Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Gary Posting log [Closed]

Started by nickf33 , Jan 27 2019 11:27 AM

  • This topic is locked This topic is locked

#1
nickf33
Posted 27 January 2019 - 11:27 AM

nickf33

    Member

  • Member
  • PipPipPip
  • 101 posts

Can you tell me site that reads highjackthis  log files?


  • 0

Advertisements

#2
Gary R
Posted 28 January 2019 - 12:30 AM

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

Any particular reason why you want to use HJT rather than some of the other more "up to date" scan tools ?

 

What's the Operating System on the machine you're scanning with HJT ?


  • 0

#3
nickf33
Posted 28 January 2019 - 08:23 AM

nickf33

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts

Thanks for your reply Gary,OS 10 I am unable to uninstall ( browser for cause) and keep getting MS error call this number. Other than that no real problem .(I think)

        To answer your question I'm not up to date so just went to hjt


Edited by nickf33, 28 January 2019 - 08:31 AM.

  • 0

#4
Gary R
Posted 28 January 2019 - 09:41 AM

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

The Trend Micro version of HJT has not been updated for a very long time, and is not really compatible with W10.  There are HJT "spin offs" that are compatible with W10, but many helpers these days prefer to use a different scanner when investigating people's potential malware problems.

 

Here at G2G we tend to use a tool called FRST.  Details of how to download and run a scan with it can be found at ... http://www.geekstogo...ing/#entry12367

 

If you'd care to run a scan with FRST, and post the logs it creates to this topic, I'd be happy to look them over for you.


  • 0

#5
nickf33
Posted 28 January 2019 - 12:15 PM

nickf33

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts

Gary don't know how to paste file


  • 0

#6
nickf33
Posted 28 January 2019 - 12:17 PM

nickf33

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2019
Ran by nickf (28-01-2019 13:10:13)
Running from C:\Users\nickf\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-08-10 22:01:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1349259110-4023977029-1412818528-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1349259110-4023977029-1412818528-503 - Limited - Disabled)
Guest (S-1-5-21-1349259110-4023977029-1412818528-501 - Limited - Disabled)
nickf (S-1-5-21-1349259110-4023977029-1412818528-1002 - Administrator - Enabled) => C:\Users\nickf
WDAGUtilityAccount (S-1-5-21-1349259110-4023977029-1412818528-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon)
Amazon Kindle (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Ashampoo Burning Studio 19 (HKLM-x32\...\{91B33C97-BA3F-5C99-C2A6-0EB17CC9054B}_is1) (Version: 19.0.2 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG)
Audacity 1.3.5 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 3.0.2) (Version: 3.0.2 - Avery Products Corporation)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Bigasoft Total Video Converter 5.0.8.5809 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C6750}_is1) (Version:  - Bigasoft Corporation)
Bigasoft Video Downloader Pro 3.10.5.5799 (HKLM-x32\...\{C7056BA6-D954-42A2-ABBA-AB2E8E777730}_is1) (Version:  - Bigasoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J470DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
BrowseForTheCause (HKLM-x32\...\{9B5462A7-44E9-4E92-A65F-55F6FEE5901A}) (Version: 1.0.0 - BrowseForTheCause)
calibre 64bit (HKLM\...\{332E0E14-41EE-4C18-B366-0CE1609A393A}) (Version: 3.19.0 - Kovid Goyal)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell Update (HKLM-x32\...\{4D3BE820-0FC3-40E7-9252-A94FEA4592CA}) (Version: 1.7.1034.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DiskInternals Address Book Recovery (HKLM-x32\...\DiskInternals Address Book Recovery) (Version: 2.1 - DiskInternals Research)
Duplicate File Finder (HKLM-x32\...\{1041487C-12E6-47FE-B83A-E9891782C8FE}}_is1) (Version: 6.3 - Ashisoft)
Duplicate Photo Finder (HKLM-x32\...\{BD3E81AE-877E-4AFB-BF62-13C32F9DE12D}}_is1) (Version: 1.4.2 - Ashisoft)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.10.228 - Epubor Inc.)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Free Clipboard Viewer 3.0.1.0 (HKLM-x32\...\{FCDB66CF-06A8-46A1-8A5A-C2C4F7FB5223}_is1) (Version: 3.0 - Comfort Software Group)
Freemake Audio Converter version 1.1.4 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.4 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Gmail Notifier (HKLM-x32\...\Gmail Notifier) (Version:  - )
Google Afmelden voor advertentiecookie (HKLM\...\{4CF1FED5-7B95-468F-BB93-CFBA58CFB802}) (Version: 1.0.1.0 - Google Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version:  - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Honeyview (HKLM\...\Honeyview) (Version: 5.25 - Bandisoft.com)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jigsaws Galore Version 7 Free Edition (HKLM-x32\...\Jigsaws Galore 7 Free Edition_is1) (Version:  - Gray Design Associates)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kindle DRM Removal (HKLM-x32\...\KindleDRMRemoval) (Version: 1.4.1 - eBook Converter)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5073.107 - Waves Audio Ltd.) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Picture It! Express 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 2.0 (HKLM-x32\...\{F17B8386-A74A-4E4E-A7DD-435372991E14}) (Version: 2.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 2001 Setup Launcher (HKLM-x32\...\Works2001Setup) (Version:  - )
MiniTool Photo Recovery Free (HKLM-x32\...\MiniTool Photo Recovery Free_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PixBuilder Studio 2.2.0 (HKLM-x32\...\2E349885-5DA2-478A-ABDE-94F0CCDE703A_is1) (Version:  - WnSoft)
Product Registration (HKLM\...\{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RegSeeker (HKLM-x32\...\RegSeeker) (Version: 3.01.3680 - HoverDesk)
Remove Objects From Photo PRO 7.3 (HKLM-x32\...\Remove Objects From Photo PRO_is1) (Version: 7.3 - SoftOrbits)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.5.0.86 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 44.2.55120 - Sonos, Inc.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
SpywareGuard v2.2 (HKLM-x32\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
Stellar Data Recovery (HKLM-x32\...\Stellar Data Recovery_is1) (Version: 8.0.0.0 - Stellar Information Technology Pvt Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Time Adjuster STANDARD 3.1 (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\TimeAdjuster) (Version:  - IrekSoftware.com)
Time Adjuster STANDARD 3.1 (HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\TimeAdjuster) (Version:  - IrekSoftware.com)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Companion (HKLM-x32\...\{bec3aeca-16f2-4545-ae2f-13b880ca7407}) (Version: 4.1.1808.3370 - Lavasoft)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinX HD Video Converter Deluxe 5.0.6 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
Works Suite OS Pack (HKLM-x32\...\{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}) (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (HKLM-x32\...\{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}) (Version: 1.0.0.0000 - Your Company Name) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1349259110-4023977029-1412818528-1002_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2017-09-19] (Bandisoft.com)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-16] (Adobe Systems Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2017-09-19] (Bandisoft.com)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-13] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-16] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers1_S-1-5-21-1349259110-4023977029-1412818528-1002: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2017-09-19] (Bandisoft.com)
ContextMenuHandlers4_S-1-5-21-1349259110-4023977029-1412818528-1002: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2017-09-19] (Bandisoft.com)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09951CED-D62A-4924-ABDD-A7736DE1422D} - System32\Tasks\RocketPC_pp3_1 => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: {11217D7E-721E-4CBD-B346-7F94F732A1EA} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems, Incorporated)
Task: {19E2D4B5-D665-4309-9A05-60055D8056D0} - no filepath
Task: {24B5DBF3-1CB1-40CD-9B6B-3A50E4E1712E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {273A8D7A-D8CC-4409-9064-D1AF20B389AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.)
Task: {2CE9204F-3577-4291-9406-399232B510D1} - System32\Tasks\{00F745AD-DAF6-416A-BD0F-6ED68C489608} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft Picture It! 7\Pip.exe"
Task: {3254D726-8FDC-4895-94D4-A7871D00024D} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-20] (Realtek Semiconductor)
Task: {342B7D46-E86F-4160-ACDD-AE4AA31D1544} - System32\Tasks\RocketPC_period => C:\Program Files (x86)\RocketPC\RocketPC.exe
Task: {34F5E003-6B92-46EC-BFC4-7ACD435B669F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {378958B9-7458-4CCE-B27D-B081593AF140} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {3E3D17D1-8B28-42FB-BE18-454D3132CEF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {4E284690-B1D7-4AC3-B862-429A4684C25A} - System32\Tasks\RocketPC_pp2_3 => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: {58BC7907-52F1-4A02-824D-05F4E580BF1A} - System32\Tasks\RocketPC_pp1 => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {673E742A-99B0-406E-B354-1926CD050602} - System32\Tasks\CMS Application Updater => C:\Program Files (x86)\CMS Products\Updater\CmsUpdater.exe [2009-02-17] (CMS Products, Inc.)
Task: {6EBC24A5-8AFF-4547-9A6E-FD4B003F9680} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {78B3ACEF-6B63-4812-8667-26A4464F0598} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-09] (Adobe Systems Incorporated)
Task: {82A84780-8EAC-438F-8B41-8EADBDE9DA8A} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {9FFF7E84-6B98-4178-90E2-8EF20DEAFC1D} - no filepath
Task: {A4AF16B9-4695-4702-90AE-D9B33EC1D111} - System32\Tasks\{C914D92A-6C98-47BD-A968-10CE0C6B207E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Search Quick Know\uninstaller.exe"
Task: {A6DD17CA-E9B1-42C4-BE26-5541D9FCCF7C} - System32\Tasks\RocketPC_pp2_1 => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: {af23e603-a655-4d0f-b6c0-f82fce1b542a} - no filepath
Task: {BA283383-8F8B-4131-8592-C442CFDC683D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {C0AA7C36-0CAC-4FAC-9332-D6E579A44DDA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {C426491F-9F39-4265-BEDC-C0333442A1F3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-10] (Microsoft Corporation)
Task: {D0370781-DCBF-407D-8832-E29964C09634} - System32\Tasks\PerfMonitor_once => C:\Program Files (x86)\RocketPC\PerformanceMonitor.exe
Task: {D5083954-3C28-4756-ACB9-B8DF3380F8DA} - System32\Tasks\RocketPC_pp2_2 => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: {D7EEB69A-D073-4E95-9B16-0511B91C9FEC} - System32\Tasks\{5C23F3DB-9D51-4406-8229-AFEDF1BEBA08} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft Picture It! 7\pip.exe" -c "C:\Users\nickf\Pictures\old photos\CCI03192016_0022.jpg"
Task: {E3A7E0D4-C7F6-4D1C-938C-1987A039A4C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.)
Task: {EA8D3960-814C-4632-9D28-EA088183FDDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1349259110-4023977029-1412818528-1001Core => C:\Users\nick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.)
Task: {F4CFA3DF-1097-44A9-88E9-8BAA59977FDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1349259110-4023977029-1412818528-1001UA => C:\Users\nick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CMS Application Updater.job => C:\Program Files (x86)\CMS Products\Updater\CmsUpdater.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Dell Product Registration.job => cmd /c sc start Dell Product RegistrationWORKGROUP DESKTOP GEFM3HC
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1349259110-4023977029-1412818528-1001Core.job => C:\Users\nick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1349259110-4023977029-1412818528-1001UA.job => C:\Users\nick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PerfMonitor_once.job => C:\Program Files (x86)\RocketPC\PerformanceMonitor.exe
Task: C:\WINDOWS\Tasks\RocketPC_period.job => C:\Program Files (x86)\RocketPC\RocketPC.exe
Task: C:\WINDOWS\Tasks\RocketPC_pp1.job => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: C:\WINDOWS\Tasks\RocketPC_pp2_1.job => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: C:\WINDOWS\Tasks\RocketPC_pp2_2.job => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: C:\WINDOWS\Tasks\RocketPC_pp2_3.job => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: C:\WINDOWS\Tasks\RocketPC_pp3_1.job => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP GEFM3HC

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\nickf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF ePub DRM Removal\Website.lnk -> hxxp://www.ebook-converter.com
Shortcut: C:\Users\nickf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kindle DRM Removal\Website.lnk -> hxxp://www.ebook-converter.com

==================== Loaded Modules (Whitelisted) ==============

2018-11-10 15:34 - 2018-12-06 19:54 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-10 15:34 - 2018-12-06 19:53 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 ____N () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-13 10:14 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 21:41 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-23 20:03 - 2018-10-23 20:04 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-23 08:02 - 2019-01-23 08:03 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-23 08:02 - 2019-01-23 08:03 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-01-23 08:02 - 2019-01-23 08:03 - 010936320 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-23 08:02 - 2019-01-23 08:03 - 002920960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\skypert.dll
2019-01-23 08:02 - 2019-01-23 08:03 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-12-15 10:09 - 2018-12-15 10:10 - 002384384 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2019-01-23 08:02 - 2019-01-23 08:03 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-26 17:18 - 2018-12-26 17:18 - 000436744 _____ () C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
2019-01-23 08:02 - 2019-01-23 08:02 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-01-23 08:02 - 2019-01-23 08:02 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 07:56 - 2017-12-01 07:56 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 15:28 - 2018-11-28 15:28 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-23 08:02 - 2019-01-23 08:02 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-01-23 08:02 - 2019-01-23 08:02 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2003-08-29 18:05 - 2003-08-29 18:05 - 000360448 _____ () C:\Program Files (x86)\SpywareGuard\sgmain.exe
2003-08-29 11:14 - 2003-08-29 10:14 - 000233472 ____N () C:\Program Files (x86)\SpywareGuard\sgbhp.exe
2019-01-16 13:26 - 2019-01-16 13:26 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-16 13:26 - 2019-01-16 13:26 - 065903104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2019-01-16 13:26 - 2019-01-16 13:26 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-11-09 16:48 - 2018-11-09 16:48 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-20 09:42 - 2017-12-20 09:43 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-11-09 16:48 - 2018-11-09 16:48 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-20 20:23 - 2018-08-20 20:24 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-03-30 08:11 - 2018-03-30 08:12 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-08-20 20:23 - 2018-08-20 20:24 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2019-01-16 13:26 - 2019-01-16 13:26 - 014186496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-11-09 16:48 - 2018-11-09 16:48 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2019-01-16 13:26 - 2019-01-16 13:26 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-29 08:28 - 2018-08-29 08:29 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-27 06:51 - 2018-07-27 06:51 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-16 13:26 - 2019-01-16 13:26 - 000048128 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\ImageDecoding.dll
2019-01-16 13:26 - 2019-01-16 13:26 - 000145920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\SKU.dll
2018-12-18 04:45 - 2018-12-18 04:45 - 001436760 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2015-11-17 19:44 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-01-22 09:42 - 2013-04-05 13:23 - 000954880 ____N () C:\Program Files (x86)\ControlCenter4\BrImgProc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [127]
AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30 [138]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2019-01-23 14:01 - 000002551 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nstac.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Calibre2\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135739816\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740039\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"
HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\StartupApproved\Run: => "099FC959148E6D14593F658FCD3FBEF61FA29792._service_run"
HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\StartupApproved\Run: => "099FC959148E6D14593F658FCD3FBEF61FA29792._service_run"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6838DCC2-6481-4419-B176-FF5A28DD26C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{0DBFF73E-3811-4915-A94D-9889BB2D0895}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{27007C03-E2DA-4F4C-9F7A-0595B311A99C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{BA039003-D9D3-477E-BEC8-2DC0DD692575}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{42849506-B1D9-49D3-A476-E8977257B311}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
FirewallRules: [{70B2329B-CB31-4121-AAD7-B4136C5451AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{53F7FBA8-DE55-456D-8DB0-A21F135DA93C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{FA944109-AE95-4911-A9DD-D77ABC22876F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{591435C0-40F7-400B-B2CC-B1571B14FBB1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{E34F4099-B938-4B9E-A476-952771164FCD}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
FirewallRules: [TCP Query User{DB5CED7B-F271-4BEF-A5EA-2D0E10E60FB8}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Allow) C:\program files (x86)\logitech\logitech vid\vid.exe (Logitech Inc.)
FirewallRules: [UDP Query User{047D803F-388D-421F-A28B-522911CD4B0F}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Allow) C:\program files (x86)\logitech\logitech vid\vid.exe (Logitech Inc.)
FirewallRules: [{23A17B1E-D3C3-405C-A326-1EFE3EF5D473}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc.)
FirewallRules: [{472AD5E8-EBBB-49C0-BD60-F9F9E20C94BB}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc.)
FirewallRules: [{53CFE42B-7D4B-4520-9C58-F321FC39F22D}] => (Allow) LPort=3445
FirewallRules: [{4A79C733-AEFD-4868-A4AF-17A5A996BAE5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

==================== Restore Points =========================

17-01-2019 12:24:01 Windows Update
20-01-2019 19:00:12 Windows Backup
24-01-2019 09:07:10 Windows Update
27-01-2019 21:49:11 Windows Backup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2019 10:53:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5
Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228
Exception code: 0xc000027b
Fault offset: 0x000000000009cad5
Faulting process id: 0x3548
Faulting application start time: 0x01d4b7218d946240
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 4a22ed72-fac3-4405-ae7d-1d0d62270a60
Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg
Faulting package-relative application ID: App

Error: (01/28/2019 09:08:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5
Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228
Exception code: 0xc000027b
Fault offset: 0x000000000009cad5
Faulting process id: 0x3b9c
Faulting application start time: 0x01d4b712d366af40
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 66bcbe9f-fb3e-428f-8cae-95abd5605717
Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg
Faulting package-relative application ID: App

Error: (01/27/2019 10:52:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5
Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228
Exception code: 0xc000027b
Fault offset: 0x000000000009cad5
Faulting process id: 0x1208
Faulting application start time: 0x01d4b6bcd0181636
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: c96e2748-497c-4154-a45f-77a78e3d57bd
Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg
Faulting package-relative application ID: App

Error: (01/27/2019 09:56:58 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Operation did not complete successfully because the file contains a virus or potentially unwanted software. (0x800700E1).

Error: (01/27/2019 09:46:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5
Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228
Exception code: 0xc000027b
Fault offset: 0x000000000009cad5
Faulting process id: 0x37a0
Faulting application start time: 0x01d4b6b39c64ee4d
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 5ea8fe46-6c89-4c76-bd9c-394976d9c09f
Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg
Faulting package-relative application ID: App

Error: (01/27/2019 01:51:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5
Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228
Exception code: 0xc000027b
Fault offset: 0x000000000009cad5
Faulting process id: 0x2f30
Faulting application start time: 0x01d4b67159e12f21
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 2ef94160-129b-4fbc-b117-330cc0b8fc37
Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg
Faulting package-relative application ID: App

Error: (01/27/2019 10:52:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5
Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228
Exception code: 0xc000027b
Fault offset: 0x000000000009cad5
Faulting process id: 0x2f0c
Faulting application start time: 0x01d4b65844a0e575
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 2e07dc13-d269-4b10-9ee2-b4a9b94abe5b
Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg
Faulting package-relative application ID: App

Error: (01/27/2019 07:54:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5
Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228
Exception code: 0xc000027b
Fault offset: 0x000000000009cad5
Faulting process id: 0x1524
Faulting application start time: 0x01d4b63f51143af4
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 7ca57d80-e6a3-42a8-a163-2c88c2a81831
Faulting package full name: 50985RohitRajendran.BlueSkies_10.1.1.0_x64__efx0at0x2fhdg
Faulting package-relative application ID: App


System errors:
=============
Error: (01/28/2019 12:59:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/28/2019 09:07:47 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GEFM3HC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-GEFM3HC\nickf SID (S-1-5-21-1349259110-4023977029-1412818528-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/28/2019 09:07:46 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GEFM3HC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-GEFM3HC\nickf SID (S-1-5-21-1349259110-4023977029-1412818528-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/28/2019 09:07:45 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GEFM3HC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-GEFM3HC\nickf SID (S-1-5-21-1349259110-4023977029-1412818528-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/28/2019 09:07:45 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GEFM3HC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-GEFM3HC\nickf SID (S-1-5-21-1349259110-4023977029-1412818528-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/27/2019 09:47:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/27/2019 11:55:06 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GEFM3HC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-GEFM3HC\nickf SID (S-1-5-21-1349259110-4023977029-1412818528-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/27/2019 11:55:05 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GEFM3HC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-GEFM3HC\nickf SID (S-1-5-21-1349259110-4023977029-1412818528-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-01-27 21:56:53.967
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...94&enterprise=0
Name: HackTool:Win32/Keygen
ID: 2147593794
Severity: High
Category: Tool
Path: file:_\Device\HarddiskVolumeShadowCopy9\Users\nickf\Documents\Adobe.Acrobat.Pro.DC.v2019.010.20064\activation\Keygen.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.285.282.0, AS: 1.285.282.0, NIS: 1.285.282.0
Engine Version: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-01-24 12:15:46.696
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0C3DE0C0-EA5D-430C-B3C0-6F3459AC9210}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-20 19:06:03.410
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...94&enterprise=0
Name: HackTool:Win32/Keygen
ID: 2147593794
Severity: High
Category: Tool
Path: file:_\Device\HarddiskVolumeShadowCopy8\Users\nickf\Documents\Adobe.Acrobat.Pro.DC.v2019.010.20064\activation\Keygen.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.283.3364.0, AS: 1.283.3364.0, NIS: 1.283.3364.0
Engine Version: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-18 20:50:47.760
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D59675D3-BBD7-47C2-BB5B-C48CF5848C28}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-13 20:04:22.807
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...94&enterprise=0
Name: HackTool:Win32/Keygen
ID: 2147593794
Severity: High
Category: Tool
Path: file:_\Device\HarddiskVolumeShadowCopy5\Users\nickf\Documents\Adobe.Acrobat.Pro.DC.v2019.010.20064\activation\Keygen.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.283.2868.0, AS: 1.283.2868.0, NIS: 1.283.2868.0
Engine Version: AM: 1.1.15500.2, NIS: 1.1.15500.2

CodeIntegrity:
===================================

Date: 2019-01-28 09:07:45.735
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-01-28 09:07:45.733
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-01-27 21:48:56.518
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-01-27 21:48:56.516
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-01-27 21:48:56.453
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-01-27 21:48:56.451
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-01-27 21:48:39.569
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-01-27 21:48:39.567
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 50%
Total physical RAM: 8108.93 MB
Available physical RAM: 3984.48 MB
Total Virtual: 8620.93 MB
Available Virtual: 3974.69 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.16 GB) (Free:784.13 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:520.62 GB) (Free:306.48 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:410.77 GB) (Free:332.21 GB) NTFS

\\?\Volume{c118dfee-85f8-43c2-a5e6-03c38c3741bc}\ () (Fixed) (Total:0.86 GB) (Free:0.34 GB) NTFS
\\?\Volume{2b8a4b3d-e5c4-48fd-b046-d2c28965e2f1}\ (Image) (Fixed) (Total:11.88 GB) (Free:0.94 GB) NTFS
\\?\Volume{0c4a631c-02db-454f-b8ee-80dc2be52c3f}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FF15F5B1)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#7
Gary R
Posted 28 January 2019 - 04:15 PM

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

Read step 5 in the topic I linked you to .... http://www.geekstogo...ing/#entry12367... which should explain what you need to do.

 

If your FRST logs are too large, then you can attach them to your next post.

 

With the forum post editor open, click on More Reply Options which will open the full editor version.

 

  • Beneath the editor box you will find a section called Attach Files.
  • Click on the Browse button, and browse to the Frst.txt on your computer.
  • Click on the Attach This File button to attach it.
  • Click on the Browse button again, and this time browse to Addition.txt
  • Click on the Attach This File button to attach it.

Now click on the Submit button to submit your post and the attached files.

 

It's getting late here, so it will probably be tomorrow morning (my time) before I see your reply.


  • 0

#8
Gary R
Posted 28 January 2019 - 04:30 PM

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

OK, that's your Addition.txt log,  FRST should also have created a FRST.txt as well.  I need you to post that for me also.

 

 

I've merged your other topic (where you'd submitted your Addition.txt log) with this one to keep things together.

 

Please post (or attach) your FRST.txt log to this topic, do not open another topic.


  • 0

#9
nickf33
Posted 29 January 2019 - 06:04 PM

nickf33

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts

Gary ,sorry I can't paste FRST


  • 0

#10
Gary R
Posted 29 January 2019 - 11:52 PM

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

If you can't paste it, then attach it, as I explained in my earlier post .... http://www.geekstogo...g/#entry2633291


  • 0

#11
nickf33
Posted 30 January 2019 - 07:44 AM

nickf33

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts

I hope I got it

Attached Files


  • 0

#12
Gary R
Posted 30 January 2019 - 08:35 AM

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

Yes, those are just what I wanted. :)

 

The logs are fairly large, so it will take me a while to got through them both.  I'll post back here as soon as I'm finished.


  • 0

#13
Gary R
Posted 30 January 2019 - 09:37 AM

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

OK, no obvious signs of malware on your machine that I can see.

Your version of Java is out of date ....
 

Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)


... and you should uninstall it, and install the latest version.  Java is frequently exploited, which is why it is essential to use the latest version.

 

https://www.oracle.c...ds-2133155.html

However, most people do not need Java. So if you do not have a specific need for it, then I suggest you just uninstall it. Personally I removed it years ago, and I've yet to come across anything that has required for me to have it installed on my computer.

There are also a few "orphans" and temp files on your computer that you could remove if you wish, but otherwise you look clean.

If you want to remove the items I've just mentioned, please do the following ....
 

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the contents of the box below into it .....
HKU\S-1-5-21-1349259110-4023977029-1412818528-1002\...\Run: [InternetOff] => C:\Program Files (x86)\InternetOff\InternetOff.exe
HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01232019135740251\...\Run: [InternetOff] => C:\Program Files (x86)\InternetOff\InternetOff.exe
HKU\S-1-5-21-1349259110-4023977029-1412818528-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01302019083127468\...\Run: [InternetOff] => C:\Program Files (x86)\InternetOff\InternetOff.exe
2019-01-10 19:37 - 2019-01-10 19:38 - 000000000 ____D C:\Users\nickf\AppData\Roaming\uTorrent
2016-02-07 12:01 - 2014-03-24 17:55 - 000099096 ____N () C:\Users\nick\AppData\Local\Temp\LMkRstPt.exe
2016-01-18 22:43 - 2006-05-24 12:10 - 000455600 ____R (Macrovision Corporation) C:\Users\nick\AppData\Local\Temp\_is3E33.exe
2016-01-22 09:41 - 2006-05-24 12:10 - 000455600 ____R (Macrovision Corporation) C:\Users\nick\AppData\Local\Temp\_is7860.exe
2016-01-22 09:27 - 2006-05-24 12:10 - 000455600 ____N (Macrovision Corporation) C:\Users\nick\AppData\Local\Temp\_isC34E.exe
2016-03-28 10:13 - 2016-04-10 14:17 - 002405520 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\nickf\AppData\Local\Temp\libeay32.dll
2016-03-28 10:13 - 2013-10-04 19:38 - 000970912 _____ (Microsoft Corporation) C:\Users\nickf\AppData\Local\Temp\msvcr120.dll
2016-03-03 04:50 - 2016-04-10 14:17 - 000771136 _____ () C:\Users\nickf\AppData\Local\Temp\sqlite3.dll
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {19E2D4B5-D665-4309-9A05-60055D8056D0} - no filepath
Task: {24B5DBF3-1CB1-40CD-9B6B-3A50E4E1712E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {34F5E003-6B92-46EC-BFC4-7ACD435B669F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {9FFF7E84-6B98-4178-90E2-8EF20DEAFC1D} - no filepath
Task: {af23e603-a655-4d0f-b6c0-f82fce1b542a} - no filepath
Task: {09951CED-D62A-4924-ABDD-A7736DE1422D} - System32\Tasks\RocketPC_pp3_1 => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: {342B7D46-E86F-4160-ACDD-AE4AA31D1544} - System32\Tasks\RocketPC_period => C:\Program Files (x86)\RocketPC\RocketPC.exe
Task: {4E284690-B1D7-4AC3-B862-429A4684C25A} - System32\Tasks\RocketPC_pp2_3 => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: {58BC7907-52F1-4A02-824D-05F4E580BF1A} - System32\Tasks\RocketPC_pp1 => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: {A6DD17CA-E9B1-42C4-BE26-5541D9FCCF7C} - System32\Tasks\RocketPC_pp2_1 => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: {D0370781-DCBF-407D-8832-E29964C09634} - System32\Tasks\PerfMonitor_once => C:\Program Files (x86)\RocketPC\PerformanceMonitor.exe
Task: {D5083954-3C28-4756-ACB9-B8DF3380F8DA} - System32\Tasks\RocketPC_pp2_2 => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: C:\WINDOWS\Tasks\PerfMonitor_once.job => C:\Program Files (x86)\RocketPC\PerformanceMonitor.exe
Task: C:\WINDOWS\Tasks\RocketPC_period.job => C:\Program Files (x86)\RocketPC\RocketPC.exe
Task: C:\WINDOWS\Tasks\RocketPC_pp1.job => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: C:\WINDOWS\Tasks\RocketPC_pp2_1.job => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: C:\WINDOWS\Tasks\RocketPC_pp2_2.job => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: C:\WINDOWS\Tasks\RocketPC_pp2_3.job => C:\Program Files (x86)\RocketPC\RPCEx.exe
Task: C:\WINDOWS\Tasks\RocketPC_pp3_1.job => C:\Program Files (x86)\RocketPC\RPCEx.exe

EmptyTemp:
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

  • 0

#14
Gary R
Posted 03 February 2019 - 02:52 AM

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP