Got Trojan:Script/Wacatac.C!ml?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bsacco

Thread Starter
Joined
Jun 11, 2003
Messages
865
I was informed by my eset online scan that I have
Trojan:Script/Wacatac.C!ml.
Evidently, this bad boy can re-spawn and put you into a ransom-ware situation. How do I ensure I'm not infected? Any tips are welcome. I'm running in WIN 10 on a Dell Desktop PC.

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Pro, 64 bit, Build 18363, Installed 20190808161245.000000-420
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, Intel64 Family 6 Model 60 Stepping 3, CPU Count: 8
Total Physical RAM: 32 GB
Graphics Card: AMD Radeon HD 7500 Series, 1024 MB
Hard Drives: C: 446 GB (259 GB Free); D: 3726 GB (2841 GB Free); E: 1862 GB (1786 GB Free); F: 1862 GB (1586 GB Free); M: 7452 GB (4646 GB Free); N: 3726 GB (985 GB Free);
Motherboard: Dell Inc. 0KWVT8, ver A00, s/n CN7220036F014R.
System: Dell Inc., ver DELL - 20100118, s/n CLCL7Y1
Antivirus: Windows Defender, Enabled and Updated
 

bsacco

Thread Starter
Joined
Jun 11, 2003
Messages
865
I read ahead and in an effort to save you time, I downlaoded FRST as instructed and pasted the log files below:

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2020
Ran by bsacco (03-07-2020 17:13:04)
Running from C:\Users\bobsa\Downloads
Windows 10 Pro Version 1909 18363.900 (X64) (2019-08-08 23:12:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-184992104-3567891997-1526769728-500 - Administrator - Disabled)
bsacco (S-1-5-21-184992104-3567891997-1526769728-1002 - Administrator - Enabled) => C:\Users\bobsa
DefaultAccount (S-1-5-21-184992104-3567891997-1526769728-503 - Limited - Disabled)
Guest (S-1-5-21-184992104-3567891997-1526769728-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-184992104-3567891997-1526769728-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.02 alpha (x64) (HKLM\...\7-Zip) (Version: 19.02 alpha - Igor Pavlov)
A Sharper Scaling version 1.2 (HKLM-x32\...\{7CFADE53-9599-48C5-9FE3-689E56C1D96B}_is1) (Version: 1.2 - )
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_1_3) (Version: 21.1.3 - Adobe Inc.)
Airfoil (HKLM-x32\...\Airfoil) (Version: 5.7.0 - Rogue Amoeba)
Amazon Photos (HKU\S-1-5-21-184992104-3567891997-1526769728-1002\...\Amazon Photos) (Version: 7.1.0 - Amazon.com, Inc.)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 7.7 - A Must in Every Office BV - Bastien Mensink)
ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.8.0 - ASUS)
ASUS Wireless Router Firmware Restoration Utility (HKLM-x32\...\{8CA9C449-C551-4DA2-A423-F0F62E6A04CB}) (Version: 2.0.0.0 - ASUS)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
Babylon (HKLM-x32\...\Babylon) (Version: - Babylon)
Backblaze (HKLM-x32\...\Backblaze) (Version: - Backblaze, Inc)
BandLab Assistant 5.1.2 (HKU\S-1-5-21-184992104-3567891997-1526769728-1002\...\{9b08bea4-021c-5f9d-a74e-ac0ceb51fb28}) (Version: 5.1.2 - BandLab)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 83.1.10.97 - Brave Software Inc)
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software)
Cakewalk Drum Replacer (HKLM\...\Cakewalk Drum Replacer_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Cakewalk Studio Instruments Suite (HKLM\...\Studio Instruments Suite_is1) (Version: 1.0.0.70 - BandLab Singapore Pte Ltd.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
ChromecastApp (HKU\S-1-5-21-184992104-3567891997-1526769728-1002\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic version 1.36 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.6 - Illustrate)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 9 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
Dell SupportAssist (HKLM\...\{6D2933E3-DC42-44E5-B80E-DACDD64ADFF5}) (Version: 3.5.0.448 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.1.2 - Dell Inc.)
dupeGuru 4.0.3 (HKLM\...\dupeGuru) (Version: 4.0.3 - Hardcoded Software)
Duplicate Music Files Finder 1.5.5 (HKLM-x32\...\Duplicate Music Files Finder_is1) (Version: - LC IBros Solutions S.R.L.)
Exif Pilot 5.4 (HKLM-x32\...\Exif Pilot_is1) (Version: 5.4 - Two Pilots)
Gif Recorder (HKLM-x32\...\{E0A4DE24-B594-4E95-BD15-C4E36360CF4C}) (Version: 3.2.3 - AGORA Software BV)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{665DF231-32BE-46BA-ABD2-B0D69F8314FF}) (Version: 1.0.494 - LogMeIn, Inc.)
Grammarly for Microsoft® Office Suite (HKLM\...\{010A1C72-57F3-4991-AF9F-129A80EED7C7}) (Version: 6.7.226 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-184992104-3567891997-1526769728-1002\...\{e9c8b483-bea6-442a-8375-211c50dc8e86}) (Version: 6.7.226 - Grammarly)
Guitar Pro 7 - Soundbanks (HKLM-x32\...\com.arobas-music.guitarpro7-soundbanks_is1) (Version: 1.1.123 - Arobas Music)
Guitar Pro 7 (HKLM-x32\...\{BF4EDCFF-ED20-4AF6-A636-EBAC931336CD}_is1) (Version: 7.5.1.1454 - Arobas Music)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
iPhoneSMSExport (HKLM-x32\...\iPhoneSMSExport) (Version: - )
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
i-Sound Recorder 7.7.5.0 (HKLM-x32\...\i-Sound Recorder_is1) (Version: 7.7.5.0 - AbyssMedia.com)
iZotope Nectar 3 Elements (HKLM-x32\...\Nectar 3 Elements) (Version: 3.00 - iZotope, Inc.)
iZotope Relay (HKLM\...\Relay) (Version: 1.0.4 - iZotope, Inc.)
iZotope Tonal Balance Control 2 (HKLM\...\Tonal Balance Control 2) (Version: 2.1.0 - iZotope, Inc.)
iZotope Vocal Doubler (HKLM-x32\...\Vocal Doubler) (Version: 1.00 - iZotope, Inc.)
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.5.0.0 - EditShare)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
Magic MP3 Tagger 2.2.6 (HKLM-x32\...\uniquemagicmp3taggerappid_is1) (Version: - Mathias Kunter)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.9 - Waves Audio Ltd.) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.58 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.12827.20470 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
MiniTool Power Data Recovery 8.1 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 8.1 - MiniTool Software Limited)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v3.01 (HKLM-x32\...\Mp3tag) (Version: 3.01 - Florian Heidenreich)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 2.3.1 - MusicBrainz)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8516 - MyHeritage.com)
Neutron 3 Elements (HKLM-x32\...\Neutron 3 Elements) (Version: 3.1.1 - iZotope, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20470 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
ON1 Resize 2020 (HKLM\...\{c536dbab-3cb7-4ebb-94e0-5632bd909824}) (Version: 1400 - ON1)
Ozone 9 Advanced (HKLM\...\Ozone 9) (Version: 9.1.0 - iZotope, Inc.)
Ozone 9 Elements (HKLM\...\Ozone 9 Elements) (Version: 9.1.0 - iZotope, Inc.)
PACE License Support Win64 (HKLM\...\{CDDC4CA3-FBF0-46c3-8EB1-B001EA7FDA55}) (Version: 5.2.1.3096 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{CDDC4CA3-FBF0-46c3-8EB1-B001EA7FDA55}) (Version: 5.2.1.3096 - PACE Anti-Piracy, Inc.)
PDF-XChange Editor (HKLM\...\{A92947C7-3157-4E71-9EF9-A4296E9DB977}) (Version: 7.0.328.2 - Tracker Software Products (Canada) Ltd.)
PhotoMove 2.5 version 2.5.2.1 (HKLM-x32\...\{546443DF-4D82-484A-8E00-2136243B8B9A}}_is1) (Version: 2.5.2.1 - Mike Baker @ Rediscovering Photography)
PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.8 - Bluefive software)
Plex Media Server (HKLM-x32\...\{5e3a9a09-75fa-4607-a1c2-d23559ab00e2}) (Version: 1.19.1.2645 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{E23F0C90-C07E-4A76-93AA-7A266E00E6E1}) (Version: 1.19.2645 - Plex, Inc.) Hidden
Product Portal (HKLM-x32\...\Product Portal) (Version: - iZotope, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
Similarity 64-bit 2.4.1 (HKLM\...\{FCED929D-B611-40A5-A67C-F4C29961D57E}) (Version: 2.4.2382 - GAR Software)
SketchUp 2016 (HKLM\...\{D87EE6DC-32BA-4219-AC75-0A6FD54ED058}) (Version: 16.0.19912 - Trimble Navigation Limited)
Snagit 13 (HKLM-x32\...\{CC1426D1-65B6-40B8-B749-89FB94368627}) (Version: 13.1.7 - TechSmith Corporation)
SoundDiver 3.05 (HKLM-x32\...\SoundDiver 3.05) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Stopping Plex (HKLM-x32\...\{103461CD-D934-4785-9452-8CBF41041FE8}) (Version: 1.19.2645 - Plex, Inc.) Hidden
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 9.2.30.0 - 2BrightSparks)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version: - Ozone)
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.2 - WebM Project)
WinDirStat 1.1.2 (HKU\S-1-5-21-184992104-3567891997-1526769728-1002\...\WinDirStat) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XnConvert 1.80 (HKLM\...\XnConvert_is1) (Version: 1.80 - Gougelet Pierre-e)
Zoom (HKU\S-1-5-21-184992104-3567891997-1526769728-1002\...\ZoomUMX) (Version: 4.4 - Zoom Video Communications, Inc.)
Zoom Outlook Plugin (HKLM-x32\...\{4237F164-08CA-4D17-B86D-DD147FC02E11}) (Version: 4.7.53562 - Zoom)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-05-28] (Adobe Systems Incorporated)
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2019-06-12] (Canon Inc.)
Connected Devices -> C:\Program Files\WindowsApps\34507Simplisidy.ShareAcrossDevices_4.2.6.0_x64__wtkr3v20s86d8 [2019-08-24] (Simplisidy)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.5.13.0_x64__htrsf667h5kn2 [2020-05-12] (Dell Inc)
File Renamer -> C:\Program Files\WindowsApps\15612Aftnet.FileRenamer_2.0.1.0_x64__wgtwcdjmkkg0e [2019-08-23] (Aftnet)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa [2020-05-22] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
Movie Maker 10 - FREE -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_2.9.77.0_x64__bzg06mxvgh4fa [2020-07-02] (V3TApps)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-10-24] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-24] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.18.1.0_x64__nfy108tqq3p12 [2020-06-16] (Thumbmunkeys Ltd)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-DFF08266F466} -> [Creative Cloud Files] => C:\Users\bobsa\Creative Cloud Files [2020-05-28 15:30]
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.226\799F9D2AEC\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{49B02D3E-D81D-6DBE-BC08-883E4C77C159}\InprocServer32 -> C:\Program Files (x86)\Common Files\System\ole32.dll => No File
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.226\799F9D2AEC\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-184992104-3567891997-1526769728-1002_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\bobsa\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BabylonDocTrans] -> {947217BD-E967-400A-B14A-BA851A8EDCBB} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2020-03-27] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2019-01-28] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2019-07-02] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2020-03-27] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2020-03-27] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2019-07-02] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\bobsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl

==================== Loaded Modules (Whitelisted) =============

2017-10-19 14:55 - 2017-10-19 14:55 - 001651200 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\cairo.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 000657920 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\fontconfig.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 000868864 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\harfbuzz-vs14.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 000042496 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\iconv.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 000205312 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\libpng16.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 001023488 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\libxml2.dll
2016-01-27 19:05 - 2016-01-27 19:05 - 008968192 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\opencv_core300.dll
2016-03-04 16:10 - 2016-03-04 16:10 - 008968192 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\opencv_core310.dll
2016-01-27 19:05 - 2016-01-27 19:05 - 020629504 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\opencv_imgproc300.dll
2016-03-04 16:10 - 2016-03-04 16:10 - 020629504 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\opencv_imgproc310.dll
2016-03-04 16:10 - 2016-03-04 16:10 - 000800768 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\opencv_photo310.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 000074240 _____ () [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\zlib1.dll
2019-04-24 13:25 - 2012-07-31 08:48 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2017-10-19 14:55 - 2017-10-19 14:55 - 000075776 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\intl.dll
2016-01-08 14:28 - 2016-01-08 14:28 - 000306688 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\libhunspell.dll
2015-06-23 16:00 - 2015-06-23 16:00 - 000285696 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-06-23 16:00 - 2015-06-23 16:00 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2016-07-13 12:41 - 2016-07-13 12:41 - 000066192 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\LFJbg15U.DLL
2016-07-13 12:41 - 2016-07-13 12:41 - 000126096 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\LFPng15U.DLL
2016-07-13 12:41 - 2016-07-13 12:41 - 000212112 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\Ltimgclr15u.dll
2016-07-13 12:41 - 2016-07-13 12:41 - 000208016 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\Ltimgefx15u.dll
2016-07-13 12:41 - 2016-07-13 12:41 - 000134288 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\Ltimgutl15u.dll
2016-07-13 12:41 - 2016-07-13 12:41 - 000122000 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\Lttwn15u.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 000249344 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\pango-1.0.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 000485376 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\pangocairo-1.0.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 000506368 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\pangoft2-1.0.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 000053760 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\pangowin32-1.0.dll
2020-02-27 14:51 - 2020-02-27 14:51 - 001899008 _____ (SQLite Development Team) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\sqlite3.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 001145856 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\glib-2.0.dll
2017-10-19 14:55 - 2017-10-19 14:55 - 000230400 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 13\gobject-2.0.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-184992104-3567891997-1526769728-1002\...\line6.net -> line6.net

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 00:31 - 2018-09-15 00:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2019-06-18 13:22 - 2019-06-18 13:22 - 000000447 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-184992104-3567891997-1526769728-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\bobsa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: XblAuthManager => 3
HKU\S-1-5-21-184992104-3567891997-1526769728-1002\...\StartupApproved\Run: => "Backblaze"
HKU\S-1-5-21-184992104-3567891997-1526769728-1002\...\StartupApproved\Run: => "HubSpot for Windows"
HKU\S-1-5-21-184992104-3567891997-1526769728-1002\...\StartupApproved\Run: => "Shoebox"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B1EAAAED-67E5-4777-8793-785045B9782A}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{D7B4A9F6-7353-489B-BF17-AABD29B0BEE6}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{1717B8EE-46B8-4AFB-A09E-EE51720DE19B}] => (Allow) E:\SOFTWARE\ASUS ROUTER\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{340C271E-92F5-4B7F-A579-97A3337D9226}] => (Allow) E:\SOFTWARE\ASUS ROUTER\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{FD600776-E230-434B-B040-6580C66A5DCA}] => (Allow) C:\Users\bobsa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{7C368A51-B4B6-4D5B-92DD-967C76F496DD}C:\program files (x86)\airfoil\airfoil.exe] => (Allow) C:\program files (x86)\airfoil\airfoil.exe (Rogue Amoeba) [File not signed]
FirewallRules: [TCP Query User{44E93260-BE97-4EE6-BDB2-10DD767304F2}C:\program files (x86)\airfoil\airfoil.exe] => (Allow) C:\program files (x86)\airfoil\airfoil.exe (Rogue Amoeba) [File not signed]
FirewallRules: [{470ADCED-C260-4E8E-96BC-10815A833355}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{36721B32-F7F9-4E3E-B3E0-D81E5DA8B67F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4A80A183-9C92-44CB-BCAC-1FC5B9E97989}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0ABE345-725A-4AE7-8058-4F0F16272925}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{CD9978D1-03FE-4BB5-8DFB-6E8C8FD70D52}C:\mediamonkey\mediamonkey.exe] => (Allow) C:\mediamonkey\mediamonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [TCP Query User{091E8569-64C2-4E06-A15E-01E66628747D}C:\mediamonkey\mediamonkey.exe] => (Allow) C:\mediamonkey\mediamonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{FA0434FA-C9E8-4D08-BF79-2FE6C65989A4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{85F1F83A-22F9-4133-AC15-0E94491276BF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{922519DD-A596-48A5-9746-9F3107473649}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{1889238C-584A-472E-B262-C7D4E24A2A90}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{C2BE7F75-6E1B-4F07-98A2-8A6016A2446C}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [UDP Query User{22D8FD0F-DF1E-4D56-9FBB-1B0CC3CB6F49}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [TCP Query User{0D3677E5-10A2-4AEB-98BF-0BEBD2BA928A}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{C3A02AC1-D265-4252-8F97-225DDBE1906E}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{CB8D2268-922D-48B1-96C6-95A5292193EF}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{F86B436B-EDBA-4954-8A9A-0BA9FE32C013}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{CDC293AF-A27D-4450-8D3C-B2AE80634F35}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{8B2E45EE-EC79-4F7A-896A-1FF1E807705F}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{F07AC8AF-7AA5-4F13-BAA4-0C96999EC995}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{0B23DDFB-5B2F-44AD-8D6E-42672C897816}] => (Allow) C:\Program Files (x86)\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{EFD2F4FA-A1EF-4862-BE3A-B89C489DF45D}] => (Allow) C:\Program Files (x86)\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{10841513-AA62-42EE-B2B4-A1DC78D013FF}] => (Allow) LPort=8298
FirewallRules: [{3FF9FBE0-C9A8-4E69-B9FF-AD9F7AAF4DBE}] => (Allow) C:\Users\bobsa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7CDA195F-7026-4829-8C30-057C562B4148}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6D5D1D0E-6643-4AD9-ABB1-64579FB767BA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FABF8E8D-C6BD-4116-BECD-058B80DFFD52}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9186BDBA-B418-4D0E-B65E-757EE0719B32}] => (Allow) LPort=2869
FirewallRules: [{14BA6F24-9831-4273-9131-1EE60F479CF2}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{F27A1CEF-DFEB-492F-A22C-97E6DC5F559C}C:\users\bobsa\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\bobsa\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab)
FirewallRules: [UDP Query User{452AABD2-F1D5-4D20-8235-F4E72E891B93}C:\users\bobsa\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\bobsa\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab)
FirewallRules: [{A3FE4604-85C8-421F-9DF1-5D502109E91A}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{11E91008-F66E-41CA-82F9-0BEC1942727B}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{AD1BF611-5B18-47A5-A6FC-54A91190E1D3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5447036-7CD7-4AB8-A014-A45A1698BD27}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{8030B1D3-7A3F-409D-AA36-97E49813442C}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{F8662DE1-7093-4480-A963-BA395CED87E5}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{70CA22FA-D598-4F6C-9B53-B1CE4FE2EC11}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{346904E9-639F-4168-9C3E-2B1CAB88ADCC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{31456A40-07F2-49BF-81A3-4B805DF7CEFA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7C1C6A83-1109-439C-A665-0FABD18FBAD5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D678227C-4F62-4758-929D-B6EF5B8FAB57}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F75DF26E-6FCA-4BEA-95C2-70161F263378}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A69DE9C9-689A-45CA-95CE-9753EB1EB9B6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DE8E10F4-5F75-4A9E-9D62-5F8E22D66665}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{83716038-EFC6-4044-8842-42F4F0A10982}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CA9D44ED-2ACE-4217-B23E-67550476A61F}] => (Allow) C:\Program Files\ON1\ON1 Resize 2020\ON1 Resize 2020.exe (ON1, Inc -> ON1, Inc.)
FirewallRules: [{57B59206-1836-4E8A-9497-9C0DAA87B243}] => (Allow) C:\Program Files\ON1\ON1 Resize 2020\ON1 Resize 2020.exe (ON1, Inc -> ON1, Inc.)
FirewallRules: [{42170762-9AD9-4A1D-BB46-C122F54EA56B}] => (Allow) C:\Program Files\ON1\ON1 Resize 2020\on1sandbox.exe (ON1, Inc -> )
FirewallRules: [{9BF0556A-3A1B-401D-9429-7FD96F01B997}] => (Allow) C:\Program Files\ON1\ON1 Resize 2020\on1sandbox.exe (ON1, Inc -> )
FirewallRules: [{92769C09-18B1-45BA-B159-ABC00410AC45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0BEF1375-7EB6-4325-B039-7C7F545918A6}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

17-06-2020 06:03:30 Scheduled Checkpoint
22-06-2020 09:53:26 Installed Dell Update.
29-06-2020 23:59:56 Scheduled Checkpoint
03-07-2020 12:03:18 Installed ABBYY FineReader PDF 15.
03-07-2020 15:38:18 Revo Uninstaller's restore point - ABBYY FineReader PDF 15

==================== Faulty Device Manager Devices ============

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/03/2020 05:04:33 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (26164,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/03/2020 05:00:53 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 23480 and the required size was 47024.

Error: (07/03/2020 04:04:33 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5952,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/03/2020 03:52:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (24104,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/03/2020 03:34:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (16772,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/03/2020 03:30:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program svchost.exe version 10.0.18362.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1904

Start Time: 01d651875d03a957

Termination Time: 4294967295

Application Path: C:\Windows\System32\svchost.exe

Report Id: 7235267e-63a0-4c58-878f-d547119d9aa8

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-process

Error: (07/03/2020 03:29:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12896,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/03/2020 03:27:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SecHealthUI.exe, version: 10.0.18362.752, time stamp: 0x5e70487e
Faulting module name: combase.dll, version: 10.0.18362.900, time stamp: 0x90957831
Exception code: 0xc0000005
Fault offset: 0x000000000001b2ce
Faulting process id: 0x3028
Faulting application start time: 0x01d6518916f57b0e
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: bcecac18-6c9a-4c35-8804-52b4befdb037
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.18362.449_neutral__cw5n1h2txyewy
Faulting package-relative application ID: SecHealthUI


System errors:
=============
Error: (07/03/2020 03:14:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BF34ULN)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX8z5q44mt1b9k6x2nkjj0bkr2e1ac0dxy.mca did not register with DCOM within the required timeout.

Error: (07/03/2020 03:13:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/01/2020 10:40:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/01/2020 10:40:55 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\bobsa\AppData\Local\Temp\ehdrv.sys

Error: (07/01/2020 10:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/01/2020 10:40:54 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\bobsa\AppData\Local\Temp\ehdrv.sys

Error: (07/01/2020 10:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/01/2020 10:40:54 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\bobsa\AppData\Local\Temp\ehdrv.sys


Windows Defender:
===================================
Date: 2020-07-02 02:55:46.591
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...Wacatac.C!ml&threatid=2147749377&enterprise=0
Name: Trojan:Script/Wacatac.C!ml
ID: 2147749377
Severity: Severe
Category: Trojan
Path: file:_N:\SYNCH BACK\Local Drive F\EZ Drummer\EZ Drummer KeyGen.rar
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\bobsa\Downloads\esetonlinescanner_enu.exe
Security intelligence Version: AV: 1.319.584.0, AS: 1.319.584.0, NIS: 1.319.584.0
Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-07-01 19:28:05.528
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...Wacatac.C!ml&threatid=2147749377&enterprise=0
Name: Trojan:Script/Wacatac.C!ml
ID: 2147749377
Severity: Severe
Category: Trojan
Path: file:_F:\EZ Drummer\EZ Drummer KeyGen.rar
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\bobsa\Downloads\esetonlinescanner_enu.exe
Security intelligence Version: AV: 1.319.584.0, AS: 1.319.584.0, NIS: 1.319.584.0
Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-06-22 22:33:21.599
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C3BB7EEC-2F0E-4104-8A5D-EBA939181519}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2020-06-13 20:25:46.640
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\RogueAmoeba\RogueAmoeba.Phage.8.DNA64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-14 10:08:52.104
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\RogueAmoeba\RogueAmoeba.Phage.8.DNA64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-14 10:08:43.872
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\RogueAmoeba\RogueAmoeba.Phage.8.DNA64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-14 10:06:58.111
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\RogueAmoeba\RogueAmoeba.Phage.8.DNA64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-14 10:06:49.814
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\RogueAmoeba\RogueAmoeba.Phage.8.DNA64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-10-26 19:13:59.165
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\RogueAmoeba\RogueAmoeba.Phage.8.DNA64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-10-02 14:43:17.814
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\RogueAmoeba\RogueAmoeba.Phage.8.DNA64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A14 05/31/2019
Motherboard: Dell Inc. 0KWVT8
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 49%
Total physical RAM: 32719.18 MB
Available physical RAM: 16550.99 MB
Total Virtual: 81871.18 MB
Available Virtual: 64207.68 MB

==================== Drives ================================

Drive c: (Local Disk C - 500GB SSD) (Fixed) (Total:446.57 GB) (Free:255.94 GB) NTFS
Drive d: (D_Plex) (Fixed) (Total:3726.01 GB) (Free:2841.58 GB) NTFS
Drive e: (Seagate Barc 2TB - MAIN) (Fixed) (Total:1862.89 GB) (Free:1786.07 GB) NTFS
Drive f: (Local Disk F 2TB Music Software ) (Fixed) (Total:1862.89 GB) (Free:1586.6 GB) NTFS
Drive m: (My Book 8TB) (Fixed) (Total:7452.03 GB) (Free:4646.52 GB) NTFS
Drive n: (MyBook 4TB ) (Fixed) (Total:3726.02 GB) (Free:985.65 GB) NTFS

\\?\Volume{0b032970-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{0b032970-0000-0000-0000-00ab6f000000}\ () (Fixed) (Total:0.46 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 0B032970)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=469 MB) - (Type=27)

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 945F945F)

Partition: GPT.

==========================================================
Disk: 3 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 4 (Size: 7452 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 5 (Size: 3726 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt =======================


====================
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
603
Hello, bsacco.

I am DR M and I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. You have to reply to my posts within three days. If you need some additional time, just let me know. If I don't get any reply from you within these three days, the topic will be closed. You can send me a PM if you still want help, after this period of time.

2. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

3. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

4. Please, copy all the content of the required logs and paste it inside your post, unless directed otherwise.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.


==========================================================

I'm currently reviewing your logs and I will be back as soon as I can. :)
 

bsacco

Thread Starter
Joined
Jun 11, 2003
Messages
865
OK, great Just setting my expectations. Should I expect a response today?
 
Last edited:

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
603
I assume that no response today.

My instructor has to review any fix by me before posting.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
603
Hi, bsacco.

There is evidence of pirated software in your logs The infection Windows Defender alerted you of concerns a keygen tool on disks N and F. Keygens are used to illegally activate commercial programs. Users using these methods should know that they are not only illegally activating the program, but they put themselves at a great risk, meaning that they expose their computer to malicious software.

You also have the following Chrome extension installed:

Code:
Remove ads from Pirate Bay
This site does what its name says: offers pirated software. Using its downloads can harm your
computer, as you can download software that contains malware and expose your personal data to anyone.

It's your computer and you can do whatever you want with it, but note that soon or later you are going to be infected.

I strongly recommend you to uninstall any pirated programs you are using, as well as the Chrome extension mentioned above. Please note, that our tools can remove pirated software or methods used for illegally activate programs.

1. Remove Chrome extension
  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Remove ads from Pirate Bay, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

2. Run an FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD1373584323820] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5ed04b5d" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD1373584323820 /f <==== ATTENTION
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

3. ESET online scan

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
603
Hi, bsacco.

I noticed that you posted your logs at another forum too. Since you started getting help there, I'm closing this thread now, marking it as solved.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top