000462848 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2009-09-28 20:19 - 2012-04-01 09:02 - 000782336 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2009-09-28 20:21 - 2012-04-01 09:02 - 000528384 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2009-09-28 20:21 - 2012-04-01 09:02 - 000847872 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2009-09-28 20:19 - 2012-04-01 09:02 - 000155648 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2011-02-23 16:19 - 2012-04-01 09:02 - 000237568 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2011-02-23 16:15 - 2012-04-01 09:02 - 000084480 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2011-02-23 18:02 - 2012-04-01 09:02 - 000339968 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2011-02-23 17:01 - 2012-04-01 09:02 - 000098304 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2011-02-23 16:38 - 2012-04-01 09:02 - 000234496 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2011-02-23 17:05 - 2012-04-01 09:02 - 000315392 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2011-02-23 16:55 - 2012-04-01 09:02 - 000688128 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2011-02-23 16:36 - 2012-04-01 09:02 - 000143360 _____ () [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2020-09-21 03:15 - 2020-09-21 03:15 - 000219935 _____ () [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\liblzo2-2.dll
2020-09-21 03:15 - 2020-09-21 03:15 - 000119167 _____ () [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\libpkcs11-helper-1.dll
2016-12-18 07:38 - 2016-12-18 07:38 - 000741376 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000741376 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl
2016-12-13 05:19 - 2016-12-13 05:19 - 000093696 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCurl.dll
2016-12-13 05:19 - 2016-12-13 05:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.dll
2020-03-05 17:07 - 2016-12-13 05:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000491520 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000491520 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl
2016-12-13 05:19 - 2016-12-13 05:19 - 000058368 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll
2020-03-05 17:07 - 2016-12-13 05:19 - 000058368 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl
2016-12-13 05:18 - 2016-12-13 05:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.dll
2020-03-05 17:07 - 2016-12-13 05:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000054784 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000054784 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000163328 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000371200 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000371200 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000332800 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000332800 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl
2013-02-03 04:21 - 2013-02-03 04:21 - 000045056 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll
2013-02-03 04:21 - 2013-02-03 04:21 - 000097792 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll
2016-12-18 07:38 - 2016-12-18 07:38 - 000087552 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000087552 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl
2013-02-03 06:40 - 2013-02-03 06:40 - 000011264 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.dll
2020-03-05 17:07 - 2013-02-03 06:40 - 000011264 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2012-02-02 04:16 - 2012-02-02 04:16 - 000740864 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.dll
2020-03-05 17:07 - 2012-02-02 04:16 - 000740864 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl
2013-02-03 06:40 - 2013-02-03 06:40 - 000010752 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.dll
2020-03-05 17:07 - 2013-02-03 06:40 - 000010752 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl
2013-02-03 06:40 - 2013-02-03 06:40 - 000031232 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_W2K3.dll
2016-12-18 07:38 - 2016-12-18 07:38 - 000063488 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\XBalloonMsgDll.dll
2019-04-06 21:33 - 2019-04-06 21:33 - 000542208 _____ () [File not signed] C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_53C.dll
2019-04-06 21:33 - 2019-04-06 21:33 - 000480768 _____ () [File not signed] C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_53C.dll
2015-05-26 04:42 - 2015-05-26 04:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.dll
2020-03-05 17:07 - 2015-05-26 04:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.gtl
2012-01-10 12:10 - 2010-09-10 14:57 - 000023040 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
2012-12-09 19:07 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLMAN.DLL
2012-01-10 12:07 - 2010-09-08 11:27 - 000328192 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2012-01-09 22:13 - 2012-03-14 05:00 - 000780288 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\CNMDRAN.DL L
2012-01-09 22:13 - 2012-03-14 05:00 - 003769344 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\CNMUIAN.DL L
2012-01-09 22:14 - 2012-03-14 05:00 - 000030208 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\CNMPDAN.DLL
Reply With Quote


  #17  
Old January 16th, 2021, 05:17 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
second file part 2

2011-02-23 14:28 - 2012-04-01 09:02 - 000028160 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocEGCreatives.dll
2011-02-23 14:30 - 2012-04-01 09:02 - 003727360 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESApp.dll
2011-02-23 14:29 - 2012-04-01 09:02 - 000172032 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESColl.dll
2011-02-23 14:29 - 2012-04-01 09:02 - 000626688 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESDeviceSetup.dll
2011-02-23 14:27 - 2012-04-01 09:02 - 000159744 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
2011-02-23 14:27 - 2012-04-01 09:02 - 000167936 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESPrint.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000018944 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUIWireless.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000212992 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUpload.dll
2011-02-23 14:29 - 2012-04-01 09:02 - 000009728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocPCD.dll
2011-02-23 14:25 - 2012-04-01 09:02 - 000010752 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
2011-02-23 14:30 - 2012-04-01 09:02 - 000073728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBBook.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000073728 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBrowser.dll
2011-02-23 14:26 - 2012-04-01 09:02 - 000151552 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
2011-02-23 14:26 - 2012-04-01 09:02 - 000688128 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
2011-02-23 14:31 - 2012-04-01 09:02 - 000552960 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaEdit.dll
2011-02-23 14:27 - 2012-04-01 09:02 - 000090112 _____ (Eastman Kodak Co.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
2011-02-23 16:54 - 2012-04-01 09:02 - 000794624 _____ (Eastman Kodak Company) [File not signed] [File is in use] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliFacebookAPI.esx
2011-02-23 16:40 - 2012-04-01 09:02 - 000517120 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Acqmod.esx
2011-02-23 16:34 - 2012-04-01 09:02 - 000192512 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\CreativeProjects.esx
2011-02-23 16:50 - 2012-04-01 09:02 - 000374784 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EGCreatives.esx
2011-02-23 17:01 - 2012-04-01 09:02 - 001509376 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESApp.dll
2011-02-23 16:52 - 2012-04-01 09:02 - 001686528 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESColl.esx
2011-02-23 17:03 - 2012-04-01 09:02 - 000122880 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEverestEditPipe.esx
2011-02-23 16:20 - 2012-04-01 09:02 - 000544768 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESFacialRetouch.dll
2011-02-23 16:44 - 2012-04-01 09:02 - 000602112 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESPrint.esx
2011-02-23 16:14 - 2012-04-01 09:02 - 000025600 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESRendezvousInfc.DLL
2011-02-23 16:53 - 2012-04-01 09:02 - 000098816 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESShastaEditPipe.esx
2011-02-23 16:51 - 2012-04-01 09:02 - 000118784 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSlideShow.esx
2011-02-23 16:47 - 2012-04-01 09:02 - 000230400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESUIWireless.esx
2011-02-23 16:45 - 2012-04-01 09:02 - 000790528 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESUpload.esx
2011-02-23 16:35 - 2012-04-01 09:02 - 000141312 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESWireless.esx
2011-02-23 16:29 - 2012-04-01 09:02 - 000710144 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KCat40.dll
2011-02-23 16:22 - 2012-04-01 09:02 - 000078336 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kcor40.dll
2011-02-23 16:18 - 2012-04-01 09:02 - 003293184 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KDCImagePath.esx
2011-02-23 16:32 - 2012-04-01 09:02 - 000959488 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\PTP.esx
2006-03-01 14:34 - 2012-04-01 09:02 - 000208896 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ShastaPath.dll
2011-02-23 16:15 - 2012-04-01 09:02 - 000108544 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UIFx.dll
2011-02-23 16:40 - 2012-04-01 09:02 - 000164864 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBBook.esx
2011-02-23 16:31 - 2012-04-01 09:02 - 000102400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBrowser.esx
2011-02-23 16:24 - 2012-04-01 09:02 - 000614400 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaDB.esx
2011-02-23 17:07 - 2012-04-01 09:02 - 000512000 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaEdit.esx
2011-02-23 16:36 - 2012-04-01 09:02 - 000698368 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaImage.dll
2011-02-23 16:33 - 2012-04-01 09:02 - 000847872 _____ (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\XMIApi.esx
2011-02-23 16:26 - 2012-04-01 09:02 - 000139776 _____ (Eastman Kodak) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AddressBook.esx
2016-12-18 07:38 - 2016-12-18 07:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000174592 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSOnlineProtocol.dll
2020-03-05 17:07 - 2016-12-18 07:38 - 000098816 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl
2020-03-05 17:07 - 2016-12-18 07:38 - 000637952 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineNSE.gtl
2020-03-05 17:07 - 2016-12-13 07:44 - 001504256 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineShellRes.gtl
2016-12-18 07:38 - 2016-12-18 07:38 - 000090624 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSUpdater.dll
2016-12-13 05:19 - 2016-12-13 05:19 - 000648704 _____ (Genie-Soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieAFX.dll
2016-12-13 05:18 - 2016-12-13 05:18 - 000029184 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEnManager.dll
2016-12-13 05:18 - 2016-12-13 05:18 - 000113152 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSGlobalMFC.dll
2016-12-13 05:19 - 2016-12-13 05:19 - 000036352 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSSEMGR.dll
2016-12-13 05:19 - 2016-12-13 05:19 - 000152064 _____ (Genie-Soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSSMTP.dll
2016-12-07 13:44 - 2016-12-07 13:44 - 000373248 _____ (IntelleSoft) [File not signed] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll
1999-07-19 14:47 - 2012-04-01 09:02 - 000229888 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTDIS10N.dll
1999-03-28 21:42 - 2012-04-01 09:02 - 000221184 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTEFX10N.dll
1999-07-19 14:48 - 2012-04-01 09:02 - 000108032 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTFIL10N.DLL
1999-07-19 14:49 - 2012-04-01 09:02 - 000114176 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTIMG10N.dll
1999-07-19 14:46 - 2012-04-01 09:02 - 000297984 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LTKRN10N.dll
2019-03-27 23:34 - 2019-03-27 23:34 - 000130560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_64\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\Sy stem.EnterpriseServices.Wrapper.dll
2011-12-28 00:01 - 2011-12-28 00:01 - 000479232 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm 80.dll
2003-01-29 14:10 - 2003-01-29 14:10 - 000764928 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DbgHelp.dll
2003-03-18 20:14 - 2012-04-01 09:02 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MSVCP71.dll
2003-02-21 03:42 - 2012-04-01 09:02 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MSVCR71.dll
2003-03-18 20:14 - 2003-03-18 20:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\MSVCP71.dll
2003-02-21 04:42 - 2003-02-21 04:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\MSVCR71.dll
2011-12-28 00:01 - 2011-12-28 00:01 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 .DLL
2011-12-28 00:01 - 2011-12-28 00:01 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 U.DLL
2011-12-28 00:01 - 2011-12-28 00:01 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MF C80ENU.DLL
2008-06-12 13:36 - 2012-04-01 09:02 - 004055040 _____ (SOLIDFX, LLC) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MediaEngine.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 003501056 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\htmlayout.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 000222720 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libcurl.dll
2012-02-02 04:16 - 2012-02-02 04:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\LIBEAY32.dll
2020-03-05 17:07 - 2012-02-02 04:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libeay32.gtl
2012-02-02 04:16 - 2012-02-02 04:16 - 000301568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\SSLEAY32.dll
2020-09-21 03:15 - 2020-09-21 03:15 - 003849101 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\libcrypto-1_1-x64.dll
2020-09-21 03:15 - 2020-09-21 03:15 - 001096971 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\libssl-1_1-x64.dll
2011-02-23 16:26 - 2012-04-01 09:02 - 000222208 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\CameraCollection.esx
2011-02-23 16:44 - 2012-04-01 09:02 - 000291840 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESDeviceSetup.esx
2011-02-23 16:38 - 2012-04-01 09:02 - 000077824 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESFlickrAPI.esx
2011-02-23 16:11 - 2012-04-01 09:02 - 000241664 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\FlickrAPI.dll
2010-11-17 10:28 - 2010-11-17 10:28 - 000111616 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\DiscMgrAPI.DLL
2011-04-29 18:13 - 2011-04-29 18:13 - 018908672 _____ (Unlimited Realities) [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2011-10-15] (Canon Inc. -> CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2011-10-15] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Toolbar: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] (WOT Services Oy -> )

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7721 more sites.

IE trusted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12539 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2012-08-19 20:29 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoo t%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowe rShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared;C:\Program Files (x86)\Roxio\OEM\AudioCore;C:\Program Files (x86)\QuickTime\QTSystem;%systemroot%\System32\Win dowsPowerShell\v1.0\;%systemroot%\System32\Windows PowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
DNS Servers: 10.18.0.1 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{673BAE18-6223-454E-8C96-A404DC8391FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1C205064-3431-405D-A20E-976D1F578CF1}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{0CB602E4-73BC-4E67-8793-99A5073FAD29}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{06CB4B9E-165D-4EA8-A94F-886C09AC01F5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{1ED14FE4-B8CF-4A9C-BDEF-2C477BE6B492}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{A6CEA8AA-5396-488D-B1AD-A2DBCE4130D8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [TCP Query User{80D10834-2555-4921-A011-9BD86B64361F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{07E6E5AE-22BE-4DF1-A9F3-C8D24A76381B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File
FirewallRules: [{56EA8C79-82B6-466B-84F9-58DC74CFBDEB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{784800E0-76E8-49F9-97EC-2A11D051857A}] => (Allow) LPort=2869
FirewallRules: [{BADCDFE7-9F62-44B2-A289-DD48C4575314}] => (Allow) LPort=1900
FirewallRules: [{21B926DC-87BC-43BB-8E63-B45D2E591000}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5FEE0B98-2EEE-4164-B27E-5E8345712187}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{F167EFD9-0D2B-423E-AF94-92F284AE0B9C}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [TCP Query User{DC70B0E8-B491-4E28-A717-821F5018286D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0B4CF4E2-8E00-41C0-B754-8FC5D3AAC65D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{573A03D1-54F0-4018-A65A-B725D9066CDD}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{82B9417A-EE6F-4DEB-A7F3-6D1976BCF2F5}] => (Allow) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{78115ACF-B1B1-4568-9A6D-C6E92FF58F14}] => (Allow) C:\Windows\SysWOW64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FB66895A-C0D4-43C5-8876-827293C7AB6F}] => (Allow) C:\Windows\SysWOW64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [TCP Query User{0E05BE06-51C6-43B3-B1F1-AFE4BF42BF19}C:\windows\syswow64\explorer.exe] => (Allow) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{119CF0E3-DE7C-4C94-AAA9-B056D38D4581}C:\windows\syswow64\explorer.exe] => (Allow) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
FirewallRules: [{92C8FB58-CB64-4DFB-BD3F-96F1A08855C6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DF33EF06-3E91-4442-82CA-45C02D012CCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5DC4BE5-0698-469D-853A-E412000D9AEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E6B8C4CA-3985-492D-9129-AC326448373C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2703FD34-D72D-4B4F-9DC9-CFCC5D36690B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{DE4BB905-1F70-4EBB-9F53-46CD1476D813}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{BFD561A2-BE79-4718-80AA-B8DFE0ADBD9F}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{0CDAD4C7-83B9-4124-958E-DA0A24199B10}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{4D3DB4CB-9C93-41F2-A5FD-3E776F60DE57}C:\program files (x86)\smart view\smart view.exe] => (Block) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{6D7930DA-F279-4584-8962-B479F7E86994}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{EC43C18E-7120-43AD-BACE-FD874FB4C638}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{57AAB2EB-82D0-4FC3-867A-5DAE6C9F82A3}] => (Allow) C:\Users\Hans\AppData\Roaming\Resilio Sync\Resilio Sync.exe (Resilio, Inc -> Resilio, Inc.)
FirewallRules: [{865DCC19-005A-477F-85B7-DC884EC1A3E7}] => (Allow) C:\Users\Hans\AppData\Roaming\Resilio Sync\Resilio Sync.exe (Resilio, Inc -> Resilio, Inc.)
FirewallRules: [{A31116D1-A8F6-46D2-8C06-A9E3FC458024}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{8CD20C05-A030-4A57-8B0E-75FC3C274C7E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{5C907A8D-92B0-4A12-95FD-3A5EAEA93ED8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{4FFB93F8-98D6-45F1-A0A6-B722E625EEAA}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [TCP Query User{5F4701F9-1D45-451F-9263-E5FBC59F92FC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [UDP Query User{2C34CC31-EDF1-4EC8-BC81-C3BB19CF2917}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [{8374C504-754C-4211-9E9C-008F03A1757A}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [{5F5D77F1-7A52-443A-AE3D-78ABE7822EDA}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [{3DBFD78A-48ED-44F9-9AFF-574D28E2B741}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

14-01-2021 17:01:55 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/16/2021 08:44:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x132c
Faulting application start time: 0x01d6ec0da809400b
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: eddb005b-5800-11eb-928d-f04da2fb7194

Error: (01/16/2021 08:43:38 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2021 08:42:09 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1008) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 5861376 (0x0000000000597000) (database page 1430 (0x596)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was [5d0a22f5cb849261] and the actual checksum was [100f6ff0cb84da61]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (01/16/2021 09:10:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2021 09:10:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x12b4
Faulting application start time: 0x01d6ec1148a82307
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: 89a8da89-5804-11eb-8b21-f04da2fb7194

Error: (01/16/2021 09:08:38 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1060) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 5861376 (0x0000000000597000) (database page 1430 (0x596)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was [5d0a22f5cb849261] and the actual checksum was [100f6ff0cb84da61]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (01/16/2021 09:08:38 AM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1060) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 5861376 (0x0000000000597000) (database page 1430 (0x596)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was [5d0a22f5cb849261] and the actual checksum was [100f6ff0cb84da61]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (01/16/2021 09:04:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception code: 0xc0000005
Fault offset: 0x0001af76
Faulting process id: 0x1278
Faulting application start time: 0x01d6ec1072d35d9f
Faulting application path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Report Id: b3eda802-5803-11eb-9376-f04da2fb7194


System errors:
=============
Error: (01/16/2021 09:45:12 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/16/2021 09:45:11 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/16/2021 08:47:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (01/16/2021 08:46:36 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/16/2021 09:12:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/16/2021 09:06:14 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/16/2021 09:03:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.

Error: (01/16/2021 09:02:46 AM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: Microsoft Antimalware engine has been terminated due to an unexpected error.

Failure Type: Crash

Exception code: 0xc0000005

Resource:


Windows Defender:
===================================
Date: 2014-11-09 17:43:27.405
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{400753C1-16D6-4256-804A-A82D48987A40}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2014-11-09 10:08:00.033
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{76775AE8-FD8D-4535-9B6C-C8BDF3A9EACF}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2012-08-11 21:41:01.835
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{C0A97D8E-B54F-4615-AAC7-E7E2603BBE60}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2012-01-15 11:37:16.215
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?link...threatid=13052
Name:RemoteAccess:Win32/TightVNC
ID:13052
Severity:Medium
Category:Remote Control Software
Path Found:containerfile:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe;containerfile:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe;file:C:\Users\Hans\Documents\Downloads\Unin stalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Documents\Downlo ads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000056);file:C:\Users\Hans\Downloads\My Documents\Downloads\Uninstalled\crossloopsetup v2-20.exe->(inno#000057)
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe

CodeIntegrity:
===================================

Date: 2016-12-19 19:59:05.519
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:59:05.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:43.652
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:43.589
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:41.733
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:58:41.668
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:57:57.274
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-19 19:57:57.211
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A00 04/12/2011
Motherboard: Dell Inc. 0GDG8Y
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 56%
Total physical RAM: 8104.63 MB
Available physical RAM: 3510.39 MB
Total Virtual: 16207.4 MB
Available Virtual: 11129.15 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:40.61 GB) NTFS
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
Drive h: (Windows) (Network) (Total:222.33 GB) (Free:67.1 GB) NTFS

\\?\Volume{b2abe718-c944-11e0-9762-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.81 GB) (Free:6.19 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 626C198E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================



Hans
Reply With Quote
  #18  
Old January 16th, 2021, 09:49 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
from BlueScreenVeiw

011621-23244-01.dmp 1/16/2021 3:06:11 PM MEMORY_MANAGEMENT 0x0000001a 00000000`00041790 fffffa80`05f02560 00000000`0000ffff 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\011621-23244-01.dmp 4 15 7601 278,560 1/16/2021 3:07:15 PM

edited to add booted back into safe mode

Last edited by Han Solo; January 16th, 2021 at 09:53 PM. Reason: add last sentence
Reply With Quote
  #19  
Old January 17th, 2021, 12:23 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Hi Hans;

Very Good Job.

I haven't investigated the blue screen problem yet. We'll see later.

--------------------

I see a lot of VPN software in your logs.Are you using all of these? Remove what you don't want to use. If you tell me, add them to the Farbar delete list.

ProtonVPN
SetupVPN - Lifetime Free VPN
Browsec VPN - Free VPN for Chrome
TunnelBear VPN
Hotspot Shield Free VPN Proxy - Unlimited VPN
Windscribe - Free Proxy and Ad Blocker
Hola Free VPN Proxy Unblocker - Best VPN

---------------------------------------------------------------

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

I am seeing multiple bugs of ArcSoft software. Can you tell us about this software. You could do a repair on this software.

---------------------------------------------------------------

Programs uninstall:
  • Click on the Windows Start Menu button and then click on the Control Panel.
  • Please double-click the Uninstall a program icon
  • A list of programs installed will be populated this may take a bit of time.
  • Please uninstall the following softwares and applications, if they are present :
Adobe Flash Player
FileHippo.com Update Checker
Google Update Helper
Malwarebytes Anti-Malware version 2.2.1
Mozilla Maintenance Service


-----------------------------------------------------------------

Let me know when you get these things done.

Have a nice weekend.
Reply With Quote
  #20  
Old January 17th, 2021, 04:23 AM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Hi

This latest blue screen occurred after did the repair disk and farbar logs.. was just browsing minimally.. a couple of chrome tabs went oh snap and then bsod. Thought it might be helpful info so included what i could from the viewer..

----

Tried alot of vpn software to find something that was fast, free and unlimited.. only using the ProtonVPN..

uninstalled all of the ones on your list as well as:

VPN Free- Betternet
FreeVPN Proxy Unlimited

All of the uninstalled VPN software were chrome extensions.. there are a bunch of other unused extensions that can also be deleted.

----

Matter of fact there is bunch of software on this pc that I don't use.. the plan was to uninstall everything unnecessary in preparation for SSD upgrade to windows 10

----

Arcsoft is a photo/card printing software that i think came preinstalled from Dell... or might have been part of the Canon printer software bundle.. uninstalled it.. gave a message saying that arcsnap.ax may no longer be needed but may prevent other applications from running correctly - uninstalled it too.

----

As for other programs to uninstall:

Uninstalled all of those on your list except for Google update helper.. couldn't find it.

For Adobe flash player: uninstalled:
Adobe Flash Player 32ActiveX and
Adobe Flash Player 32NPAPI

Hans
Reply With Quote
  #21  
Old January 17th, 2021, 01:54 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Hi Hans
Step 1:
Run FRST fixlist
  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
-----------------------------------------------------
Start
CreateRestorePoint:
CloseProcesses:

GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan
FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File
FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
Task: {F15BA0EF-5B72-42B2-B343-928E8E85294F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
CHR DefaultSearchURL: Default -> hxxps://vortex.accuweather.com/adc2010/images/favicons/awx-2013-master.ico
CHR DownloadDir: N:\
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06]
CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16]
CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18]
CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.)
R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> )
R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project)
C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL
C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL
C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"", Fi lter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]


cmd: net stop cryptSvc
cmd: ren C:\Windows\System32\catroot2 Catroot2.old
cmd: net start cryptSvc


CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: Removeproxy
EmptyTemp:
Hosts:
Reboot:
End
---------------------------------
NOTICE: This script is written specifically for this computer!!!
  • Running this on another computer may cause damage to the Operating System.
  • Now, Please run FRST as administrator, and press theFix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt
>> Please post the Fixlog.txt in your reply.
================================================== ====
Any issue ?

Step 2:
AdwCleaner - Clean

Please download AdwCleaner by Xplode onto your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Please check the following boxes and then click Quarantine
  • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
      • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
  • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear ...
    • Click Restart Now
  • Once your computer has restarted ...
    • If it doesn't open automatically, please start ADWCleaner ...
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.
---------------------------------------------------
In your next reply, please include:
  • AdwCleaner[C0*].txt
Step 3:
Run Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here:
  • Run the program
  • click on Scan
  • Malwarebytes will then run an update and begin the scan
  • When the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard
==============================================
Have a nice day.

Last edited by olgun52; January 17th, 2021 at 02:55 PM.
Reply With Quote
  #22  
Old January 17th, 2021, 06:49 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
question: should I be running these three steps in safe mode or full windows?

had booted back into safe mode after last blue screen and didn't think of it but last 2 times ran FRST was in full windows.. so had ran step 1 in safe mode

please advise if should continue with steps 2 &3 in full windows and repeat step 1 in full windows or reboot into safe mode and continue with steps 2 &3..

after FRST ran got a message that a file in chrome, I think, was corrupted and that it would run chkdsk after reboot.. rebooted fine but got 2 dialog box messages from ProtonVPN. the first message advised that the application is missing a required file and to repair the installation by hitting the "repair" button. the second message advised that service required for the VPN connection seems disabled and to enable it by hitting the "enable" button.

should I do these two things for ProtonVPN then continue in full windows and redo step one in full windows or goto safe mode and continue or skip both ProtonVPN messages and continue in full windows and redo step 1 in full windows or goto safe mode and continue?

only poked around a little.. windows full seems ok but have kept activity to minimum to avoid another blue screen..

Thank you, Hans

here is what I have so far:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-01-2021
Ran by Hans (17-01-2021 09:57:23) Run:1
Running from C:\Users\Hans\Desktop
Loaded Profiles: Hans
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan
FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File
FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
Task: {F15BA0EF-5B72-42B2-B343-928E8E85294F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
CHR DefaultSearchURL: Default -> hxxps://vortex.accuweather.com/adc2010/images/favicons/awx-2013-master.ico
CHR DownloadDir: N:\
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06]
CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16]
CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18]
CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.)
R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> )
R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project)
C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL
C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL
C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"", Fi lter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]


cmd: net stop cryptSvc
cmd: ren C:\Windows\System32\catroot2 Catroot2.old
cmd: net start cryptSvc


CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: Removeproxy
EmptyTemp:
Hosts:
Reboot:
End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} => removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk => Shortcut argument removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{559A8 DCE-8B1D-4FA1-842E-4A6054CA33D5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F15BA0 EF-5B72-42B2-B343-928E8E85294F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F15BA0 EF-5B72-42B2-B343-928E8E85294F}" => removed successfully
C:\Windows\System32\Tasks\ProtonVPN Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtonVP N Update" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
CHR DownloadDir: N:\ => Error: No automatic fix found for this entry.
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18] => Error: No automatic fix found for this entry.
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12] => Error: No automatic fix found for this entry.
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06] => Error: No automatic fix found for this entry.
CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16] => Error: No automatic fix found for this entry.
CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18] => Error: No automatic fix found for this entry.
CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06] => Error: No automatic fix found for this entry.
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06] => Error: No automatic fix found for this entry.
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \lifbcibllhkdhoafpjfnlhfpfgnpldfl => removed successfully
HKLM\System\CurrentControlSet\Services\NOBU => removed successfully
NOBU => service removed successfully
HKLM\System\CurrentControlSet\Services\ProtonVPN Service => removed successfully
ProtonVPN Service => service removed successfully
HKLM\System\CurrentControlSet\Services\ProtonVPN Update Service => removed successfully
ProtonVPN Update Service => service removed successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully
AppMgmt => service removed successfully
HKLM\System\CurrentControlSet\Services\ProtonVPNSp litTunnel => removed successfully
ProtonVPNSplitTunnel => service removed successfully
tapprotonvpn => Unable to stop service.
HKLM\System\CurrentControlSet\Services\tapprotonvp n => removed successfully
tapprotonvpn => service removed successfully
"C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION . URL" => not found
"C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_I N STRUCTION.URL" => not found
"C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.U R L" => not found
"CommandLineEventConsumer.Name=\"BVTConsumer\" ", Fi lter="__EventFilter.Name=\"BVTFilter\"" => not found
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully

========= net stop cryptSvc =========

The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.


========= End of CMD: =========


========= ren C:\Windows\System32\catroot2 Catroot2.old =========


========= End of CMD: =========


========= net start cryptSvc =========

The Cryptographic Services service is starting.
The Cryptographic Services service was started successfully.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.



========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= Removeproxy =========

'Removeproxy' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88930983 B
Java, Flash, Steam htmlcache => 612 B
Windows/system/drivers => 51327725 B
Edge => 0 B
Chrome => 615553943 B
Brave => 0 B
Firefox => 112710451 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 166968 B
systemprofile32 => 287959 B
LocalService => 287959 B
NetworkService => 55828657 B
Hans => 561982860 B

RecycleBin => 26277204042 B
EmptyTemp: => 25.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:00:15 ====
Reply With Quote
  #23  
Old January 17th, 2021, 08:25 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Quote:
should I be running these three steps in safe mode or full windows?
Please run it in normal mode.

Quote:
should I do these two things for ProtonVPN
You can do


Quote:
only poked around a little.. windows full seems ok but have kept activity to minimum to avoid another blue screen..
I used a few commands for the blue screen problem. To fixlist content. You continue to use the computer normally.So let's test the PC. OK !
Reply With Quote
  #24  
Old January 17th, 2021, 08:29 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
should i redo step one in normal mode?
Reply With Quote
  #25  
Old January 17th, 2021, 08:38 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Quote:
should i redo step one in normal mode?
Yes please.
Reply With Quote
  #26  
Old January 17th, 2021, 08:46 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
ok,

if do the 2 things for ProtonVPN would redoing step one undo them again?
Reply With Quote
  #27  
Old January 17th, 2021, 09:00 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
I think it will work.
Reply With Quote
  #28  
Old January 17th, 2021, 09:10 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
will run steps now and post all results in a little while.. thanks hans
Reply With Quote
  #29  
Old January 18th, 2021, 04:41 PM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Hey there,

After ran FRST and it rebooted (didnt run chkdsk this time) back to full windows, got the 2 ProtonVPN messages again.. so hit the repair button from the first message and ProtonVPN updated and installed and was fine..

Also got 2 windows firewall messages that advised it blocked some features of Plex media server and Python (which is part of Plex) but canceled out of those as will be moving Plex server to Nas..

---

Downloaded Adwcleaner and it advised update was available so updated and Ran the scan and think might have messed up the steps a little as it looked options in software didn't quite line up to directions after the scan for a few steps (maybe because updated) as thought the pre-installed programs, (which really wanted to delete but left alone following recommendation), would have been quarantined but weren't.

Also didn't get prompt to reboot pc so rebooted it manually and when started up again the aero theme and transparency was gone and task bar went from black to blue but seemed pretty snappy.. At first thought that maybe preinstalled programs were quarantined changing the theme..

---

Did Malwarebytes fine.. think it prompted me to reboot, don't remember exactly but after reboot aero theme and transparency was back as well as the black taskbar..

Was using the computer lightly browsing here and there and seemed good.. occasionally a tab in chrome would go oh snap after loading.. sometimes more than one tab at a time and then blue screen.. managed to get the message after pc rebooted but it was slow going.. after reboot pc was slow for a while and most programs were unresponsive or pretty slow until message that Windows has recovered from an unexpected shutdown appeared.. after that pc seemed to get better. Here is the message:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: FFFFBA800A284D08
BCP2: 0000000000000000
BCP3: FFFFF800022B3143
BCP4: 0000000000000007
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\011721-23665-01.dmp
C:\Users\Hans\AppData\Local\Temp\WER-99981-0.sysdata.xml


Here is also bluescreen veiw:

011721-23665-01.dmp 1/17/2021 8:57:09 PM PAGE_FAULT_IN_NONPAGED_AREA 0x00000050 ffffba80`0a284d08 00000000`00000000 fffff800`022b3143 00000000`00000007 ntoskrnl.exe ntoskrnl.exe+93ba0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.24384 (win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe+93ba0 C:\Windows\Minidump\011721-23665-01.dmp 4 15 7601 278,560 1/17/2021 8:58:33 PM


I think Malwarebytes was still open when bluescreen occured as program won't start now..

pc is in safe mode now..

Hans


first log:


Fix result of Farbar Recovery Scan Tool (x64) Version: 17-01-2021
Ran by Hans (17-01-2021 15:15:03) Run:2
Running from C:\Users\Hans\Desktop
Loaded Profiles: Hans
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mbkkhmpidoemedicppkhfklljppccaan
FirewallRules: [{559A8DCE-8B1D-4FA1-842E-4A6054CA33D5}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\Sky Drive.exe => No File
FirewallRules: [TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe => No File
FirewallRules: [TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe => No File
FirewallRules: [TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
FirewallRules: [UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe => No File
Task: {F15BA0EF-5B72-42B2-B343-928E8E85294F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
CHR DefaultSearchURL: Default -> hxxps://vortex.accuweather.com/adc2010/images/favicons/awx-2013-master.ico
CHR DownloadDir: N:\
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06]
CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16]
CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18]
CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-25] (Symantec Corporation -> Dell, Inc.)
R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> )
R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project)
C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL
C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL
C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"", Fi lter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]


cmd: net stop cryptSvc
cmd: ren C:\Windows\System32\catroot2 Catroot2.old
cmd: net start cryptSvc


CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: Removeproxy
EmptyTemp:
Hosts:
Reboot:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Windows\system32\GroupPolicy\Machine" => not found
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} => not found
"C:\ProgramData\Temp" => ":5C321E34" ADS not found.
C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oriental Weather.lnk => Shortcut argument removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{559A8 DCE-8B1D-4FA1-842E-4A6054CA33D5}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{684394E7-EA52-4B35-925A-8623013DC1E4}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{41DA95D7-A999-4945-8E1C-72BF6A147B78}C:\programdata\windows genuine advantage\{3b9287ed-7546-40fa-a463-441bd82ddf2d}\msiexec.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2A65CE14-3731-406C-8473-13AC8646D02C}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F338DE2E-04AD-4594-9CD1-123AED2AD808}C:\programdata\windows genuine advantage\{ec51d003-ed16-4d7a-a15e-c06a631419ca}\msiexec.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CE46814A-1516-4E06-B8C3-D663FEEBC10F}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{641D4311-0D04-44DC-BE58-A5E229FF4075}C:\programdata\windows genuine advantage\{307b09d4-4088-4cb6-b65f-fce619322b50}\msiexec.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F15BA0 EF-5B72-42B2-B343-928E8E85294F}" => not found
C:\Windows\System32\Tasks\ProtonVPN Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtonVP N Update" => removed successfully
"Chrome DefaultSearchURL" => not found
CHR DownloadDir: N:\ => Error: No automatic fix found for this entry.
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpo ekiipm [2020-10-18] => Error: No automatic fix found for this entry.
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2021-01-12] => Error: No automatic fix found for this entry.
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2021-01-06] => Error: No automatic fix found for this entry.
CHR Extension: (Free VPN Proxy Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojliakllambnopeaalgddbiip ohdgol [2020-12-16] => Error: No automatic fix found for this entry.
CHR Extension: (Hotspot Shield Free VPN Proxy - Unlimited VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloa ajcffj [2020-10-18] => Error: No automatic fix found for this entry.
CHR Extension: (TunnelBear VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2021-01-06] => Error: No automatic fix found for this entry.
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdo dcjboh [2021-01-06] => Error: No automatic fix found for this entry.
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaen ockbdp [2020-10-18] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \efaidnbmnnnibpcajpcglclefindmkaj => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \lifbcibllhkdhoafpjfnlhfpfgnpldfl => not found
NOBU => service not found.
HKLM\System\CurrentControlSet\Services\ProtonVPN Service => removed successfully
ProtonVPN Service => service removed successfully
HKLM\System\CurrentControlSet\Services\ProtonVPN Update Service => removed successfully
ProtonVPN Update Service => service removed successfully
AppMgmt => service not found.
HKLM\System\CurrentControlSet\Services\ProtonVPNSp litTunnel => removed successfully
ProtonVPNSplitTunnel => service removed successfully
tapprotonvpn => Unable to stop service.
HKLM\System\CurrentControlSet\Services\tapprotonvp n => removed successfully
tapprotonvpn => service removed successfully
"C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION . URL" => not found
"C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_I N STRUCTION.URL" => not found
"C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.U R L" => not found
"CommandLineEventConsumer.Name=\"BVTConsumer\" ", Fi lter="__EventFilter.Name=\"BVTFilter\"" => not found
"BVTFilter" => not found
"BVTConsumer" => not found

========= net stop cryptSvc =========

The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.


========= End of CMD: =========


========= ren C:\Windows\System32\catroot2 Catroot2.old =========

A duplicate file name exists, or the file
cannot be found.

========= End of CMD: =========


========= net start cryptSvc =========

The Cryptographic Services service is starting.
The Cryptographic Services service was started successfully.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= Removeproxy =========

'Removeproxy' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3152264 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 13358 B
Edge => 0 B
Chrome => 206826775 B
Brave => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 128 B
NetworkService => 3518 B
Hans => 589585 B

RecycleBin => 0 B
EmptyTemp: => 208.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:16:10 ====


second log:



# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build: 01-11-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-17-2021
# Duration: 00:00:01
# OS: Windows 7 Home Premium
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Amazon Assistant for Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [9330 octets] - [17/01/2021 15:39:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########



third log:



Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/17/21
Scan Time: 4:59 PM
Log File: 3dc1aff6-590f-11eb-8273-f04da2fb7194.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1146
Update Package Version: 1.0.35899
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: PC\Hans

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 271422
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 8 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
Reply With Quote
  #30  
Old January 18th, 2021, 07:51 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Hi Hans,

For MalwareBytes, do this;
Settings > Security > Windows startup --> OFF
After that, it will not open with windows.
==================================================

So we're back to the beginning again.

win7sp1_ldr_escrow.190220-1800) x64 ntoskrnl.exe + 93ba0 and bluescreen

I think the above problem is at the root of the problem.

Experience has shown me these issues can become quite complex and deeply rooted into a system, so much so that I am careful to not get myself in the position of possibly doing more harm than good. Whereas I have received training in malware issues, my training in Windows Update issues is slight at best. If I come to the conclusion you would be far better served by referring you to experts in the field I will quickly do so.

OK, let's start with this.

Step:1 - Run SFC Scan
  • Click Start then type cmd
  • Right click on cmd (or Command Prompt) above and select Run as administrator
  • Type sfc /scannow and hit Enter
  • If the result is Windows Resource Protection did not find any integrity violations then complete Step 2
Step:2 -

For Windows 7

Type Command Prompt in the Search box, right-select Command Prompt, and then select Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or select Allow.

Type the following command, and then press Enter. It may take several minutes for the command operation to be completed.

PLease do;

DISM.exe /Online /Cleanup-image /Restorehealth
DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess
sfc /scannow


DISM creates a log file (%windir%/Logs/CBS/CBS.log) that captures any issues that the tool found or fixed. %windir% is the folder in which Windows is installed. For example, the %windir% folder is C:\Windows.

To resolve this problem, install service pack again.


Download the package now for x64-based (64-bit) version of Windows 7 SP1

Click Yes to allow it to install. This process could take several hours so allow it to run to completion

https://www.microsoft.com/en-us/down....aspx?id=20858

Step:3 - Run SFCFix by Niemiro
  • Download and run SFCFix Official Download - Repair Windows Update
  • Work through any on-screen prompts and then await completion (runtime can be upwards of 15 minutes depending on the options you selected during the on-screen prompts)
  • Once completed, if there are any unrepaired corruptions or unresolved problems with your computer, copy and paste the report in your reply
Step:3 -Upload CBS folder
  • Hit the Windows Key + E at the same time
  • Navigate to, then copy and paste the following folder onto your Desktop:
C:\Windows\Logs\CBS
  • Right click on the CBS folder on your Desktop, select Send to, Compressed (zipped) folder, then save the zipped folder onto your Desktop
  • Upload the zipped folder to Filebin or the file hosting site of your choice
  • Post the download link in your reply
Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it
  • SFC results
  • DISM/SURT results, if applicable
  • SFCFix report, if applicable
  • Uploaded CBS folder

Regards.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 04:07 PM.