Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019 Ran by nickf (30-01-2019 08:41:09) Running from C:\Users\nickf\Desktop Windows 10 Home Version 1803 17134.523 (X64) (2018-08-10 22:01:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1349259110-4023977029-1412818528-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1349259110-4023977029-1412818528-503 - Limited - Disabled) Guest (S-1-5-21-1349259110-4023977029-1412818528-501 - Limited - Disabled) nickf (S-1-5-21-1349259110-4023977029-1412818528-1002 - Administrator - Enabled) => C:\Users\nickf WDAGUtilityAccount (S-1-5-21-1349259110-4023977029-1412818528-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon) Amazon Kindle (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon) Amazon Kindle (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127468\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon) Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Ashampoo Burning Studio 19 (HKLM-x32\...\{91B33C97-BA3F-5C99-C2A6-0EB17CC9054B}_is1) (Version: 19.0.2 - Ashampoo GmbH & Co. KG) Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG) Audacity 1.3.5 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) Avery Design & Print (HKLM-x32\...\Avery Design & Print 3.0.2) (Version: 3.0.2 - Avery Products Corporation) Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery) Bigasoft Total Video Converter 5.0.8.5809 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C6750}_is1) (Version: - Bigasoft Corporation) Bigasoft Video Downloader Pro 3.10.5.5799 (HKLM-x32\...\{C7056BA6-D954-42A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite MFC-J470DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.) BrowseForTheCause (HKLM-x32\...\{9B5462A7-44E9-4E92-A65F-55F6FEE5901A}) (Version: 1.0.0 - BrowseForTheCause) calibre 64bit (HKLM\...\{332E0E14-41EE-4C18-B366-0CE1609A393A}) (Version: 3.19.0 - Kovid Goyal) Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.) Dell Help & Support (HKLM\...\{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.) Hidden Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.) Dell Update (HKLM-x32\...\{4D3BE820-0FC3-40E7-9252-A94FEA4592CA}) (Version: 1.7.1034.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) DiskInternals Address Book Recovery (HKLM-x32\...\DiskInternals Address Book Recovery) (Version: 2.1 - DiskInternals Research) Duplicate File Finder (HKLM-x32\...\{1041487C-12E6-47FE-B83A-E9891782C8FE}}_is1) (Version: 6.3 - Ashisoft) Duplicate Photo Finder (HKLM-x32\...\{BD3E81AE-877E-4AFB-BF62-13C32F9DE12D}}_is1) (Version: 1.4.2 - Ashisoft) DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.10.228 - Epubor Inc.) FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time) Free Clipboard Viewer 3.0.1.0 (HKLM-x32\...\{FCDB66CF-06A8-46A1-8A5A-C2C4F7FB5223}_is1) (Version: 3.0 - Comfort Software Group) Freemake Audio Converter version 1.1.4 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.4 - Ellora Assets Corporation) Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation) Gmail Notifier (HKLM-x32\...\Gmail Notifier) (Version: - ) Google Afmelden voor advertentiecookie (HKLM\...\{4CF1FED5-7B95-468F-BB93-CFBA58CFB802}) (Version: 1.0.1.0 - Google Inc) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.) Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google) Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version: - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - ) Honeyview (HKLM\...\Honeyview) (Version: 5.25 - Bandisoft.com) Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation) IntelĀ® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Jigsaws Galore Version 7 Free Edition (HKLM-x32\...\Jigsaws Galore 7 Free Edition_is1) (Version: - Gray Design Associates) Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kindle DRM Removal (HKLM-x32\...\KindleDRMRemoval) (Version: 1.4.1 - eBook Converter) Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.) Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.) Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5073.107 - Waves Audio Ltd.) Hidden McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127468\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation) Microsoft Picture It! Express 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual Basic PowerPacks 2.0 (HKLM-x32\...\{F17B8386-A74A-4E4E-A7DD-435372991E14}) (Version: 2.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Works 2001 Setup Launcher (HKLM-x32\...\Works2001Setup) (Version: - ) MiniTool Photo Recovery Free (HKLM-x32\...\MiniTool Photo Recovery Free_is1) (Version: - MiniTool Solution Ltd.) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla) MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) PixBuilder Studio 2.2.0 (HKLM-x32\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version: - WnSoft) Product Registration (HKLM\...\{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) RegSeeker (HKLM-x32\...\RegSeeker) (Version: 3.01.3680 - HoverDesk) Remove Objects From Photo PRO 7.3 (HKLM-x32\...\Remove Objects From Photo PRO_is1) (Version: 7.3 - SoftOrbits) Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.) Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.5.0.86 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 44.2.55120 - Sonos, Inc.) Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.) SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC) SpywareGuard v2.2 (HKLM-x32\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC) Stellar Data Recovery (HKLM-x32\...\Stellar Data Recovery_is1) (Version: 8.0.0.0 - Stellar Information Technology Pvt Ltd.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer) Time Adjuster STANDARD 3.1 (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\TimeAdjuster) (Version: - IrekSoftware.com) Time Adjuster STANDARD 3.1 (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\TimeAdjuster) (Version: - IrekSoftware.com) Time Adjuster STANDARD 3.1 (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127468\...\TimeAdjuster) (Version: - IrekSoftware.com) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Web Companion (HKLM-x32\...\{bec3aeca-16f2-4545-ae2f-13b880ca7407}) (Version: 4.1.1808.3370 - Lavasoft) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinX HD Video Converter Deluxe 5.0.6 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.) Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.) Works Suite OS Pack (HKLM-x32\...\{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}) (Version: 1.0.0.0000 - Microsoft Corporation) Hidden Works Synchronization (HKLM-x32\...\{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}) (Version: 1.0.0.0000 - Your Company Name) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127468_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com) CustomCLSID: HKU\S-1-5-21-1349259110-4023977029-1412818528-1002_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2017-09-19] (Bandisoft.com) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-16] (Adobe Systems Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers4: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2017-09-19] (Bandisoft.com) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-13] (Intel Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-16] (Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd) ContextMenuHandlers1_S-1-5-21-1349259110-4023977029-1412818528-1002: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2017-09-19] (Bandisoft.com) ContextMenuHandlers4_S-1-5-21-1349259110-4023977029-1412818528-1002: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2017-09-19] (Bandisoft.com) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09951CED-D62A-4924-ABDD-A7736DE1422D} - System32\Tasks\RocketPC_pp3_1 => C:\Program Files (x86)\RocketPC\RPCEx.exe Task: {11217D7E-721E-4CBD-B346-7F94F732A1EA} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-fricnick@msn.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems, Incorporated) Task: {19E2D4B5-D665-4309-9A05-60055D8056D0} - no filepath Task: {24B5DBF3-1CB1-40CD-9B6B-3A50E4E1712E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {273A8D7A-D8CC-4409-9064-D1AF20B389AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.) Task: {2CE9204F-3577-4291-9406-399232B510D1} - System32\Tasks\{00F745AD-DAF6-416A-BD0F-6ED68C489608} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft Picture It! 7\Pip.exe" Task: {3254D726-8FDC-4895-94D4-A7871D00024D} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-20] (Realtek Semiconductor) Task: {342B7D46-E86F-4160-ACDD-AE4AA31D1544} - System32\Tasks\RocketPC_period => C:\Program Files (x86)\RocketPC\RocketPC.exe Task: {34F5E003-6B92-46EC-BFC4-7ACD435B669F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {378958B9-7458-4CCE-B27D-B081593AF140} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation) Task: {3E3D17D1-8B28-42FB-BE18-454D3132CEF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated) Task: {4E284690-B1D7-4AC3-B862-429A4684C25A} - System32\Tasks\RocketPC_pp2_3 => C:\Program Files (x86)\RocketPC\RPCEx.exe Task: {58BC7907-52F1-4A02-824D-05F4E580BF1A} - System32\Tasks\RocketPC_pp1 => C:\Program Files (x86)\RocketPC\RPCEx.exe Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] () Task: {673E742A-99B0-406E-B354-1926CD050602} - System32\Tasks\CMS Application Updater => C:\Program Files (x86)\CMS Products\Updater\CmsUpdater.exe [2009-02-17] (CMS Products, Inc.) Task: {6EBC24A5-8AFF-4547-9A6E-FD4B003F9680} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-09] (Adobe Systems Incorporated) Task: {78B3ACEF-6B63-4812-8667-26A4464F0598} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-09] (Adobe Systems Incorporated) Task: {82A84780-8EAC-438F-8B41-8EADBDE9DA8A} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.) Task: {9FFF7E84-6B98-4178-90E2-8EF20DEAFC1D} - no filepath Task: {A4AF16B9-4695-4702-90AE-D9B33EC1D111} - System32\Tasks\{C914D92A-6C98-47BD-A968-10CE0C6B207E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Search Quick Know\uninstaller.exe" Task: {A6DD17CA-E9B1-42C4-BE26-5541D9FCCF7C} - System32\Tasks\RocketPC_pp2_1 => C:\Program Files (x86)\RocketPC\RPCEx.exe Task: {af23e603-a655-4d0f-b6c0-f82fce1b542a} - no filepath Task: {BA283383-8F8B-4131-8592-C442CFDC683D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation) Task: {C0AA7C36-0CAC-4FAC-9332-D6E579A44DDA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation) Task: {C426491F-9F39-4265-BEDC-C0333442A1F3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation) Task: {D0370781-DCBF-407D-8832-E29964C09634} - System32\Tasks\PerfMonitor_once => C:\Program Files (x86)\RocketPC\PerformanceMonitor.exe Task: {D5083954-3C28-4756-ACB9-B8DF3380F8DA} - System32\Tasks\RocketPC_pp2_2 => C:\Program Files (x86)\RocketPC\RPCEx.exe Task: {D7EEB69A-D073-4E95-9B16-0511B91C9FEC} - System32\Tasks\{5C23F3DB-9D51-4406-8229-AFEDF1BEBA08} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft Picture It! 7\pip.exe" -c "C:\Users\nickf\Pictures\old photos\CCI03192016_0022.jpg" Task: {E3A7E0D4-C7F6-4D1C-938C-1987A039A4C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.) Task: {EA8D3960-814C-4632-9D28-EA088183FDDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1349259110-4023977029-1412818528-1001Core => C:\Users\nick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.) Task: {F4CFA3DF-1097-44A9-88E9-8BAA59977FDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1349259110-4023977029-1412818528-1001UA => C:\Users\nick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CMS Application Updater.job => C:\Program Files (x86)\CMS Products\Updater\CmsUpdater.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\Dell Product Registration.job => cmd /c sc start Dell Product RegistrationWORKGROUP DESKTOP GEFM3HC Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1349259110-4023977029-1412818528-1001Core.job => C:\Users\nick\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1349259110-4023977029-1412818528-1001UA.job => C:\Users\nick\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\PerfMonitor_once.job => C:\Program Files (x86)\RocketPC\PerformanceMonitor.exe Task: C:\WINDOWS\Tasks\RocketPC_period.job => C:\Program Files (x86)\RocketPC\RocketPC.exe Task: C:\WINDOWS\Tasks\RocketPC_pp1.job => C:\Program Files (x86)\RocketPC\RPCEx.exe Task: C:\WINDOWS\Tasks\RocketPC_pp2_1.job => C:\Program Files (x86)\RocketPC\RPCEx.exe Task: C:\WINDOWS\Tasks\RocketPC_pp2_2.job => C:\Program Files (x86)\RocketPC\RPCEx.exe Task: C:\WINDOWS\Tasks\RocketPC_pp2_3.job => C:\Program Files (x86)\RocketPC\RPCEx.exe Task: C:\WINDOWS\Tasks\RocketPC_pp3_1.job => C:\Program Files (x86)\RocketPC\RPCEx.exe Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP GEFM3HC ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\nickf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF ePub DRM Removal\Website.lnk -> hxxp://www.ebook-converter.com Shortcut: C:\Users\nickf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kindle DRM Removal\Website.lnk -> hxxp://www.ebook-converter.com ==================== Loaded Modules (Whitelisted) ============== 2018-11-10 15:34 - 2018-12-06 19:54 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-11-10 15:34 - 2018-12-06 19:53 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 ____N () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-13 10:14 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2019-01-09 21:41 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-10-23 20:03 - 2018-10-23 20:04 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll 2019-01-23 08:02 - 2019-01-23 08:03 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll 2019-01-23 08:02 - 2019-01-23 08:03 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll 2019-01-23 08:02 - 2019-01-23 08:03 - 010936320 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\LibWrapper.dll 2019-01-23 08:02 - 2019-01-23 08:03 - 002920960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\skypert.dll 2019-01-23 08:02 - 2019-01-23 08:03 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-12-15 10:09 - 2018-12-15 10:10 - 002384384 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll 2019-01-23 08:02 - 2019-01-23 08:03 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 2018-12-26 17:18 - 2018-12-26 17:18 - 000436744 _____ () C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe 2019-01-23 08:02 - 2019-01-23 08:02 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe 2019-01-23 08:02 - 2019-01-23 08:02 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll 2017-12-01 07:56 - 2017-12-01 07:56 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll 2018-11-28 15:28 - 2018-11-28 15:28 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-01-23 08:02 - 2019-01-23 08:02 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll 2019-01-23 08:02 - 2019-01-23 08:02 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll 2003-08-29 18:05 - 2003-08-29 18:05 - 000360448 _____ () C:\Program Files (x86)\SpywareGuard\sgmain.exe 2003-08-29 11:14 - 2003-08-29 10:14 - 000233472 ____N () C:\Program Files (x86)\SpywareGuard\sgbhp.exe 2019-01-16 13:26 - 2019-01-16 13:26 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2019-01-16 13:26 - 2019-01-16 13:26 - 065903104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2019-01-16 13:26 - 2019-01-16 13:26 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2018-11-09 16:48 - 2018-11-09 16:48 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2017-12-20 09:42 - 2017-12-20 09:43 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2018-11-09 16:48 - 2018-11-09 16:48 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll 2018-08-20 20:23 - 2018-08-20 20:24 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_core320.dll 2018-03-30 08:11 - 2018-03-30 08:12 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2018-08-20 20:23 - 2018-08-20 20:24 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll 2019-01-16 13:26 - 2019-01-16 13:26 - 014186496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2018-11-09 16:48 - 2018-11-09 16:48 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2019-01-16 13:26 - 2019-01-16 13:26 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-08-29 08:28 - 2018-08-29 08:29 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-07-27 06:51 - 2018-07-27 06:51 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-01-16 13:26 - 2019-01-16 13:26 - 000048128 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\ImageDecoding.dll 2019-01-16 13:26 - 2019-01-16 13:26 - 000145920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\SKU.dll 2018-12-18 04:45 - 2018-12-18 04:45 - 001436760 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll 2015-11-17 19:44 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2016-01-22 09:42 - 2013-04-05 13:23 - 000954880 ____N () C:\Program Files (x86)\ControlCenter4\BrImgProc.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [127] AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30 [138] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127468\...\localhost -> localhost ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 06:04 - 2019-01-23 14:01 - 000002551 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 choice.microsoft.com 0.0.0.0 choice.microsoft.com.nstac.net 0.0.0.0 df.telemetry.microsoft.com 0.0.0.0 oca.telemetry.microsoft.com 0.0.0.0 oca.telemetry.microsoft.com.nsatc.net 0.0.0.0 redir.metaservices.microsoft.com 0.0.0.0 reports.wes.df.telemetry.microsoft.com 0.0.0.0 services.wes.df.telemetry.microsoft.com 0.0.0.0 settings-sandbox.data.microsoft.com 0.0.0.0 settings-win.data.microsoft.com 0.0.0.0 sqm.df.telemetry.microsoft.com 0.0.0.0 sqm.telemetry.microsoft.com 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 0.0.0.0 telecommand.telemetry.microsoft.com 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 0.0.0.0 telemetry.appex.bing.net 0.0.0.0 telemetry.microsoft.com 0.0.0.0 telemetry.urs.microsoft.com 0.0.0.0 vortex-sandbox.data.microsoft.com 0.0.0.0 vortex-win.data.microsoft.com 0.0.0.0 vortex.data.microsoft.com 0.0.0.0 watson.telemetry.microsoft.com 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 0.0.0.0 watson.ppe.telemetry.microsoft.com 0.0.0.0 wes.df.telemetry.microsoft.com 0.0.0.0 vortex-bn2.metron.live.com.nsatc.net 0.0.0.0 vortex-cy2.metron.live.com.nsatc.net 0.0.0.0 watson.live.com 0.0.0.0 watson.microsoft.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Calibre2\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135739816\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127049\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740039\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127273\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127468\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "WavesSvc" HKLM\...\StartupApproved\Run32: => "IndexSearch" HKLM\...\StartupApproved\Run32: => "PaperPort PTD" HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller" HKLM\...\StartupApproved\Run32: => "PDFHook" HKLM\...\StartupApproved\Run32: => "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\StartupApproved\Run: => "099FC959148E6D14593F658FCD3FBEF61FA29792._service_run" HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\StartupApproved\Run: => "099FC959148E6D14593F658FCD3FBEF61FA29792._service_run" HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127468\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127468\...\StartupApproved\Run: => "099FC959148E6D14593F658FCD3FBEF61FA29792._service_run" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6838DCC2-6481-4419-B176-FF5A28DD26C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{0DBFF73E-3811-4915-A94D-9889BB2D0895}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [UDP Query User{27007C03-E2DA-4F4C-9F7A-0595B311A99C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation) FirewallRules: [TCP Query User{BA039003-D9D3-477E-BEC8-2DC0DD692575}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{42849506-B1D9-49D3-A476-E8977257B311}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) FirewallRules: [{70B2329B-CB31-4121-AAD7-B4136C5451AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{53F7FBA8-DE55-456D-8DB0-A21F135DA93C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{FA944109-AE95-4911-A9DD-D77ABC22876F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{591435C0-40F7-400B-B2CC-B1571B14FBB1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{E34F4099-B938-4B9E-A476-952771164FCD}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) FirewallRules: [TCP Query User{DB5CED7B-F271-4BEF-A5EA-2D0E10E60FB8}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Allow) C:\program files (x86)\logitech\logitech vid\vid.exe (Logitech Inc.) FirewallRules: [UDP Query User{047D803F-388D-421F-A28B-522911CD4B0F}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Allow) C:\program files (x86)\logitech\logitech vid\vid.exe (Logitech Inc.) FirewallRules: [{23A17B1E-D3C3-405C-A326-1EFE3EF5D473}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc.) FirewallRules: [{472AD5E8-EBBB-49C0-BD60-F9F9E20C94BB}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc.) FirewallRules: [{53CFE42B-7D4B-4520-9C58-F321FC39F22D}] => (Allow) LPort=3445 FirewallRules: [{4A79C733-AEFD-4868-A4AF-17A5A996BAE5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ==================== Restore Points ========================= 17-01-2019 12:24:01 Windows Update 20-01-2019 19:00:12 Windows Backup 24-01-2019 09:07:10 Windows Update 27-01-2019 21:49:11 Windows Backup ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/30/2019 08:30:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5 Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228 Exception code: 0xc000027b Fault offset: 0x000000000009cad5 Faulting process id: 0x3734 Faulting application start time: 0x01d4b89ff2b844f8 Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: 5e49dc71-cce3-4614-b623-2e4dddc91c7d Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg Faulting package-relative application ID: App Error: (01/29/2019 10:53:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5 Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228 Exception code: 0xc000027b Fault offset: 0x000000000009cad5 Faulting process id: 0xea0 Faulting application start time: 0x01d4b84f6439af76 Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: f89bead1-33a8-48ef-9a7e-6bcfd2cfdfc0 Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg Faulting package-relative application ID: App Error: (01/29/2019 07:53:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5 Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228 Exception code: 0xc000027b Fault offset: 0x000000000009cad5 Faulting process id: 0x3070 Faulting application start time: 0x01d4b83623a3370d Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: e26b0f55-68fb-4d19-95c7-58387be6bba6 Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg Faulting package-relative application ID: App Error: (01/29/2019 04:51:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5 Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228 Exception code: 0xc000027b Fault offset: 0x000000000009cad5 Faulting process id: 0x330c Faulting application start time: 0x01d4b81cca5de9cc Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: 84c199de-c055-46f5-831c-cbba8450a58d Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg Faulting package-relative application ID: App Error: (01/29/2019 03:35:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5 Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228 Exception code: 0xc000027b Fault offset: 0x000000000009cad5 Faulting process id: 0x2fe4 Faulting application start time: 0x01d4b81216c35a7b Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: 9c584f20-59a1-478f-9ce4-dda3d94228fd Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg Faulting package-relative application ID: App Error: (01/29/2019 07:53:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5 Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228 Exception code: 0xc000027b Fault offset: 0x000000000009cad5 Faulting process id: 0x340 Faulting application start time: 0x01d4b7d18b933879 Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: d62a4640-4e88-496d-a29a-c1b691a5e39c Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg Faulting package-relative application ID: App Error: (01/29/2019 07:47:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5 Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228 Exception code: 0xc000027b Fault offset: 0x000000000009cad5 Faulting process id: 0x2568 Faulting application start time: 0x01d4b7d0c0cb1e3b Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: ce4c0258-bf81-4766-9c3a-4a7e39efc73d Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg Faulting package-relative application ID: App Error: (01/29/2019 03:41:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5 Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228 Exception code: 0xc000027b Fault offset: 0x000000000009cad5 Faulting process id: 0x2470 Faulting application start time: 0x01d4b7ae5a8a5ce9 Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: 2c6b77c1-d3a2-46e3-9c2b-1cb4886a57ce Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg Faulting package-relative application ID: App System errors: ============= Error: (01/29/2019 10:02:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/29/2019 07:49:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/29/2019 03:35:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GEFM3HC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-GEFM3HC\nickf SID (S-1-5-21-1349259110-4023977029-1412818528-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/29/2019 03:35:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GEFM3HC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-GEFM3HC\nickf SID (S-1-5-21-1349259110-4023977029-1412818528-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/29/2019 03:35:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GEFM3HC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-GEFM3HC\nickf SID (S-1-5-21-1349259110-4023977029-1412818528-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/29/2019 03:35:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GEFM3HC) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-GEFM3HC\nickf SID (S-1-5-21-1349259110-4023977029-1412818528-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/28/2019 07:12:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/28/2019 07:08:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2019-01-27 21:56:53.967 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: High Category: Tool Path: file:_\Device\HarddiskVolumeShadowCopy9\Users\nickf\Documents\Adobe.Acrobat.Pro.DC.v2019.010.20064\activation\Keygen.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\svchost.exe Signature Version: AV: 1.285.282.0, AS: 1.285.282.0, NIS: 1.285.282.0 Engine Version: AM: 1.1.15600.4, NIS: 1.1.15600.4 Date: 2019-01-24 12:15:46.696 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {0C3DE0C0-EA5D-430C-B3C0-6F3459AC9210} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-01-20 19:06:03.410 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: High Category: Tool Path: file:_\Device\HarddiskVolumeShadowCopy8\Users\nickf\Documents\Adobe.Acrobat.Pro.DC.v2019.010.20064\activation\Keygen.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\svchost.exe Signature Version: AV: 1.283.3364.0, AS: 1.283.3364.0, NIS: 1.283.3364.0 Engine Version: AM: 1.1.15500.2, NIS: 1.1.15500.2 Date: 2019-01-18 20:50:47.760 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {D59675D3-BBD7-47C2-BB5B-C48CF5848C28} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-01-13 20:04:22.807 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: High Category: Tool Path: file:_\Device\HarddiskVolumeShadowCopy5\Users\nickf\Documents\Adobe.Acrobat.Pro.DC.v2019.010.20064\activation\Keygen.exe Detection Origin: Unknown Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\svchost.exe Signature Version: AV: 1.283.2868.0, AS: 1.283.2868.0, NIS: 1.283.2868.0 Engine Version: AM: 1.1.15500.2, NIS: 1.1.15500.2 CodeIntegrity: =================================== Date: 2019-01-30 08:31:30.835 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. Date: 2019-01-30 08:31:30.833 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. Date: 2019-01-29 19:32:09.058 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-29 19:32:09.053 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-29 19:32:09.048 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-29 19:02:04.000 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. Date: 2019-01-29 19:02:03.998 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. Date: 2019-01-29 19:02:03.880 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz Percentage of memory in use: 56% Total physical RAM: 8108.93 MB Available physical RAM: 3532.01 MB Total Virtual: 8620.93 MB Available Virtual: 3325.29 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.16 GB) (Free:783.23 GB) NTFS Drive e: (New Volume) (Fixed) (Total:520.62 GB) (Free:306.48 GB) NTFS Drive f: (New Volume) (Fixed) (Total:410.77 GB) (Free:332.21 GB) NTFS \\?\Volume{c118dfee-85f8-43c2-a5e6-03c38c3741bc}\ () (Fixed) (Total:0.86 GB) (Free:0.34 GB) NTFS \\?\Volume{2b8a4b3d-e5c4-48fd-b046-d2c28965e2f1}\ (Image) (Fixed) (Total:11.88 GB) (Free:0.94 GB) NTFS \\?\Volume{0c4a631c-02db-454f-b8ee-80dc2be52c3f}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: FF15F5B1) Partition: GPT. ======================================================== Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================