• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved CMD Starts And Flashes for 5 seconds


TroyRussia

New Member
Posts
6
#1
I don't know if this is the right thread for my problem but other threads don't look like they're related to my problem.
I don't know when this problem started or what triggers it. A couple of blank CMD windows appear one by one and each on closes in a fraction of a second which doesn't even let me read the title. I did read it by recording the screen with bandicam and I saw the title was C:\Windows\System32\CMD in one of the windows and IPConfig.exe in another. It is really irritating when they minimize my games and show up, especially when I'm playing multi-player games.
I don't torrent much or download pirate games and non genuine applications because I'm used to buying genuine applications. I tried running a full scan with Avast Premier and Eset (Both are genuinely activated) but it didn't fix anything. I searched the net and also used apps like rKill, JunkwareRemoval and AdwCleaner (they did remove other suspicious stuff) but it Didn't help.
 

My Computer

System One

  • OS
    Windows 8.1 Professional

sml156

Member
Member
Posts
115
#2
I would see if you have any corrupt files, Follow this tutorial written by Brink and use Option 2.
https://www.eightforums.com/tutorials/3047-sfc-scannow-command-run-windows-8-a.html#option2

I would also download the free version Of MalwareBytes, Opt out of the trial version. It maybe Malware causing this.
Malwarebytes | Free Cyber Security & Anti-Malware Software

If that finds nothing try Adwcleaner
Malwarebytes | AdwCleaner
or from mirror
Downloading AdwCleaner

I would also make sure Windows is fully updated.
 
Last edited:

My Computer

System One

  • OS
    Windows 10 Pro + 8.1 pro and 7 Utimate
    Computer type
    PC/Desktop
    CPU
    i3 2.53GHz

samuria

New Member
VIP Member
Pro User
crewe cheshire uk

Posts
461
#3
You need to check misconfiguration and task scheduler to see if you can see what's doing it. Chances are it's not malware that's why it's not picked up. Ms OneDrive often runs a CMD to remove OneDrive for update
 

My Computer

System One

  • OS
    win 8 pro
Posts
6
#4
I would see if you have any corrupt files, Follow this tutorial written by Brink and use Option 2.
https://www.eightforums.com/tutorials/3047-sfc-scannow-command-run-windows-8-a.html#option2

I would also download the free version Of MalwareBytes, Opt out of the trial version. It maybe Malware causing this.
Malwarebytes | Free Cyber Security & Anti-Malware Software

If that finds nothing try Adwcleaner
Malwarebytes | AdwCleaner
or from mirror
Downloading AdwCleaner

I would also make sure Windows is fully updated.
Thanks For reply But Running SFC, AdwCleaner or Malwarebytes full scan didn't work (I Have The Licensed Version)
 

My Computer

System One

  • OS
    Windows 8.1 Professional
Posts
6
#5
You need to check misconfiguration and task scheduler to see if you can see what's doing it. Chances are it's not malware that's why it's not picked up. Ms OneDrive often runs a CMD to remove OneDrive for update
Thanks But I have no idea how to do any of that. Could You guide me please?
Thanks in Advanced
Regards
 

My Computer

System One

  • OS
    Windows 8.1 Professional

samuria

New Member
VIP Member
Pro User
crewe cheshire uk

Posts
461
#6
If you run this and post BOTH reports we can see whats going on

Please download and save FRST 64bit or FRST 32 bit to your Desktop.

http://download.bleepingcomputer.com/farbar/FRST.exe

http://download.bleepingcomputer.com/farbar/FRST64.exe

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
 

My Computer

System One

  • OS
    win 8 pro
Posts
6
#7
I forgot to paste additional.txt

If you run this and post BOTH reports we can see whats going on

Please download and save FRST 64bit or FRST 32 bit to your Desktop.

http://download.bleepingcomputer.com/farbar/FRST.exe

http://download.bleepingcomputer.com/farbar/FRST64.exe

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
Thanks for the reply I was in LA so couldn't reply before and Yeah I tried doing the scan you told me here's the FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Freeware Sys (administrator) on TROYRUSSIA (26-08-2017 20:00:24)
Running from C:\Users\Freeware Sys\Desktop
Loaded Profiles: Freeware Sys & UpdatusUser (Available Profiles: Freeware Sys & UpdatusUser)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
() C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe


==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [TNOD UP] => D:\My Files\TNod\TNODUP.exe [6729728 2016-11-20] (Tukero[X]Team)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4338880 2016-02-02] (Disc Soft Ltd)
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4022328 2017-06-24] (Tonec Inc.)
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\Run: [Predator] => C:\Program Files\Predator3\Predator.exe /AUTORUN
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\MountPoints2: {987ddd43-58c2-11e7-824f-00248cc84e2f} - "H:\Autoplay.exe" -auto
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\MountPoints2: {f264df2f-5e2b-11e7-8258-00248cc84e2f} - "I:\SETUP.EXE"
HKU\S-1-5-21-2957348543-2408799180-673264574-1002\...\RunOnce: [WTK_IE_Google_Search] => REG ADD HKCU\Software\Microsoft\Internet Explorer\SearchScopes /v DefaultScope /t REG_SZ /d {637D6E3C-DF93-48A5-8362-159A8AC56B11} /f
HKU\S-1-5-21-2957348543-2408799180-673264574-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2957348543-2408799180-673264574-1002\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2957348543-2408799180-673264574-1002\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2957348543-2408799180-673264574-1002\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-18\...\RunOnce: [WTK_IE_Google_Search] => REG ADD HKCU\Software\Microsoft\Internet Explorer\SearchScopes /v DefaultScope /t REG_SZ /d {637D6E3C-DF93-48A5-8362-159A8AC56B11} /f
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\OSppSvc.exe: [Debugger] [email protected]
Startup: C:\Users\Freeware Sys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Predator.lnk [2017-08-05]
ShortcutTarget: Predator.lnk -> C:\Windows\Installer\{017B444A-4C86-43AC-A9A8-D3C99143E073}\_CA334AD470FCDA2498EA3E.exe (No File)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


ProxyEnable: [S-1-5-21-2957348543-2408799180-673264574-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-2957348543-2408799180-673264574-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
Winsock: Catalog5-x64 01 C:\ProgramData\Windows\System32\Mswapi64.dll [3302400 2017-07-19] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9B4F19FA-57FD-47AD-9074-AA19F172A0EE}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080


Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2957348543-2408799180-673264574-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Freewaresys - Download Free Software
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.in/
HKU\S-1-5-21-2957348543-2408799180-673264574-1002\Software\Microsoft\Internet Explorer\Main,Start Page = Freewaresys - Download Free Software
URLSearchHook: [S-1-5-21-2957348543-2408799180-673264574-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\.DEFAULT -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-2957348543-2408799180-673264574-1001 -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-2957348543-2408799180-673264574-1001 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-2957348543-2408799180-673264574-1002 -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-2957348543-2408799180-673264574-1002 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-09-13] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-17] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-17] (Microsoft Corporation)
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-09-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-09-13] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-09-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-09-13] (Microsoft Corporation)


FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2017-01-13]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-06-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff => not found
FF HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Freeware Sys\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Freeware Sys\AppData\Roaming\IDM\idmmzcc5 [2017-06-24] [not signed]
FF HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-04-26]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-01-13] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-2957348543-2408799180-673264574-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation)


Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-01-13]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-05-10]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-01-13]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-05-10]


Opera:
=======
OPR Extension: (SaveFrom.net helper) - C:\Users\Freeware Sys\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2017-08-26]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1439424 2016-02-02] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2017-07-31] (Macrovision Europe Ltd.) [File not signed]
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2017-02-24] (Foxit Software Inc.)
S4 [email protected]; C:\Windows\[email protected] [26112 2017-06-25] () [File not signed]
R2 mptpmdxm; C:\Windows\SysWow64\mptpmdxm.dll [460584 2015-01-17] () <==== ATTENTION
S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (Seiko Epson Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-17] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-17] (Microsoft Corporation)


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtultrascsibus; C:\Windows\System32\drivers\dtultrascsibus.sys [30264 2017-06-24] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\drivers\dtultrausbbus.sys [47672 2017-06-24] (Disc Soft Ltd)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET)
R1 LanmaMaster; C:\Windows\system32\drivers\lanmamaster.sys [1494120 2015-01-17] () [File not signed] <==== ATTENTION
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R2 UefGdstor; C:\Windows\system32\drivers\UefGdstor.sys [209952 2015-01-17] () <==== ATTENTION
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-01-17] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2015-01-17] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-17] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-08-26 20:00 - 2017-08-26 20:02 - 000020204 _____ C:\Users\Freeware Sys\Desktop\FRST.txt
2017-08-26 20:00 - 2017-08-26 20:00 - 000000000 ____D C:\FRST
2017-08-26 19:59 - 2017-08-26 19:59 - 002395648 _____ (Farbar) C:\Users\Freeware Sys\Desktop\FRST64.exe
2017-08-26 19:56 - 2017-08-26 19:56 - 001792512 _____ (Farbar) C:\Users\Freeware Sys\Desktop\FRST.exe
2017-08-21 13:07 - 2017-08-21 13:07 - 000000000 ____D C:\Users\Freeware Sys\Documents\Adobe
2017-08-20 17:16 - 2017-08-20 17:16 - 000796809 _____ C:\Users\Freeware Sys\Downloads\savefromnet-helper-7.46-1.crx
2017-08-19 14:25 - 2017-08-19 14:25 - 000000000 ____D C:\Games
2017-08-19 13:04 - 2017-08-19 13:04 - 001967348 _____ C:\Users\Freeware Sys\Downloads\netflix_folder_icons_by_snipermirko-db8ro93.rar
2017-08-19 12:25 - 2017-08-19 12:25 - 001051641 _____ C:\Users\Freeware Sys\Downloads\netflix_folder_icon_pack_by_kliesen-d63dlww.zip
2017-08-19 11:42 - 2017-08-19 11:42 - 000479105 _____ C:\Users\Freeware Sys\Downloads\lucifer_tv_series_2015_folder_icon_by_giilpereiraa-d9546x8.rar
2017-08-19 11:37 - 2017-08-19 11:37 - 004420951 _____ C:\Users\Freeware Sys\Downloads\sherlock_tv_folders_by_limav-d7gd62l.rar
2017-08-13 07:26 - 2017-08-13 08:28 - 000000000 ____D C:\Users\Freeware Sys\Desktop\The Shield PS2
2017-08-12 13:04 - 2017-08-12 13:04 - 000000725 _____ C:\Users\Public\Desktop\Update NOD32 license.lnk
2017-08-12 13:02 - 2017-08-12 13:05 - 082880512 _____ C:\Users\Freeware Sys\Desktop\Action Replay Max.iso
2017-08-12 11:11 - 2017-08-12 11:11 - 000324825 _____ C:\Users\Freeware Sys\Downloads\Xploder HDTV Player.7z
2017-08-12 09:26 - 2017-08-21 13:28 - 000000192 _____ C:\Users\Freeware Sys\Desktop\Troy's Wi-Fi SpeedUp.bat
2017-08-06 15:22 - 2017-08-06 15:22 - 000000000 ____D C:\Users\Freeware Sys\Documents\PCSX2
2017-08-06 10:06 - 2017-08-06 10:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
2017-08-06 09:27 - 2017-08-06 09:51 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\ESET
2017-08-06 09:27 - 2017-08-06 09:47 - 000000000 ____D C:\Users\Freeware Sys\AppData\Local\ESET
2017-08-05 22:42 - 2017-08-05 22:42 - 000000000 ____D C:\ProgramData\DataCache
2017-08-05 22:27 - 2017-08-05 22:27 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\excdir
2017-08-05 22:19 - 2017-08-26 17:53 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-08-05 22:19 - 2017-08-05 22:19 - 000000000 ____D C:\Windows\system32\tmp
2017-08-05 22:16 - 2017-08-13 08:17 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-08-05 22:16 - 2017-08-06 09:14 - 000000000 ____D C:\Program Files (x86)\WindowsTM
2017-08-05 22:16 - 2017-08-05 22:39 - 000000000 ____D C:\ProgramData\Cache
2017-08-05 22:16 - 2017-08-05 22:15 - 001611944 _____ (Secure Download Ltd. ) C:\Users\Freeware Sys\Downloads\keygen.exe
2017-08-05 22:16 - 2015-01-17 02:21 - 000460584 _____ C:\Windows\SysWOW64\mptpmdxm.dll
2017-08-05 22:15 - 2017-08-05 22:15 - 000000000 ____D C:\ProgramData\Windows
2017-08-05 21:56 - 2017-08-05 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
2017-08-05 21:56 - 2017-08-05 21:56 - 000000000 ____D C:\Program Files (x86)\Universal Extractor
2017-08-05 21:49 - 2017-08-05 21:49 - 000000000 ____D C:\ProgramData\Rohos
2017-08-05 21:06 - 2017-08-06 09:09 - 000000000 ____D C:\Program Files\Predator3
2017-08-05 21:06 - 2017-08-05 22:13 - 000000000 ____D C:\ProgramData\Predator-Usb
2017-08-05 21:06 - 2017-08-05 21:06 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\Predator-Usb
2017-08-05 21:06 - 2017-08-05 21:06 - 000000000 ____D C:\ProgramData\Microsoft Corporation
2017-08-05 20:48 - 2017-08-05 20:48 - 000001107 _____ C:\Users\Freeware Sys\Cracked.txt
2017-08-05 20:44 - 2017-08-05 20:48 - 000000000 ____D C:\Passwords
2017-08-05 20:36 - 2017-08-05 20:36 - 000000000 ____D C:\Users\Freeware Sys\Documents\PT Location Center ForFree
2017-08-05 19:48 - 2017-08-05 19:48 - 000000899 _____ C:\Users\Freeware Sys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-08-05 19:43 - 2017-07-14 19:58 - 000450112 _____ (Network Tunnel Lab) C:\Windows\SysWOW64\networkdlllsp.dll
2017-08-04 18:59 - 2017-08-04 18:59 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\fltk.org
2017-08-04 18:59 - 2017-08-04 18:59 - 000000000 ____D C:\ProgramData\fltk.org
2017-08-03 10:55 - 2017-08-04 09:56 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\dvdcss
2017-08-02 21:36 - 2017-08-02 21:37 - 000262144 _____ C:\Windows\Minidump\080217-36781-01.dmp
2017-08-02 21:36 - 2017-08-02 21:36 - 244103595 _____ C:\Windows\MEMORY.DMP
2017-08-02 21:36 - 2017-08-02 21:36 - 000000000 ____D C:\Windows\Minidump
2017-08-01 12:17 - 2017-08-01 12:17 - 000000000 ____D C:\Users\Freeware Sys\AppData\Local\Avira
2017-08-01 11:56 - 2017-08-01 11:56 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-08-01 11:54 - 2017-08-02 21:06 - 000000000 ____D C:\Program Files (x86)\Avira
2017-08-01 11:54 - 2017-08-01 14:16 - 000000000 ____D C:\ProgramData\Avira
2017-08-01 11:13 - 2017-08-01 11:46 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-01 10:15 - 2017-08-01 10:25 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150156336451503
2017-07-31 16:20 - 2017-08-21 13:01 - 000000000 ____D C:\ProgramData\FLEXnet
2017-07-31 15:21 - 2017-07-31 15:21 - 000000000 ____D C:\ProgramData\ALM
2017-07-31 15:00 - 2017-07-31 15:00 - 000000000 ____D C:\Program Files (x86)\QuickTime
2017-07-31 14:58 - 2017-07-31 14:58 - 000002054 _____ C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2017-07-31 14:52 - 2007-02-20 16:04 - 002463976 _____ C:\Windows\SysWOW64\NPSWF32.dll
2017-07-31 14:52 - 2007-02-20 16:04 - 000190696 _____ (Adobe Systems, Inc.) C:\Windows\SysWOW64\NPSWF32_FlashUtil.exe
2017-07-31 14:48 - 2017-07-31 16:20 - 000000000 ____D C:\ProgramData\Adobe
2017-07-31 14:46 - 2017-07-31 14:46 - 000000000 ____D C:\Windows\SysWOW64\spool
2017-07-31 14:44 - 2017-07-31 14:44 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-07-31 14:42 - 2017-07-31 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS3
2017-07-31 14:40 - 2017-07-31 15:29 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-07-31 14:32 - 2017-07-31 14:32 - 000000000 ____D C:\Users\Freeware Sys\AppData\LocalLow\Netopsystems
2017-07-31 14:28 - 2017-07-31 14:28 - 000000000 ____D C:\Users\Freeware Sys\AppData\Local\Apps\2.0
2017-07-31 13:48 - 2017-07-31 13:48 - 000000792 _____ C:\bdlog.txt
2017-07-31 12:52 - 2017-07-31 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2017-07-31 12:52 - 2017-07-31 12:52 - 000000708 ____H C:\bdr-cf01
2017-07-31 12:52 - 2017-07-31 12:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2017-07-31 12:52 - 2017-07-31 12:52 - 000000000 ____D C:\ProgramData\BDLogging
2017-07-31 12:52 - 2015-09-17 21:24 - 001740520 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2017-07-31 12:50 - 2007-04-11 10:11 - 000511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2017-07-31 12:45 - 2017-07-31 12:52 - 000253404 ____H C:\bdr-ld01
2017-07-31 12:45 - 2017-07-31 12:52 - 000009216 ____H C:\bdr-ld01.mbr
2017-07-31 12:45 - 2015-12-15 21:35 - 049760229 ____H C:\bdr-im01.gz
2017-07-31 12:45 - 2013-08-13 12:38 - 003271472 ____H C:\bdr-bz01
2017-07-31 12:34 - 2017-07-31 12:34 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\QuickScan
2017-07-31 12:32 - 2017-07-31 12:32 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-07-31 08:55 - 2017-07-31 08:59 - 001601078 _____ C:\Windows\logo.bmp
2017-07-31 08:47 - 2017-07-31 08:47 - 000000000 ____D C:\Windows\XSxS
2017-07-30 18:11 - 2017-07-30 18:11 - 000000000 ____D C:\Users\Freeware Sys\AppData\Local\CrashRpt
2017-07-30 18:10 - 2017-07-30 18:11 - 000000000 ____D C:\Users\Freeware Sys\AppData\Local\CallofDuty4MW
2017-07-29 13:19 - 2017-07-29 13:19 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\ImgBurn
2017-07-29 08:15 - 2017-07-29 08:04 - 000008953 _____ C:\Users\Freeware Sys\Documents\config.cfg
2017-07-28 12:52 - 2017-07-28 12:52 - 000000000 ____D C:\Users\Freeware Sys\AppData\Local\modloader
2017-07-28 12:52 - 2017-07-28 12:52 - 000000000 ____D C:\ProgramData\modloader


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-08-26 19:37 - 2017-06-24 15:53 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\uTorrent
2017-08-26 19:19 - 2017-06-24 17:10 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\vlc
2017-08-26 19:12 - 2017-06-24 17:12 - 000000951 _____ C:\Windows\Tasks\EPSON L565 Series Update {89890F53-5FAA-4CB6-933B-7D781DDE4920}.job
2017-08-26 17:55 - 2014-11-21 13:08 - 000863592 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-26 17:55 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
2017-08-26 17:53 - 2017-06-25 08:53 - 000003604 _____ C:\Windows\System32\Tasks\AutoKMS
2017-08-26 17:53 - 2017-06-24 18:19 - 000000000 __RDO C:\Users\Freeware Sys\OneDrive
2017-08-26 17:51 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-26 08:28 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-08-25 06:31 - 2017-06-24 15:25 - 000000000 ____D C:\Users\Freeware Sys
2017-08-21 13:07 - 2017-06-24 15:26 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\Adobe
2017-08-20 19:16 - 2017-06-24 15:56 - 000000000 ____D C:\Users\Freeware Sys\AppData\Roaming\DMCache
2017-08-20 14:27 - 2017-06-24 15:25 - 000000000 ____D C:\ProgramData\KMSAutoS
2017-08-19 17:29 - 2017-06-24 15:31 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2957348543-2408799180-673264574-1001
2017-08-19 13:04 - 2017-05-10 15:36 - 000000000 ____D C:\Users\Freeware Sys\Downloads\Folder Icons
2017-08-18 15:57 - 2017-06-25 10:57 - 000000000 ____D C:\Users\Freeware Sys\AppData\Local\ElevatedDiagnostics
2017-08-18 15:43 - 2017-06-29 16:12 - 000001034 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-08-18 15:43 - 2017-06-24 16:03 - 000003838 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1498300413
2017-08-18 15:43 - 2017-06-24 16:01 - 000000000 ____D C:\Program Files\Opera
2017-08-13 08:19 - 2017-06-24 15:51 - 000000000 ____D C:\Users\UpdatusUser
2017-08-06 14:03 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp
2017-08-06 12:47 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\ELAMBKUP
2017-08-06 10:51 - 2017-06-25 08:44 - 000000000 ____D C:\Program Files\Windows KMS Activator Ultimate 2017 v3.3
2017-08-06 09:34 - 2017-06-24 09:45 - 000000000 ____D C:\Users\Freeware Sys\Downloads\Compressed
2017-08-06 09:13 - 2017-03-14 16:14 - 000000000 ____D C:\AdwCleaner
2017-08-06 08:58 - 2017-06-24 17:42 - 000000000 ____D C:\Windows\system32\appmgmt
2017-08-05 22:15 - 2016-10-27 12:17 - 001611944 _____ (Secure Download Ltd. ) C:\Users\Freeware Sys\Downloads\keygen
2017-08-05 21:58 - 2017-06-24 15:26 - 000000000 ____D C:\Users\Freeware Sys\AppData\Local\VirtualStore
2017-08-05 16:51 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\rescache
2017-08-05 16:26 - 2017-06-24 09:45 - 000000000 ____D C:\Users\Freeware Sys\Downloads\Video
2017-08-04 18:41 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\tracing
2017-08-01 14:22 - 2017-07-06 16:52 - 000000000 ____D C:\Users\Freeware Sys\AppData\Local\Adobe
2017-08-01 14:16 - 2017-06-24 16:06 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-01 13:51 - 2017-06-24 16:18 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-01 13:51 - 2013-08-22 20:14 - 002402016 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-01 11:47 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\ELAM
2017-08-01 10:36 - 2017-07-15 07:12 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-08-01 09:37 - 2017-06-24 17:03 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-07-31 14:59 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-07-31 11:03 - 2017-06-30 17:06 - 000000000 ____D C:\Users\Public\Documents\GTA San Andreas User Files
2017-07-31 10:26 - 2017-06-24 11:24 - 000000000 ____D C:\Users\Freeware Sys\Documents\GTA San Andreas User Files
2017-07-30 12:10 - 2017-06-24 15:26 - 000000000 ____D C:\Users\Freeware Sys\AppData\Local\Packages
2017-07-30 12:10 - 2013-08-22 21:06 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-30 12:10 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\AppReadiness


==================== Files in the root of some directories =======


2013-10-14 08:14 - 2013-10-14 08:14 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-08-26 08:27


==================== End of FRST.txt ============================
And Here's Additional.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Freeware Sys (26-08-2017 20:06:05)
Running from C:\Users\Freeware Sys\Desktop
Windows 8.1 Pro (Update) (X64) (2017-06-24 09:55:43)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-2957348543-2408799180-673264574-500 - Administrator - Disabled)
Freeware Sys (S-1-5-21-2957348543-2408799180-673264574-1001 - Administrator - Enabled) => C:\Users\Freeware Sys
Guest (S-1-5-21-2957348543-2408799180-673264574-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2957348543-2408799180-673264574-1002 - Limited - Enabled) => C:\Users\UpdatusUser


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


µTorrent 3.4.8 (HKLM-x32\...\µTorrent 3.4.8 Build 42445) (Version: - )
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden
Amnesia - The Dark Descent (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.3.1 - Frictional Games)
Call of Duty(R) 2 (HKLM-x32\...\{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.1.0.0489 - Disc Soft Ltd)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.02.00 - Seiko Epson Corporation)
EPSON L565 Series Printer Uninstall (HKLM\...\EPSON L565 Series) (Version: - SEIKO EPSON Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
FonePaw Video Converter Ultimate 1.3.0 (HKLM-x32\...\{0DB7F015-2927-4eb2-A281-E20CD88AFD6E}_is1) (Version: 1.3.0 - FonePaw)
Foxit PhantomPDF (HKLM-x32\...\{4A0F12EE-FA84-11E6-8204-000C29FC3B44}) (Version: 8.2.1.6871 - Foxit Software Inc.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ImTOO Video Converter Ultimate (HKLM-x32\...\ImTOO Video Converter Ultimate) (Version: 7.7.3.20131014 - ImTOO)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
NVIDIA Graphics Driver 307.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.68 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Opera Stable 47.0.2631.55 (HKLM-x32\...\Opera 47.0.2631.55) (Version: 47.0.2631.55 - Opera Software)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
SILENT HILL 3 (HKLM-x32\...\{14D10AAC-9737-454E-A247-8075C26C30E1}) (Version: 1.00.0000 - Konami Computer Entertainment Tokyo, Inc.) Hidden
SILENT HILL 3 (HKLM-x32\...\InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}) (Version: 1.00.0000 - Konami Computer Entertainment Tokyo, Inc.)
TeamViewer (HKLM-x32\...\TeamViewer 11.0.66595) (Version: - )
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.6.1.0 - Tukero[X]Team)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows KMS Activator Ultimate 2017 v3.3 (HKLM\...\Windows KMS Activator Ultimate 2017 v3.3_is1) (Version: v3.3 - )
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
WinRAR 5.40 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.2 - win.rar GmbH)
Wondershare Filmora(Build 8.2.1) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2007-05-10] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-19] ()
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-24] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-05-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-05-30] (Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2012-12-07] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2007-05-10] (Adobe Systems Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-24] (Foxit Software Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-05-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-05-30] (Alexander Roshal)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {23E24812-B4EE-4191-BBF7-24377B4B1A03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {38BFC5C5-427A-4F05-888A-F4F3060936A1} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {3BCD2310-EA42-4204-B513-BB4654072899} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-06-25] ()
Task: {4F6F2CF8-1D89-48D9-9759-18203A1735F9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {8F41DAF9-3FB0-43FD-B606-C03001E0BF56} - System32\Tasks\[email protected]\Windows63Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="c06b6981-d7fd-4a35-b7b4-054742b7af67") call Activate]
Task: {9E958C1D-3E38-4E33-8EE9-4BF9A0C1E3F7} - System32\Tasks\EPSON L565 Series Update {89890F53-5FAA-4CB6-933B-7D781DDE4920} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMPE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {C075FB2A-0619-4982-BD8E-AC74D647BA5B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {D8077465-8E72-4361-A83C-052F34B183B1} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-10-01] (MSFree Inc.)
Task: {ED239F63-D92B-4A85-829C-AE0C1C93D4B8} - System32\Tasks\Opera scheduled Autoupdate 1498300413 => C:\Program Files\Opera\launcher.exe [2017-08-14] (Opera Software)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\EPSON L565 Series Update {89890F53-5FAA-4CB6-933B-7D781DDE4920}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMPE.EXE:/EXE:{89890F53-5FAA-4CB6-933B-7D781DDE4920} /F:UpdateWORKGROUP\WIN-LGU8LVTQ1I3$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi


==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)




==================== Loaded Modules (Whitelisted) ==============


2017-07-19 08:20 - 2017-07-19 08:20 - 003302400 _____ () C:\ProgramData\Windows\System32\Mswapi64.dll
2015-01-17 02:21 - 2015-01-17 02:21 - 001372872 ____N () C:\Windows\system32\LanmaMasterHelp.dll
2016-08-16 20:36 - 2016-08-16 20:36 - 008911552 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-06-19 03:14 - 2017-06-19 03:14 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-06-14 14:39 - 2017-06-14 14:39 - 000208384 _____ () C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe
2017-08-18 15:43 - 2017-08-18 15:43 - 090050136 _____ () C:\Program Files\Opera\47.0.2631.55\opera_browser.dll
2017-08-18 15:43 - 2017-08-14 11:51 - 002547288 _____ () C:\Program Files\Opera\47.0.2631.55\swiftshader\libglesv2.dll
2017-08-18 15:43 - 2017-08-14 11:51 - 000143448 _____ () C:\Program Files\Opera\47.0.2631.55\swiftshader\libegl.dll
2016-08-16 20:36 - 2016-08-16 20:36 - 008911552 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000113664 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 002341888 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000246784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000047616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000050688 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000079360 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 002029568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000100352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000258560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000076288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000061440 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000465920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000719872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000114688 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000039936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000136704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 001409536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000300032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 001283584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000056320 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 011749376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000192000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000091136 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000068096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000077824 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000048128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000094720 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000045568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000043520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000911360 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000118272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000141312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 001167360 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000117248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000073216 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000292864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 001297920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000350720 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000359424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000209408 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000049152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 001381376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000144896 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000044032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 001723904 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000048640 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000311296 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2013-09-23 04:49 - 2013-09-23 04:49 - 000040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000042496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 009987584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000731648 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000052224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000044032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000541184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000137728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000051712 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000076800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000055808 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000041984 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000079872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000034816 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 000040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2013-09-23 04:48 - 2013-09-23 04:48 - 001518592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rohos => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rohos => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE trusted site: HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\microsoft.com -> hxxps://*.update.microsoft.com
IE trusted site: HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\windowsupdate.com -> hxxps://www.download.windowsupdate.com


==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2013-08-22 18:55 - 2017-08-01 11:22 - 000000147 ____R C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 localhost


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-2957348543-2408799180-673264574-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Freeware Sys\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Disc Soft Ultra Bus Service => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: [email protected] => 2
MSCONFIG\Services: MyEpson Portal Service => 2
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\StartupApproved\StartupFolder: => "Predator.lnk"
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-2957348543-2408799180-673264574-1001\...\StartupApproved\Run: => "Predator"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{B5A5F857-7859-4111-8A31-383F89B24D95}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{55CE1B31-FF38-4471-9180-580216156324}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8FB89AB3-209B-4C9C-91C9-7B21B8E28A5B}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{1FDC160C-2903-4A14-A58F-0F63032A7B9A}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{6588AF8C-36B7-493C-983C-A1C614B82C2F}] => (Allow) C:\Windows\[email protected]
FirewallRules: [{2B7B4194-9744-42CB-BB07-233F6BBD1817}] => (Allow) C:\Windows\[email protected]
FirewallRules: [{4A2D951A-74A1-48CC-8AF0-97937AF9D747}] => (Allow) C:\Program Files\Windows KMS Activator Ultimate 2017 v3.3\Windows KMS Activator Ultimate 2017 v3.3.exe
FirewallRules: [{CCCAC462-0F8F-46B1-BCFC-96C404CA31F5}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{BDE0D431-3389-4568-9031-B5380F898899}D:\games\counter-strike global offensive\csgo.exe] => (Allow) D:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{4596BAAB-51FC-4A0C-ABC1-B0F85328598E}D:\games\counter-strike global offensive\csgo.exe] => (Allow) D:\games\counter-strike global offensive\csgo.exe
FirewallRules: [{0D36C53D-FB49-4373-B1F9-693E9B5A6B73}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{943688D0-EF7F-42E7-91EB-D05572EBC2B4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{9177002B-FD33-4507-A0A5-E0055B7E438F}] => (Allow) D:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{CE8FC324-F752-4A6E-8D8F-CD20158041F5}] => (Allow) D:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{C8B0B351-8988-41ED-8949-79FD10941C03}] => (Allow) D:\Games\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{435D75FA-314C-4176-9E43-DDB2480D7E43}] => (Allow) D:\Games\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{AFE736AC-DDEB-4359-BDC4-ACE035D6862C}] => (Allow) D:\Games\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{CCC48078-A77D-485F-9CDC-EDC9F66F21E3}] => (Allow) D:\Games\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{ACD3FCAC-C4C2-4AD0-A691-83CC37CB0532}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{6AFA8350-134C-41EB-A4F5-3C8B48B6EF62}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{E67688E2-8795-4144-9970-7FA99A08D35B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{69B55CF6-02B5-4664-9D8C-0E866EF7606C}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [TCP Query User{0C2F69EA-CC75-4F70-A7CB-022C3D944F0F}C:\users\freeware sys\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\freeware sys\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{A67200D3-35DD-4366-90C8-3C3F61D9907C}C:\users\freeware sys\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\freeware sys\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{04A0D297-BDAB-47C6-A502-A3B27A9B4857}] => (Allow) C:\Program Files\Opera\46.0.2597.57\opera.exe
FirewallRules: [{4EA106AB-D722-483D-9532-8BE774FF3756}] => (Allow) LPort=3703
FirewallRules: [{97BDCEAE-39B0-4ECD-A0F5-9968B8E40DA4}] => (Allow) LPort=3704
FirewallRules: [{5EA7CC0B-8580-485E-ADFD-DD7767CBD7AC}] => (Allow) LPort=50900
FirewallRules: [{68BC7659-A75A-48AC-BFC3-9C0F181900B0}] => (Allow) LPort=50901
FirewallRules: [{31A90CD8-B879-4F20-AC5E-41F8E24938B3}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [{680EFC78-48BB-4490-BC2E-782257EEA27D}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [{11424C93-575A-42C9-AAA9-587D5BB0AFBF}] => (Allow) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{760DC80B-B742-46B8-8BDA-0E9AC4B123BA}] => (Allow) C:\Program Files\Predator3\PredatorACE.exe
FirewallRules: [{084FCE79-BAF0-41A8-B449-2C19728E9849}] => (Allow) C:\Program Files\Predator3\PredatorACE.exe
FirewallRules: [{3EA567DD-3459-41FC-A94F-34105A3BB5CA}] => (Allow) C:\Program Files\Opera\47.0.2631.55\opera.exe


==================== Restore Points =========================


05-08-2017 21:05:39 Installed Predator
19-08-2017 12:55:11 Scheduled Checkpoint


==================== Faulty Device Manager Devices =============


Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.




==================== Event log errors: =========================


Application errors:
==================
Error: (08/26/2017 07:56:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: d8c


Start Time: 01d31e768db95979


Termination Time: 4294967295


Application Path: C:\Windows\system32\backgroundTaskHost.exe


Report Id: 83dab7b2-8a6a-11e7-8281-00248cc84e2f


Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt


Faulting package-relative application ID: App


Error: (08/26/2017 07:41:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: de8


Start Time: 01d31e747778b421


Termination Time: 4294967295


Application Path: C:\Windows\system32\backgroundTaskHost.exe


Report Id: 6b21e675-8a68-11e7-8281-00248cc84e2f


Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt


Faulting package-relative application ID: App


Error: (08/26/2017 07:32:00 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (1252) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 5103616 (0x00000000004de000) (database page 1245 (0x4DD)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


Error: (08/26/2017 07:31:00 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (1252) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 5103616 (0x00000000004de000) (database page 1245 (0x4DD)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


Error: (08/26/2017 07:30:01 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (1252) SRUJet: The database page read from the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 5103616 (0x00000000004de000) (database page 1245 (0x4DD)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


Error: (08/26/2017 07:26:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: b58


Start Time: 01d31e725f272ffa


Termination Time: 4294967295


Application Path: C:\Windows\system32\backgroundTaskHost.exe


Report Id: 5426ca75-8a66-11e7-8281-00248cc84e2f


Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt


Faulting package-relative application ID: App


Error: (08/26/2017 07:13:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: dc8


Start Time: 01d31e704452d198


Termination Time: 4294967295


Application Path: C:\Windows\system32\backgroundTaskHost.exe


Report Id: 9a6d9569-8a64-11e7-8281-00248cc84e2f


Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt


Faulting package-relative application ID: App


Error: (08/26/2017 07:11:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


Process ID: 81c


Start Time: 01d31e704459af6e


Termination Time: 4294967295


Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe


Report Id: 3c7e57a4-8a64-11e7-8281-00248cc84e2f


Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe


Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


Error: (08/26/2017 07:09:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 6.3.9600.17415, time stamp: 0x54504e26
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x954
Faulting application start time: 0x01d31e6e5fc604e1
Faulting application path: C:\Windows\system32\mmc.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: effdd6cc-8a63-11e7-8281-00248cc84e2f
Faulting package full name:
Faulting package-relative application ID:


Error: (08/26/2017 07:09:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mmc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code e0434352, exception address 00007FF8C6F28B9C
Stack:




System errors:
=============
Error: (08/26/2017 07:53:57 PM) (Source: Schannel) (EventID: 4108) (User: TROYRUSSIA)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.


Error: (08/26/2017 07:53:57 PM) (Source: Schannel) (EventID: 4120) (User: TROYRUSSIA)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.


Error: (08/26/2017 07:53:49 PM) (Source: Schannel) (EventID: 4108) (User: TROYRUSSIA)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.


Error: (08/26/2017 07:53:49 PM) (Source: Schannel) (EventID: 4120) (User: TROYRUSSIA)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.


Error: (08/26/2017 07:53:43 PM) (Source: Schannel) (EventID: 4108) (User: TROYRUSSIA)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.


Error: (08/26/2017 07:53:43 PM) (Source: Schannel) (EventID: 4120) (User: TROYRUSSIA)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.


Error: (08/26/2017 07:53:39 PM) (Source: Schannel) (EventID: 4108) (User: TROYRUSSIA)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.


Error: (08/26/2017 07:53:39 PM) (Source: Schannel) (EventID: 4120) (User: TROYRUSSIA)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.


Error: (08/26/2017 06:52:05 PM) (Source: Schannel) (EventID: 4108) (User: TROYRUSSIA)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.


Error: (08/26/2017 06:52:05 PM) (Source: Schannel) (EventID: 4120) (User: TROYRUSSIA)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.




==================== Memory info ===========================


Processor: AMD Sempron(tm) Processor LE-1250
Percentage of memory in use: 74%
Total physical RAM: 1791.29 MB
Available physical RAM: 453.8 MB
Total Virtual: 3583.29 MB
Available Virtual: 2115.87 MB


==================== Drives ================================


Drive c: (OS Files Disk) (Fixed) (Total:155.22 GB) (Free:34.75 GB) NTFS
Drive d: (Troy's Drive) (Fixed) (Total:309.39 GB) (Free:25.09 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:1.05 GB) (Free:1.03 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B3317A7B)
Partition 1: (Not Active) - (Size=1022 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=155.2 GB) - (Type=42)
Partition 4: (Not Active) - (Size=310.4 GB) - (Type=42)


==================== End of Addition.txt ============================
And one more thing, The title for the console window changed to Sydtem32/CMD.exe after I Changed proxy settings.
Thanks in advanced
Regards
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1 Professional

samuria

New Member
VIP Member
Pro User
crewe cheshire uk

Posts
461
#8
THe cmd prompt flashing is due to the fact you have several kms servers running there only use is to run pirated software or pirated Windows Windows KMS Activator Ultimate 2017 v3.3 (HKLM\...\Windows KMS Activator Ultimate 2017 v3.3_is1) (Version: v3.3 - )

We dont support any pirated software, cracks or hacking
 

My Computer

System One

  • OS
    win 8 pro
Posts
6
#9
So is my windows not genuine?
Because I Paid For it!!! My dad bought it off Amazon Just a couple of months ago man it cant be pirated.
I have the license key and I'm all genuine when it comes to my PC.
Could anything else be the problem because I don't think My windows is pirated. (Dude I Get All Updates)
 

My Computer

System One

  • OS
    Windows 8.1 Professional

samuria

New Member
VIP Member
Pro User
crewe cheshire uk

Posts
461
#10
Autokms has only one use to crack Windows and MS other software like office it cant be used for anything else and often comes with an added bonus of malware or virus. On your system there isnt just one but several cracks running as tasks everyday and hooked deap in your system along with files that mean your pc could be used as part of a botnet

The files are unsigned making them dangerous. The scan shows that the files were either installed very recantly or modified in August

Once the crack is applied you will get updates ok

IFEO\OSppSvc.exe: [Debugger] [email protected]

S4 [email protected]; C:\Windows\[email protected] [26112 2017-06-25] () [File not signed]

R2 UefGdstor; C:\Windows\system32\drivers\UefGdstor.sys [209952 2015-01-17] () <==== ATTENTION
Complete removal solution of uefgdstor.sys | Threatfixer.com

2017-08-26 17:53 - 2017-06-25 08:53 - 000003604 _____ C:\Windows\System32\Tasks\AutoKMS
2017-08-20 14:27 - 2017-06-24 15:25 - 000000000 ____D C:\ProgramData\KMSAutoS

2017-08-06 10:51 - 2017-06-25 08:44 - 000000000 ____D C:\Program Files\Windows KMS Activator Ultimate 2017 v3.3


Windows KMS Activator Ultimate 2017 v3.3 (HKLM\...\Windows KMS Activator Ultimate 2017 v3.3_is1) (Version: v3.3 -


Task: {3BCD2310-EA42-4204-B513-BB4654072899} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-06-25] ()


Task: {D8077465-8E72-4361-A83C-052F34B183B1} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-10-01] (MSFree Inc.)


How to remove HackTool:Win32/AutoKMS Virus (Removal Guide)

Access Denied
 

My Computer

System One

  • OS
    win 8 pro
Posts
6
#11
Thanks for advice every1 but nothing helped so I got really pissed and reinstalled Windows. And This time there is no KMS Bull**** So its Better.
Thanks again everyone.
 

My Computer

System One

  • OS
    Windows 8.1 Professional