Search found 6 matches for 2

NOTE #2
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Darshana (30-03-2018 22:08:27)
Running from C:\Users\Darshana\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2018-01-21 16:52:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2438051969-607994775-1632804330-500 - Administrator - Disabled)
Darshana (S-1-5-21-2438051969-607994775-1632804330-1001 - Administrator - Enabled) => C:\Users\Darshana
DefaultAccount (S-1-5-21-2438051969-607994775-1632804330-503 - Limited - Disabled)
emani (S-1-5-21-2438051969-607994775-1632804330-1002 - Limited - Enabled) => C:\Users\emani
Guest (S-1-5-21-2438051969-607994775-1632804330-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2438051969-607994775-1632804330-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Intel(R) Chipset Device Software (HKLM-x32\...\{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2438051969-607994775-1632804330-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
PeaZip 6.5.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.5.1 - Giorgio Tani)
Plex Media Server (HKLM-x32\...\{763A44F9-11ED-4C90-B79F-01077108135B}) (Version: 1.7.4035 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{d30c30f4-3b8f-4a97-83a8-ade21eb5089e}) (Version: 1.7.5.4035 - Plex, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
SiudiDriver version 2.3 (HKLM\...\SiudiDriver_is1) (Version: 2.3 - LightingSoft AG)
SP C250SF/C252SF LAN (HKLM-x32\...\{FADBC704-00A7-45FD-A3CF-4B9F8D4DB234}) (Version: 1.00.0.0 - Ricoh)
Stopping Plex (HKLM-x32\...\{64DC32A4-FE15-4054-AC6C-421DE509BF51}) (Version: 1.7.4035 - Plex, Inc.) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
WPS Office (10.2.0.5978) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5978 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2438051969-607994775-1632804330-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2438051969-607994775-1632804330-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Darshana\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438051969-607994775-1632804330-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Darshana\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-13] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2438051969-607994775-1632804330-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {028B803A-DDD6-4692-A7DE-8FED1F772D84} - System32\Tasks\survivalists => C:\Program Files (x86)\Gibsons\peanut.exe [2018-03-08] ()
Task: {032A84A6-B790-4B6B-ADC3-D4F6FB0E56E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {0633D521-3A90-4A62-9A9F-0CF2CABB9ECF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-08] (Google Inc.)
Task: {2235892F-3104-40DB-9667-F2C1026EB46C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-08] (Google Inc.)
Task: {22B8FF2B-E4AB-4AA0-9161-362B51D749F1} - System32\Tasks\WpsExternal_Darshana_20170824182205 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {33FFDA57-8F5C-4F68-9C9F-23EED7DD1C38} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {45E9A4E8-5F47-4D69-A3FC-38FABE84AA71} - System32\Tasks\WpsUpdateTask_Darshana => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\wtoolex\wpsupdate.exe [2018-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {45EC44D9-9A75-4BC7-8DC7-35D8FAC38449} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {472C26AD-EDCE-4AEA-8FF5-566217A0455E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {50E702FD-9CBC-46F0-BF0B-A1CD93F521B8} - System32\Tasks\ck sime ironweed => C:\Users\Darshana\AppData\Local\peanut.exe [2018-03-08] ()
Task: {587012DB-1C06-4A1A-86BB-CB75982946F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {5BF4D871-81AB-4317-BA9D-D743B72CDDCC} - System32\Tasks\Sabickered_complementaritybickered_complementarity => C:\Program Files (x86)\Insley\peanut.exe [2018-03-08] ()
Task: {5D69DCAD-5124-4B5B-AF22-7B6B878014DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {61574E5C-8539-4DC4-BCB0-E46AC856107E} - System32\Tasks\Sakhartoum-marsonkhartoum-marson => C:\Program Files (x86)\mois\arto.exe [2018-03-08] ()
Task: {66164CF6-120D-49A2-A48D-9BFB5424C387} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {731250AF-2370-44CE-8250-687F480F5BF7} - System32\Tasks\Samaximum lauritzmaximum lauritz => C:\Program Files (x86)\Insley\arto.exe [2018-03-08] ()
Task: {777865EE-2151-442A-B97B-D3760487997A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {8C598C71-47D9-462C-A326-99A5781C0A16} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {8DC12FC5-701A-46F0-90F3-AFB14D3CAA3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {92437B38-88E9-47B5-8901-58414B01BDCD} - System32\Tasks\maximum lauritz => C:\Program Files (x86)\Insley\arto.exe [2018-03-08] ()
Task: {9B9A5371-E093-4959-9972-6962F871CAF1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-20] ()
Task: {9ECAE5EA-DA0D-4D86-A9D6-FE16116D51A0} - System32\Tasks\photos_polygamists => C:\Users\Darshana\AppData\Local\arto.exe [2018-03-08] ()
Task: {ACDC7B21-2BD4-4354-BF84-0D90C43FD9A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-08] (Microsoft Corporation)
Task: {AD3F1798-A7E6-45B3-8E62-FBBDDB7E9025} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {B555FEBC-B796-4E50-8068-299A5676EFCD} - System32\Tasks\Sasurvivalistssurvivalists => C:\Program Files (x86)\Gibsons\peanut.exe [2018-03-08] ()
Task: {B7843FED-BCB9-42C7-B355-EBFC8B4D2A20} - System32\Tasks\ja3VrQEySTpn => ja3vrqeystpn.exe <==== ATTENTION
Task: {B9A0E6B1-AC0A-459F-B074-E276C16D7D91} - System32\Tasks\khartoum-marson => C:\Program Files (x86)\mois\arto.exe [2018-03-08] ()
Task: {BA9E3162-574E-476A-BDCA-1E13A2E4C95B} - System32\Tasks\Saphotos_polygamistsphotos_polygamists => C:\Users\Darshana\AppData\Local\arto.exe [2018-03-08] ()
Task: {C17D03C8-8F57-416B-80F6-B7A6709512C3} - System32\Tasks\bickered_complementarity => C:\Program Files (x86)\Insley\peanut.exe [2018-03-08] ()
Task: {CD891CF5-136D-4640-9690-217A873C6D64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {D639D056-E413-42CD-84E6-06FF8AAC749B} - System32\Tasks\HPCeeScheduleForDarshana => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DD19DC59-10B3-48E4-8FD9-7A05E613ADBB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {EB2DB453-3F4C-4F9E-878F-5EA1D50D6A5C} - System32\Tasks\Sack sime ironweedck sime ironweed => C:\Users\Darshana\AppData\Local\peanut.exe [2018-03-08] ()
Task: {EE0036E1-DE36-47F7-9726-EE6C0664F7A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {FEDB69FB-0A80-4A89-9301-C0AACA8791F1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForDarshana.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.vudu.com/

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-08 15:22 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-09-11 15:03 - 2014-04-14 20:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\mois\arto.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\Insley\arto.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Users\Darshana\AppData\Local\arto.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Users\Darshana\AppData\Local\peanut.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\Insley\peanut.exe
2018-03-08 12:30 - 2018-03-08 12:30 - 000139776 _____ () C:\Program Files (x86)\Gibsons\peanut.exe
2018-03-15 21:11 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-15 21:12 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-29 20:48 - 2018-03-20 01:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-29 20:48 - 2018-03-20 01:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-03-08 12:30 - 2018-03-08 12:30 - 000066832 _____ () C:\Program Files (x86)\mandarin\marathi.exe
2017-06-28 06:02 - 2017-06-28 06:02 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-06-28 06:01 - 2017-06-28 06:01 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-06-28 06:01 - 2017-06-28 06:01 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2015-09-11 14:53 - 2011-08-23 21:39 - 000081920 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_ctypes.pyd
2015-09-11 14:53 - 2011-08-23 21:39 - 000053248 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_socket.pyd
2015-09-11 14:53 - 2011-08-23 21:39 - 000655360 _____ () C:\Program Files (x86)\CyberLink\YouCam6\koan\_ssl.pyd
2015-09-11 14:54 - 2015-04-21 21:23 - 000057344 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\YouCam\XUControl.dll
2015-09-11 14:53 - 2015-07-01 02:42 - 000310712 _____ () C:\Program Files (x86)\CyberLink\YouCam6\subsys\YouCam\BlackCat.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\kkqgcoip.sys:changelist [598]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2018-03-19 19:22 - 000000850 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2438051969-607994775-1632804330-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1090DEC9-877D-4CF0-AC67-6038891B061F}] => (Block) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [{9F407476-C0CC-4595-AC3B-03FF4CF1C17D}] => (Block) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [UDP Query User{AC7C03EC-17F9-435A-8572-8E3622CD551D}C:\program files (x86)\dvdfab\dvdfab.mhz] => (Allow) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [TCP Query User{A609C00C-D949-44C3-B87C-BF47104A7508}C:\program files (x86)\dvdfab\dvdfab.mhz] => (Allow) C:\program files (x86)\dvdfab\dvdfab.mhz
FirewallRules: [{F0CD494F-0087-421B-8D06-82546DAB817B}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5978\office6\wpscloudsvr.exe
FirewallRules: [{724CD163-AC25-4F1C-A1A5-187F2F91B138}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{3EB64617-0A17-4537-BA87-365B36927E03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{E3F5E990-0F4F-4013-A25A-A2FBB3236D88}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{00FC4295-CF82-448B-BDBB-E51C08A36BF9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{A0B36239-A897-49C6-B7C1-F5118DAC12F3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{84C4F96F-AABB-4BE3-8CC0-94936EB5761C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6ADEBB71-EC4B-4F9B-84D2-45FD49C438E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3DC79B45-705B-4F32-9512-1AADE0AC18D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADEB731D-72D3-466F-8CC6-7D957A2A4C2E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D2D0097-5E45-42DA-AEA0-7FB59967AD86}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{BE90B70F-7A14-423E-882E-ADE53DF617B5}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{C563E6BE-0F1A-4F07-AEC6-C58C8F65FBA8}] => (Allow) C:\Users\Darshana\Downloads\WPUSetup-67956661.exe
FirewallRules: [{270A8B7A-5B2F-4371-BB95-082A77DD90D9}] => (Allow) C:\Users\Darshana\Downloads\WPUSetup-67956661.exe
FirewallRules: [TCP Query User{AE4540BB-0AA9-4A55-A1C0-BB8112559340}C:\mydmx\esa.exe] => (Allow) C:\mydmx\esa.exe
FirewallRules: [UDP Query User{C1A60432-DF2F-477D-8D4A-6BBC6F8F63EA}C:\mydmx\esa.exe] => (Allow) C:\mydmx\esa.exe
FirewallRules: [TCP Query User{ED86BA92-CDF5-4CBE-AE85-B5C672871C96}C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe] => (Block) C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe
FirewallRules: [UDP Query User{6CDD6B56-BB0E-49BD-B302-97117441D29E}C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe] => (Block) C:\users\darshana\appdata\local\temp\igndb8a.tmp\lmiignition.exe
FirewallRules: [TCP Query User{8F4049FF-67D3-48A5-B1CD-980E904C73C7}C:\users\darshana\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\darshana\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{05900ACE-4BB7-488A-A765-53A1E36EA74B}C:\users\darshana\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\darshana\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{BA6B9CD5-7C23-4038-85CE-8BF09B4B18EF}C:\mydmx3\mydmx3\mydmx3.exe] => (Allow) C:\mydmx3\mydmx3\mydmx3.exe
FirewallRules: [UDP Query User{97A0E693-F43D-4FBD-996E-3B7FD66D1A77}C:\mydmx3\mydmx3\mydmx3.exe] => (Allow) C:\mydmx3\mydmx3\mydmx3.exe
FirewallRules: [{9CD4242C-A495-4041-8751-34860491ED73}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{D5F8657F-56D1-4619-BCCB-36D75A201FD4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{7B57BF21-19F6-4D92-8D5E-4215ABA54497}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{C7D01181-118C-4E8B-8CE4-1746EE467FC8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{3C250EBC-ADB3-42DD-B7DE-CE59160792A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E623B26E-ABE6-4860-90A1-BC6F9501C22A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DF269D7A-BAF2-4FF3-A130-8E67E015F60B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{704AF9EA-4E71-4AAB-AE13-C1CC5A86B3E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F650BFE8-59EB-4E15-BCDF-47BC028C7B8E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{64B48B3A-16BD-442E-B8F0-DC963E56DCCB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{438298FB-A5EF-4F52-BE99-65993228D7C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{78A5CDDE-6261-4B77-93D3-4BBE7D64944B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{07CF182E-2807-4983-912B-70BFA615809F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{D360836B-F8DA-4470-B7C9-D379D15CD8F9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{E04203C5-987B-410B-9122-96097AEC0E79}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{43C35883-E9BD-4876-AE66-EBE91B960EE5}] => (Allow) C:\Program Files (x86)\Gibsons\peanut.exe
FirewallRules: [{200C5C59-7DDF-4960-AF83-97960DDD5CB0}] => (Allow) C:\Program Files (x86)\Insley\peanut.exe
FirewallRules: [{D6F70AAF-0DD8-4C5B-B712-CE1D0E40B030}] => (Allow) C:\Program Files (x86)\mois\arto.exe
FirewallRules: [{0DDE1C09-52DC-46C5-BEB4-98D8AC2067E3}] => (Allow) C:\Program Files (x86)\Insley\arto.exe
FirewallRules: [{31E3537E-8239-4320-9638-8A6A97CE4E72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-02-2018 12:20:16 Windows Update
16-02-2018 08:00:53 Windows Update
08-03-2018 15:07:28 Revo Uninstaller's restore point - AnonymizerGadget
15-03-2018 21:10:35 Windows Update
19-03-2018 06:42:51 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2018 03:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: KERNELBASE.dll, version: 6.2.16299.309, time stamp: 0x00000000
Exception code: 0x80004005
Fault offset: 0x0000000000014008
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5

Error: (03/30/2018 03:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: MSHTML.dll, version: 11.0.16299.309, time stamp: 0x72ae6379
Exception code: 0xc0000005
Fault offset: 0x00000000000c7439
Faulting process id: 0x34dc
Faulting application start time: 0x01d3c7d2cb02b05d
Faulting application path: C:\Program Files (x86)\Gibsons\peanut.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSHTML.dll
Report Id: 648f4b3e-85ac-48e0-b2d6-ccf4b065879a
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/30/2018 03:16:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000005
Fault offset: 0x000000000005d8d6
Faulting process id: 0x6884
Faulting application start time: 0x01d3c855b645e6f1
Faulting application path: C:\Program Files (x86)\Gibsons\peanut.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 6732f6c6-a5ca-490a-a88b-abe7c5995d62
Faulting package full name: 
Faulting package-relative application ID:

Error: (03/30/2018 03:02:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: KERNELBASE.dll, version: 6.2.16299.309, time stamp: 0x90a96867
Exception code: 0x80004005
Fault offset: 0x0000000000014008
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5

Error: (03/30/2018 03:02:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: KERNELBASE.dll, version: 6.2.16299.309, time stamp: 0x90a96867
Exception code: 0x80004005
Fault offset: 0x0000000000014008
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5

Error: (03/30/2018 02:00:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5

Error: (03/30/2018 12:52:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: peanut.exe, version: 2.3.6.117, time stamp: 0x5aa1733b
Faulting module name: Flash.ocx, version: 29.0.0.113, time stamp: 0x5a90c6a2
Exception code: 0xc0000005
Fault offset: 0x000000000044be50
Faulting process id: 0x%9
Faulting application start time: 0xpeanut.exe0
Faulting application path: peanut.exe1
Faulting module path: peanut.exe2
Report Id: peanut.exe3
Faulting package full name: peanut.exe4
Faulting package-relative application ID: peanut.exe5

Error: (03/30/2018 12:21:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1645359


System errors:
=============
Error: (03/30/2018 10:08:48 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (03/30/2018 10:06:48 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.

Error: (03/30/2018 10:06:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/30/2018 10:04:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9E175B68-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (03/30/2018 10:02:45 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.

Error: (03/30/2018 10:00:45 PM) (Source: DCOM) (EventID: 10010) (User: PANCHALFAMILY)
Description: The server {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} did not register with DCOM within the required timeout.

Error: (03/30/2018 09:59:56 PM) (Source: DCOM) (EventID: 10016) (User: PANCHALFAMILY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user PANCHALFAMILY\Darshana SID (S-1-5-21-2438051969-607994775-1632804330-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/30/2018 09:57:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-03-19 19:19:29.885
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289&enterprise=0
Name: SoftwareBundler:Win32/Prepscram
ID: 226289
Severity: High
Category: Software Bundler
Path: file:_C:\Users\Darshana\AppData\Local\Temp\nsfC852.tmp\cpSetup.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Signature Version: AV: 1.263.752.0, AS: 1.263.752.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 13:32:52.445
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanSpy:Win32/SocStealer!rfn&threatid=2147724296&enterprise=0
Name: TrojanSpy:Win32/SocStealer!rfn
ID: 2147724296
Severity: Severe
Category: Trojan Monitoring Software
Path: file:_C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.ba745faa4220e.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.332.0, AS: 1.263.332.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 13:32:52.408
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\ff3840118776bf1765dcf32a7e449a2c\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.332.0, AS: 1.263.332.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 13:19:56.321
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Darshana\AppData\Local\Temp\886423906\ic-0.ba745faa4220e.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Darshana\AppData\Local\Temp\nsfC852.tmp\cpSetup.exe
Signature Version: AV: 1.263.75.0, AS: 1.263.75.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-08 13:08:04.649
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BD74BAC8-4AD7-4D9B-92C8-119D19050F1A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-30 22:07:32.283
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.1813.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-03-30 19:43:37.450
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.1801.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2018-03-30 12:32:14.695
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2018-03-29 17:48:44.118
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.800.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-03-29 17:48:44.118
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.8.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===================================

Date: 2018-03-30 22:07:07.656
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 22:07:07.654
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 22:02:37.857
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 22:02:37.854
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 22:01:30.325
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 22:01:30.322
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 21:57:59.288
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-30 21:57:59.284
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 63%
Total physical RAM: 6059.39 MB
Available physical RAM: 2182.82 MB
Total Virtual: 7019.39 MB
Available Virtual: 2186.5 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:909.07 GB) (Free:830.28 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.34 GB) (Free:2.37 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b58a3f2c-24a7-4517-89ab-2feadddde9df}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
\\?\Volume{97a72501-73ba-450b-9551-4db74e27a4f9}\ () (Fixed) (Total:1.73 GB) (Free:1.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 491AFB52)

Partition: GPT.

==================== End of Addition.txt ============================

That is one old infection, and what's weird is that it creates itself using very old programming schemes back from Windows XP days. This would be a Windows XP exploit... Why it's causing issues on a W10 PC is beyond me, but it's not like it can do all that much damage as long as Windows is patched.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
directx.sys
svchost.com
popen

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

---

Please also download CKScanner by askey127 from here
Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

Please download and run the Google Chrome Software Cleaner.

---

CCleaner Temporary Files Cleaning

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

• Double-click the CCleaner shortcut on the desktop to start the program.
  
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  
• On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).
  

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
*netutils*

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Thx Dr. Jay for your response

Please note Malwarebytes showed 3 Malwares out of which 1 is cleaned and 2 are not as i require those softwares(the same softwares are installed in a different laptop and no problem in performance.

The Logs:::

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/4/17
Scan Time: 10:19 AM
Logfile: malware bytes.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1177
License: Trial

-System Information-
OS: Windows 10
CPU: x86
File System: NTFS
User: DESKTOP-T6ECQPQ\DigiHead

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312400
Time Elapsed: 3 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
PUP.Optional.AshampooRegistryCleaner, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_MARKETPLACE.ICO, Quarantined, [2912], [355157],1.0.1177
HackTool.FilePatch, C:\PROGRAM FILES\EMAIL EXTRACTOR\EMAIL.EXTRACTOR.V.5.6.0.0-PATCH.EXE, No Action By User, [9906], [281135],1.0.1177
HackTool.FilePatch, C:\USERS\DIGIHEAD\DOWNLOADS\HARD DISK SENTINEL PRO 4.71.10 BUILD 8128 BETA MULTILINGUAL + PATCH [SADEEMPC].ZIP, No Action By User, [9906], [281135],1.0.1177

Physical Sector: 0
(No malicious items detected)


(end)





Farbar Service Scanner Version: 27-01-2016
Ran by DigiHead (administrator) on 04-02-2017 at 10:28:34
Running from "C:\Users\DigiHead\Downloads\Programs"
Microsoft Windows 10 Pro  (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****



MiniToolBox by Farbar  Version: 17-06-2016
Ran by DigiHead (administrator) on 04-02-2017 at 10:30:49
Running from "C:\Users\DigiHead\Downloads\Programs"
Microsoft Windows 10 Pro  (X86)
Model: HP Notebook Manufacturer: HP
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek RTL8723BE 802.11 bgn Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-T6ECQPQ
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 94-57-A5-06-DF-F2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 72-77-81-BF-9E-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8723BE 802.11 bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 70-77-81-BF-9E-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::14c:130e:a69c:84df%2(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.108(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, February 3, 2017 12:03:45 PM
   Lease Expires . . . . . . . . . . : Sunday, February 5, 2017 9:48:52 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 40925057
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-E7-53-C8-94-57-A5-06-DF-F2
   DNS Servers . . . . . . . . . . . : 4.2.2.2
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:2871:ccae:1ccb:90cc:d403:396b(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1ccb:90cc:d403:396b%5(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 587202560
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-E7-53-C8-94-57-A5-06-DF-F2
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{0646145C-3A3A-4912-B2BA-6D2F8D95C0F1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  4.2.2.2

Name:    google.com
Addresses:  2404:6800:4009:806::200e
 216.58.203.142


Pinging google.com [216.58.197.46] with 32 bytes of data:
Reply from 216.58.197.46: bytes=32 time=49ms TTL=55
Reply from 216.58.197.46: bytes=32 time=47ms TTL=55

Ping statistics for 216.58.197.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 49ms, Average = 48ms
Server:  b.resolvers.Level3.net
Address:  4.2.2.2

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 206.190.36.45
 98.138.253.109
 98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=283ms TTL=46
Reply from 206.190.36.45: bytes=32 time=278ms TTL=46

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 278ms, Maximum = 283ms, Average = 280ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...94 57 a5 06 df f2 ......Realtek PCIe FE Family Controller
 11...72 77 81 bf 9e 55 ......Microsoft Wi-Fi Direct Virtual Adapter
  2...70 77 81 bf 9e 55 ......Realtek RTL8723BE 802.11 bgn Wi-Fi Adapter
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.108     50
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.108    306
    192.168.1.108  255.255.255.255         On-link     192.168.1.108    306
    192.168.1.255  255.255.255.255         On-link     192.168.1.108    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.108    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.108    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  5    331 2001::/32                On-link
  5    331 2001:0:2871:ccae:1ccb:90cc:d403:396b/128
                                    On-link
  2    306 fe80::/64                On-link
  5    331 fe80::/64                On-link
  2    306 fe80::14c:130e:a69c:84df/128
                                    On-link
  5    331 fe80::1ccb:90cc:d403:396b/128
                                    On-link
  1    331 ff00::/8                 On-link
  2    306 ff00::/8                 On-link
  5    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/04/2017 10:30:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/04/2017 10:28:21 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/04/2017 10:15:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/04/2017 09:55:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.6.1.0, time stamp: 0x57abad48
Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp: 0x58256d13
Exception code: 0xe0434352
Fault offset: 0x000c24c2
Faulting process id: 0x12e4
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (02/04/2017 09:55:50 AM) (Source: .NET Runtime) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileInfo.Delete()
   at ..
(System.String)
   at ..
()
   at .
.
(., System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..
(Boolean, System.String, Boolean, System.String, System.String, Boolean, Int32, Boolean, Boolean, Boolean, Boolean, System.String, ., System.String)
   at ..
(.
)
   at .
.
()

Error: (02/04/2017 09:54:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/03/2017 10:32:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/03/2017 10:32:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.6.1.0, time stamp: 0x57abad48
Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp: 0x58256d13
Exception code: 0xe0434352
Fault offset: 0x000c24c2
Faulting process id: 0x10e0
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (02/03/2017 10:32:19 PM) (Source: .NET Runtime) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileInfo.Delete()
   at ..
(System.String)
   at ..
()
   at .
.
(., System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..
(Boolean, System.String, Boolean, System.String, System.String, Boolean, Int32, Boolean, Boolean, Boolean, Boolean, System.String, ., System.String)
   at ..
(.
)
   at .
.
()

Error: (02/03/2017 06:35:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (02/04/2017 09:51:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/04/2017 09:48:41 AM) (Source: TPM) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (02/03/2017 10:38:56 PM) (Source: DCOM) (User: DESKTOP-T6ECQPQ)
Description: {DC4537C3-CA73-4AC7-9E1D-B2CE27C3A7A6}

Error: (02/03/2017 10:38:56 PM) (Source: DCOM) (User: DESKTOP-T6ECQPQ)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/03/2017 10:38:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/03/2017 10:30:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/03/2017 10:29:59 PM) (Source: TPM) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (02/03/2017 06:36:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (02/04/2017 10:30:09 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a\MFC80U.DLL

Error: (02/04/2017 10:28:21 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a\MFC80U.DLL

Error: (02/04/2017 10:15:15 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a\MFC80U.DLL

Error: (02/04/2017 09:55:52 AM) (Source: Application Error)(User: )
Description: AutoKMS.exe2.6.1.057abad48KERNELBASE.dll10.0.14393.47958256d13e0434352000c24c212e401d27e9e22c2e575C:\Windows\AutoKMS\AutoKMS.exeC:\Windows\System32\KERNELBASE.dll5907a7e1-4f48-44e1-be36-4ea1ba64ca91

Error: (02/04/2017 09:55:50 AM) (Source: .NET Runtime)(User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileInfo.Delete()
   at ..
(System.String)
   at ..
()
   at .
.
(., System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..
(Boolean, System.String, Boolean, System.String, System.String, Boolean, Int32, Boolean, Boolean, Boolean, Boolean, System.String, ., System.String)
   at ..
(.
)
   at .
.
()

Error: (02/04/2017 09:54:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a\MFC80U.DLL

Error: (02/03/2017 10:32:43 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a\MFC80U.DLL

Error: (02/03/2017 10:32:20 PM) (Source: Application Error)(User: )
Description: AutoKMS.exe2.6.1.057abad48KERNELBASE.dll10.0.14393.47958256d13e0434352000c24c210e001d27e3f05f30a1bC:\Windows\AutoKMS\AutoKMS.exeC:\Windows\System32\KERNELBASE.dlldebe19d2-211e-4fa8-bd22-7a94f2c5baf3

Error: (02/03/2017 10:32:19 PM) (Source: .NET Runtime)(User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileInfo.Delete()
   at ..
(System.String)
   at ..
()
   at .
.
(., System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..
(Boolean, System.String, Boolean, System.String, System.String, Boolean, Int32, Boolean, Boolean, Boolean, Boolean, System.String, ., System.String)
   at ..
(.
)
   at .
.
()

Error: (02/03/2017 06:35:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a\MFC80U.DLL


CodeIntegrity Errors:
===================================
  Date: 2016-12-17 13:19:36.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-17 13:19:36.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.


========================= Memory info: ===================================

Percentage of memory in use: 74%
Total physical RAM: 2496.67 MB
Available physical RAM: 640.8 MB
Total Virtual: 10176.67 MB
Available Virtual: 7654.68 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:146 GB) (Free:103.71 GB) NTFS
2 Drive e: () (Fixed) (Total:488.28 GB) (Free:451.57 GB) NTFS
3 Drive f: () (Fixed) (Total:296.75 GB) (Free:237 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-T6ECQPQ

Administrator            DefaultAccount           defaultuser0             
DigiHead                 Guest                    


**** End of log ****

MiniToolBox by Farbar  Version: 17-06-2016
Ran by caty (administrator) on 30-11-2016 at 04:00:04
Running from "C:\Users\caty\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Inspiron N4010 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Atheros AR8152 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : caty-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 1C-65-9D-51-F2-F2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter
   Physical Address. . . . . . . . . : 02-50-F2-00-00-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : domain
   Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
   Physical Address. . . . . . . . . : 1C-65-9D-51-F2-F2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f9b7:a639:17da:9034%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.8(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, November 29, 2016 11:33:42 PM
   Lease Expires . . . . . . . . . . : Wednesday, November 30, 2016 4:33:43 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 219964829
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-20-00-A5-F0-4D-A2-4B-92-D6
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.3.25
                                       205.171.2.25
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : H-DL.TEST
   Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : F0-4D-A2-4B-92-D6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain:

   Connection-specific DNS Suffix  . : domain
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.8%21(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.3.25
                                       205.171.2.25
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{29B74E06-3ED7-4B8F-B259-2B883283706B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.H-DL.TEST:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9A6157AE-242D-4652-8E4B-FFD3FB3A3661}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  modem.domain
Address:  192.168.0.1

Name:    google.com
Addresses:  2607:f8b0:4007:80a::200e
      216.58.216.46


Pinging google.com [216.58.216.46] with 32 bytes of data:
Reply from 216.58.216.46: bytes=32 time=36ms TTL=56
Reply from 216.58.216.46: bytes=32 time=36ms TTL=56

Ping statistics for 216.58.216.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 36ms, Average = 36ms
Server:  modem.domain
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=68ms TTL=52
Reply from 206.190.36.45: bytes=32 time=68ms TTL=52

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 68ms, Maximum = 68ms, Average = 68ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...1c 65 9d 51 f2 f2 ......Microsoft Virtual WiFi Miniport Adapter
 13...02 50 f2 00 00 01 ......Broadcom Virtual Wireless Adapter
 11...1c 65 9d 51 f2 f2 ......DW1501 Wireless-N WLAN Half-Mini Card
 10...f0 4d a2 4b 92 d6 ......Atheros AR8152 PCI-E Fast Ethernet Controller
  1...........................Software Loopback Interface 1
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 43...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.8     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.8    281
      192.168.0.8  255.255.255.255         On-link       192.168.0.8    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.8    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.8    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.8    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 21    286 fe80::5efe:192.168.0.8/128
                                    On-link
 11    281 fe80::f9b7:a639:17da:9034/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/30/2016 03:59:02 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:58:47 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:43:05 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:42:34 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:10:01 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:09:59 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:09:17 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:09:12 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:07:18 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:05:10 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (11/30/2016 03:28:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition.

Error: (11/29/2016 11:39:08 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006

Error: (11/29/2016 11:34:15 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (11/29/2016 11:34:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Log Rotator Service service to connect.

Error: (11/29/2016 11:33:33 PM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (11/29/2016 11:30:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.

Error: (11/29/2016 11:30:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (11/29/2016 11:28:11 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.


Error: (11/29/2016 11:27:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/29/2016 11:27:43 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (11/30/2016 03:59:02 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:58:47 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:43:05 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:42:34 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:10:01 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:09:59 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:09:17 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:09:12 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:07:18 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:05:10 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Click-to-Run 2010Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition1603(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-02-19 20:53:05.235
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:05.125
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:02.853
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:02.743
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:00.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:00.417
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:58.213
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:58.011
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:55.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:55.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 3892.52 MB
Available physical RAM: 1348.71 MB
Total Virtual: 7783.23 MB
Available Virtual: 4359.23 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:206.53 GB) NTFS

========================= Users: ========================================

User accounts for \\CATY-PC

Administrator            caty                     Guest                   


**** End of log ****