1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Windows Defender Security Centre question

Discussion in 'General Security' started by dougglos, Jul 19, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,137
    First Name:
    Douglas
    In the Windows Defender screen, under "Security at a Glance", I have five items indicating that "No action is Required", but can someone please explain what the other item means when it shows "Your virus and threat protection is managed by your organisation?" I am puzzled as to its meaning and would be grateful if anyone can help me understand this.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    That normally means that you have a 3rd party AV and are not using defender as only AV

    what AV do you have installed
     
  3. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,137
    First Name:
    Douglas
    If I go to Control Panel and look under Security & Maintenance, it reads "Virus protection - Windows Defender is turned off and is currently being managed by your system administrator". If I try to click on "Turn on now", it has no effect, it being greyed out. I do not know how to check whether I have some other method installed.
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    I have sent a message to Macboatmaster to help you. I think this might be related to the long, long, long thread you had going about updates.
     
  5. Macboatmaster

    Macboatmaster Trusted Advisor Spam Fighter

    Joined:
    Jan 14, 2010
    Messages:
    23,298
    I think it may be the best approach if the tools used by our colleague in his examination of - infection possibility were removed first
    I so sent a message to JSntgRvr
    but it appears he has not been online since the message last Sunday
    Could you assist in that regard
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    I wouldn't worry about uninstalling any tools used at this time. However looking back quickly at the multitude of logs in that thread, it looks like there is a Windows defender restriction set by something and I can't see anything having removed it.

    Lets start again with frst
    You should have it on the computer still, but just in case you have removed it, I will post the full instructions. BUT if it is still on the computer just run it as administrator as you did before, make sure to enable addition.txt in the extra settings section as well

    Post both logs back here


    Please download Farbar Recovery Scan Tool and save it to your Desktop or downloads folder.

    Note: You need to download and run the 64 bit version

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory/folder/place as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,346
    First Name:
    Karen
    At the beginning of the other thread there was evidence in the Speccy report that AVG was the resident a/v and WD was disabled. However, I thought they did a full reinstallation of Windows at the end of that thread so AVG wouldn't survive that.
     
  8. Macboatmaster

    Macboatmaster Trusted Advisor Spam Fighter

    Joined:
    Jan 14, 2010
    Messages:
    23,298
    A repair install of windows 10 was carried out under my guidance by using the ISO and from within windows 10 - clicking setup
    This leaves all apps and programs intact
    However may I refer to post 14 on the original topic
    Before I even joined the topic AVG was uninstalled and the AVG uninstaller was used.

    Malwarebytes was used by JSntgRvr - I think, and I found that on the list of apps, as programs and features on 10 are no longer used to uninstall apps, it is done through settings

    It was uninstalled from there.

    This is partially my error although I did of course run rather a long topic.
    I should have checked the Defender was working.
    Subject to what is found now after post 6 I suggest a uninstall of malwarebytes using their uninstaller

    To make it easier post 260 refers to installed apps.

    The repair install of 10 leaves the registry entries for existing apps still in place
     
  9. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,137
    First Name:
    Douglas
    FRST.txt duly pasted here:-

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
    Ran by Douglas (20-07-2018 20:29:42)
    Running from C:\Users\Douglas\Downloads
    Windows 10 Home Version 1803 17134.167 (X64) (2018-07-14 22:31:45)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    Administrator (S-1-5-21-1071689139-868899152-4079591715-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1071689139-868899152-4079591715-503 - Limited - Disabled)
    Douglas (S-1-5-21-1071689139-868899152-4079591715-1001 - Administrator - Enabled) => C:\Users\Douglas
    Guest (S-1-5-21-1071689139-868899152-4079591715-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-1071689139-868899152-4079591715-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    8GadgetPack (HKLM-x32\...\{A6ED7695-0EDF-47C6-BD79-669FA92C6E78}) (Version: 26.0.0 - 8GadgetPack.net)
    abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.08.2003 - Acer Incorporated)
    abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
    Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}) (Version: 22.5.12510 - Acronis) Hidden
    Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}Visible) (Version: 22.5.12510 - Acronis)
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6329.01 - CyberLink Corp.)
    Free Chess version 2.0.4 (HKLM-x32\...\FreeChess_is1) (Version: 2.0.4 - Jorge Pardo Serrano)
    Gmail Notifier (HKLM-x32\...\Gmail Notifier) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
    Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version: - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{7FADF1ED-241A-4F82-B8FD-19BD0A82FFA0}) (Version: 19.11.1639.0649 - Intel Corporation)
    IntelĀ® PROSet/Wireless Software (HKLM-x32\...\{544ecb18-5d76-44bb-ac33-8d06719e39e7}) (Version: 19.20.0 - Intel Corporation)
    Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
    Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
    Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7954 - Realtek Semiconductor Corp.)
    Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
    RogueKiller version 12.12.24.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.24.0 - Adlice Software)
    SeaTools for Windows 1.4.0.6 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.6 - Seagate Technology)
    Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
    Startup Sound Changer (HKLM-x32\...\Startup Sound Changer) (Version: 1.0 - hxxp://winreview.ru/)
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
    Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
    Wise Auto Shutdown 1.7.2 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.7.2 - WiseCleaner.com, Inc.)
    WPS Office (10.2.0.7439) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.7439 - Kingsoft Corp.)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Douglas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
    CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Douglas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
    CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
    ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
    ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
    ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
    ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d839b083f4352477\igfxDTCM.dll [2017-08-08] (Intel Corporation)
    ContextMenuHandlers1_S-1-5-21-1071689139-868899152-4079591715-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {03CC8827-5428-4F4C-B547-E058BF24099C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-12] (Google Inc.)
    Task: {1935F3F8-BEE3-40C5-82F0-75624FAD9DD7} - System32\Tasks\WpsUpdateTask_Douglas => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\wtoolex\wpsupdate.exe [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
    Task: {24F5E931-4DA1-42F9-8920-AC9DCBA30BE5} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-09-19] (Acer Incorporated)
    Task: {31887983-A835-4D5A-B455-0AFD709813BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-12] (Google Inc.)
    Task: {536C0D1A-93CD-4820-8FA1-65844404D4F4} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [2015-05-14] ()
    Task: {548553D6-9F5C-4651-B638-BAD1D8EE9AEC} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-03-20] (Acer Incorporated)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
    Task: {79B90344-94ED-46D2-BF20-96241E615AD8} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-25] (AVG Technologies CZ, s.r.o.)
    Task: {8D9C2C66-34E5-4E56-9BEC-E86BCBC4A65F} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
    Task: {C48B9F12-8AF9-482D-A78F-929E5BB1B9D7} - System32\Tasks\WpsExternal_Douglas_20180531173733 => C:\Program Files (x86)\Kingsoft\Kingsoft Office\ksolaunch.exe [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
    Task: {F84BF63E-A9D7-4DE2-8153-9F54A9241934} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)
    ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
    ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Netflix app.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agjklhbcklaggfamomeeagcdkglffngn
    ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
    ==================== Loaded Modules (Whitelisted) ==============
    2018-04-03 09:07 - 2018-04-03 09:07 - 001218920 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    2018-06-20 23:05 - 2018-06-20 23:05 - 006096688 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 005825576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
    2017-02-15 13:30 - 2016-05-16 12:02 - 000111320 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
    2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-07-15 00:04 - 2018-07-06 07:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 007003048 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    2018-07-15 00:17 - 2018-07-15 00:17 - 000199168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
    2018-07-15 00:17 - 2018-07-15 00:17 - 002449952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-07-15 00:17 - 2018-07-15 00:17 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
    2018-06-25 21:35 - 2018-06-22 20:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
    2018-06-25 21:35 - 2018-06-22 20:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
    2018-06-18 22:42 - 2018-06-18 22:42 - 003490136 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
    2018-06-18 22:41 - 2018-06-18 22:41 - 001334488 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
    2018-06-18 22:37 - 2018-06-18 22:37 - 022782256 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
    2018-06-18 19:47 - 2018-06-18 19:47 - 000414936 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
    2018-04-03 08:40 - 2018-04-03 08:40 - 000136736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 000255008 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 000277538 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 002386352 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\xerces_c.dll
    2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
    2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
    2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
    2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
    2018-07-14 23:21 - 2018-07-14 23:21 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
    2017-03-20 14:24 - 2017-03-20 14:24 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
    2017-03-20 14:21 - 2017-03-20 14:21 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
    2016-09-14 21:25 - 2016-09-14 21:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
    2018-04-03 08:40 - 2018-04-03 08:40 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1071689139-868899152-4079591715-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Douglas\Documents\A DESKTOP - Old Town at Night.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
    HKLM\...\StartupApproved\Run: => "AVGUI.exe"
    HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
    HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
    HKLM\...\StartupApproved\Run32: => "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"
    HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\StartupFolder: => "Sidebar139.lnk"
    HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\Run: => "DeskCalc"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{BD832581-3AA0-47E1-AC88-02F528998F63}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{2F4820FD-99B6-4663-A753-89A8305FC31D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{C086D55F-7B4F-4784-A5FC-6C3CCDD475A3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{386085D1-E92E-48BF-A643-2E0CF9BF5F47}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
    FirewallRules: [{FA66D84C-6076-426E-83B7-6F4D45F3FAE4}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe
    FirewallRules: [{934073E5-91C6-4FD6-8871-95528EFE4A04}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
    FirewallRules: [{99E07FE0-1755-4D0A-956A-C968098595D3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
    FirewallRules: [{A87EF652-8FD0-45A3-83A8-EB1BCE5C90FD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
    FirewallRules: [{E52CEDFE-C384-4610-B9B6-2F09C7E811A1}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
    FirewallRules: [{278BFF8B-D2AC-47F3-8C40-DD9128201A21}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
    FirewallRules: [{543639D8-AA6A-4BFC-A92B-870AF55E841E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
    FirewallRules: [{FA2FDCFD-6CBA-4963-BFA7-5BBB29867F10}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
    FirewallRules: [{31432273-7E29-4AB5-B0D6-18743B2911EB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    FirewallRules: [{9E8A2853-C7E6-447A-AE35-801274EB29FD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
    FirewallRules: [{31359C43-D8BE-47FA-9238-D4EA60F1B102}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
    FirewallRules: [{20099A4A-5A34-4C60-9015-4EB4DDDE98D7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    FirewallRules: [{C8049A26-7718-46D0-B6FC-87D2C79B35ED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{7040FA0B-8E05-4E96-95AB-C6ED8C7ECF93}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{909B687C-0980-4E61-8917-42AD3B2023DE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{2E633F74-53C6-46A5-BBBA-DABB7F502497}] => (Allow) C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\wpscloudsvr.exe
    FirewallRules: [{E22792C7-02C9-4EB5-A479-BC9C97BAE11E}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
    FirewallRules: [{25DCBAB1-26FC-4ADF-9781-6228FEF5EB68}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
    FirewallRules: [{EEB2E776-425B-4BFD-B5D8-A73E452E6D58}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
    FirewallRules: [{13B5332D-5FCD-4C6B-B3B6-330DBEF4EE36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E31A295E-0379-48FA-A664-D93FCC0B6515}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A69693CF-21CA-41DC-ABAD-5334B53E2484}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{CD64B198-4901-4EA9-BF71-353DE5BB69C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0CE16C68-903E-46A2-935F-99F7B217BCD9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{60BD16C3-67AE-49BE-BAA2-7E242F4CC02E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{386CF555-A13F-4365-A076-EE39000466D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{4BFFEC22-2CDF-470D-B427-CB83E4455330}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{6105F125-EE5E-4659-938F-1B07DA9E7629}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{219B9693-C6CB-49A4-A6B5-3D8DDFFB2A42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3A22A60A-5583-438E-81F9-AF12A05F3A7B}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{42139FB3-7C6E-49A8-BCEC-A6EE53157F2D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{23F3E70C-9FE4-46BF-80DD-F729F10D7E3F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{E79DF124-BFEB-4E5B-A77D-BC9FEBB5BDA3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{237E61BA-3856-4268-898B-7CA6A6E8C9CA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{21153F1A-94DF-4769-88BE-9AF6EBCA8DF9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{742F90A3-1952-4FA1-B408-E87C4B7D9E54}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
    FirewallRules: [{08B2672A-5F23-4F12-B815-0917759ABF27}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
    FirewallRules: [{0C46E5F1-C71D-4640-9B48-7DC0F69D56DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{AAA37A0B-9CA5-4636-8514-D820672B7C29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{7EE54433-2A7A-4B30-BDE9-C29496951135}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{6DB42FA5-AAA9-43AE-BA03-2B100951B36D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{D8329CCB-9C2D-40C1-8FB5-175692DB75A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{05C3CBD5-FA4D-4B6B-8B61-EE626058F39F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{4471E955-8F5D-4204-96C2-1E7949C5DEE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{86BA0809-A5FE-4956-8BAB-8CC1ACA0DE64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{923E347B-2ED7-42DF-8900-95FA59D11469}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{5A85B9CD-73BC-49B0-AA3E-C09082DDCF87}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    ==================== Restore Points =========================
    15-07-2018 00:02:57 Windows Update
    15-07-2018 00:50:20 Sunday 15/07 at 0050 hours.
    16-07-2018 17:15:59 Monday 16/7 at 1715 hours
    18-07-2018 23:13:59 Removed BlueStacks App Player
    19-07-2018 00:36:30 Restore Operation
    ==================== Faulty Device Manager Devices =============
    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (07/19/2018 10:08:30 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
    Error: (07/19/2018 10:08:25 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
    Error: (07/19/2018 09:51:57 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .

    Error: (07/19/2018 09:51:54 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
    Error: (07/19/2018 09:51:35 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: Foresight.Common.InstallerTools.BrowserUtility: System.DllNotFoundException: Unable to load DLL 'SQLite.Interop.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
    at System.Data.SQLite.UnsafeNativeMethods.sqlite3_config_none(SQLiteConfigOpsEnum op)
    at System.Data.SQLite.SQLite3.StaticIsInitialized()
    at System.Data.SQLite.SQLiteLog.Initialize()
    at System.Data.SQLite.SQLiteConnection..ctor(String connectionString, Boolean parseViaFramework)
    at Foresight.Common.InstallerTools.BrowserUtility.ExtractLastUsedDateFromFirefox(DateTime lastUsedDate)
    Error: (07/19/2018 09:51:32 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
    Error: (07/19/2018 09:51:24 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
    Error: (07/19/2018 09:50:42 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
    System errors:
    =============
    Error: (07/20/2018 08:18:47 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 08:18:02 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 05:32:27 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 04:56:29 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 12:02:41 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 12:00:31 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 11:59:26 AM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 09:59:50 AM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz
    Percentage of memory in use: 43%
    Total physical RAM: 8110.58 MB
    Available physical RAM: 4545.88 MB
    Total Virtual: 9390.58 MB
    Available Virtual: 5608.41 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:930.91 GB) (Free:700.26 GB) NTFS
    Drive d: (TOSHIBA EXTERNAL) (Fixed) (Total:931.51 GB) (Free:691.44 GB) NTFS
    \\?\Volume{2cdc363e-6637-4c77-a179-178ee2b3ba1d}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
    \\?\Volume{9ebf5b30-efb5-4be5-b5c7-379e91292356}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: FB0AD6B7)
    Partition: GPT.
    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: CD586524)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================

    Now looking for the Addition.txt see below:-
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
    Ran by Douglas (20-07-2018 20:29:42)
    Running from C:\Users\Douglas\Downloads
    Windows 10 Home Version 1803 17134.167 (X64) (2018-07-14 22:31:45)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    Administrator (S-1-5-21-1071689139-868899152-4079591715-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1071689139-868899152-4079591715-503 - Limited - Disabled)
    Douglas (S-1-5-21-1071689139-868899152-4079591715-1001 - Administrator - Enabled) => C:\Users\Douglas
    Guest (S-1-5-21-1071689139-868899152-4079591715-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-1071689139-868899152-4079591715-504 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    8GadgetPack (HKLM-x32\...\{A6ED7695-0EDF-47C6-BD79-669FA92C6E78}) (Version: 26.0.0 - 8GadgetPack.net)
    abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.08.2003 - Acer Incorporated)
    abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
    Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}) (Version: 22.5.12510 - Acronis) Hidden
    Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}Visible) (Version: 22.5.12510 - Acronis)
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6329.01 - CyberLink Corp.)
    Free Chess version 2.0.4 (HKLM-x32\...\FreeChess_is1) (Version: 2.0.4 - Jorge Pardo Serrano)
    Gmail Notifier (HKLM-x32\...\Gmail Notifier) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
    Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version: - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{7FADF1ED-241A-4F82-B8FD-19BD0A82FFA0}) (Version: 19.11.1639.0649 - Intel Corporation)
    IntelĀ® PROSet/Wireless Software (HKLM-x32\...\{544ecb18-5d76-44bb-ac33-8d06719e39e7}) (Version: 19.20.0 - Intel Corporation)
    Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
    Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
    Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7954 - Realtek Semiconductor Corp.)
    Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
    RogueKiller version 12.12.24.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.24.0 - Adlice Software)
    SeaTools for Windows 1.4.0.6 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.6 - Seagate Technology)
    Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
    Startup Sound Changer (HKLM-x32\...\Startup Sound Changer) (Version: 1.0 - hxxp://winreview.ru/)
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
    Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
    Wise Auto Shutdown 1.7.2 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.7.2 - WiseCleaner.com, Inc.)
    WPS Office (10.2.0.7439) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.7439 - Kingsoft Corp.)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Douglas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
    CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Douglas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
    CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
    ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
    ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
    ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
    ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d839b083f4352477\igfxDTCM.dll [2017-08-08] (Intel Corporation)
    ContextMenuHandlers1_S-1-5-21-1071689139-868899152-4079591715-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {03CC8827-5428-4F4C-B547-E058BF24099C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-12] (Google Inc.)
    Task: {1935F3F8-BEE3-40C5-82F0-75624FAD9DD7} - System32\Tasks\WpsUpdateTask_Douglas => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\wtoolex\wpsupdate.exe [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
    Task: {24F5E931-4DA1-42F9-8920-AC9DCBA30BE5} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-09-19] (Acer Incorporated)
    Task: {31887983-A835-4D5A-B455-0AFD709813BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-12] (Google Inc.)
    Task: {536C0D1A-93CD-4820-8FA1-65844404D4F4} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [2015-05-14] ()
    Task: {548553D6-9F5C-4651-B638-BAD1D8EE9AEC} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-03-20] (Acer Incorporated)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
    Task: {79B90344-94ED-46D2-BF20-96241E615AD8} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-25] (AVG Technologies CZ, s.r.o.)
    Task: {8D9C2C66-34E5-4E56-9BEC-E86BCBC4A65F} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
    Task: {C48B9F12-8AF9-482D-A78F-929E5BB1B9D7} - System32\Tasks\WpsExternal_Douglas_20180531173733 => C:\Program Files (x86)\Kingsoft\Kingsoft Office\ksolaunch.exe [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
    Task: {F84BF63E-A9D7-4DE2-8153-9F54A9241934} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)
    ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
    ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Netflix app.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agjklhbcklaggfamomeeagcdkglffngn
    ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
    ==================== Loaded Modules (Whitelisted) ==============
    2018-04-03 09:07 - 2018-04-03 09:07 - 001218920 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    2018-06-20 23:05 - 2018-06-20 23:05 - 006096688 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 005825576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
    2017-02-15 13:30 - 2016-05-16 12:02 - 000111320 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
    2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-07-15 00:04 - 2018-07-06 07:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 007003048 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    2018-07-15 00:17 - 2018-07-15 00:17 - 000199168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
    2018-07-15 00:17 - 2018-07-15 00:17 - 002449952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-07-15 00:17 - 2018-07-15 00:17 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
    2018-06-25 21:35 - 2018-06-22 20:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
    2018-06-25 21:35 - 2018-06-22 20:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
    2018-06-18 22:42 - 2018-06-18 22:42 - 003490136 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
    2018-06-18 22:41 - 2018-06-18 22:41 - 001334488 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
    2018-06-18 22:37 - 2018-06-18 22:37 - 022782256 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
    2018-06-18 19:47 - 2018-06-18 19:47 - 000414936 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
    2018-04-03 08:40 - 2018-04-03 08:40 - 000136736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 000255008 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 000277538 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 002386352 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\xerces_c.dll
    2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
    2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
    2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
    2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
    2018-07-14 23:21 - 2018-07-14 23:21 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
    2017-03-20 14:24 - 2017-03-20 14:24 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
    2017-03-20 14:21 - 2017-03-20 14:21 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
    2016-09-14 21:25 - 2016-09-14 21:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2018-04-03 08:51 - 2018-04-03 08:51 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
    2018-04-03 08:40 - 2018-04-03 08:40 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)
    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1071689139-868899152-4079591715-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Douglas\Documents\A DESKTOP - Old Town at Night.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
    HKLM\...\StartupApproved\Run: => "AVGUI.exe"
    HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
    HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
    HKLM\...\StartupApproved\Run32: => "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"
    HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\StartupFolder: => "Sidebar139.lnk"
    HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\Run: => "DeskCalc"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{BD832581-3AA0-47E1-AC88-02F528998F63}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{2F4820FD-99B6-4663-A753-89A8305FC31D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{C086D55F-7B4F-4784-A5FC-6C3CCDD475A3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{386085D1-E92E-48BF-A643-2E0CF9BF5F47}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
    FirewallRules: [{FA66D84C-6076-426E-83B7-6F4D45F3FAE4}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe
    FirewallRules: [{934073E5-91C6-4FD6-8871-95528EFE4A04}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
    FirewallRules: [{99E07FE0-1755-4D0A-956A-C968098595D3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
    FirewallRules: [{A87EF652-8FD0-45A3-83A8-EB1BCE5C90FD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
    FirewallRules: [{E52CEDFE-C384-4610-B9B6-2F09C7E811A1}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
    FirewallRules: [{278BFF8B-D2AC-47F3-8C40-DD9128201A21}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
    FirewallRules: [{543639D8-AA6A-4BFC-A92B-870AF55E841E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
    FirewallRules: [{FA2FDCFD-6CBA-4963-BFA7-5BBB29867F10}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
    FirewallRules: [{31432273-7E29-4AB5-B0D6-18743B2911EB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    FirewallRules: [{9E8A2853-C7E6-447A-AE35-801274EB29FD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
    FirewallRules: [{31359C43-D8BE-47FA-9238-D4EA60F1B102}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
    FirewallRules: [{20099A4A-5A34-4C60-9015-4EB4DDDE98D7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    FirewallRules: [{C8049A26-7718-46D0-B6FC-87D2C79B35ED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{7040FA0B-8E05-4E96-95AB-C6ED8C7ECF93}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{909B687C-0980-4E61-8917-42AD3B2023DE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{2E633F74-53C6-46A5-BBBA-DABB7F502497}] => (Allow) C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\wpscloudsvr.exe
    FirewallRules: [{E22792C7-02C9-4EB5-A479-BC9C97BAE11E}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
    FirewallRules: [{25DCBAB1-26FC-4ADF-9781-6228FEF5EB68}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
    FirewallRules: [{EEB2E776-425B-4BFD-B5D8-A73E452E6D58}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
    FirewallRules: [{13B5332D-5FCD-4C6B-B3B6-330DBEF4EE36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E31A295E-0379-48FA-A664-D93FCC0B6515}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A69693CF-21CA-41DC-ABAD-5334B53E2484}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{CD64B198-4901-4EA9-BF71-353DE5BB69C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0CE16C68-903E-46A2-935F-99F7B217BCD9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{60BD16C3-67AE-49BE-BAA2-7E242F4CC02E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{386CF555-A13F-4365-A076-EE39000466D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{4BFFEC22-2CDF-470D-B427-CB83E4455330}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{6105F125-EE5E-4659-938F-1B07DA9E7629}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{219B9693-C6CB-49A4-A6B5-3D8DDFFB2A42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3A22A60A-5583-438E-81F9-AF12A05F3A7B}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{42139FB3-7C6E-49A8-BCEC-A6EE53157F2D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{23F3E70C-9FE4-46BF-80DD-F729F10D7E3F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{E79DF124-BFEB-4E5B-A77D-BC9FEBB5BDA3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
    FirewallRules: [{237E61BA-3856-4268-898B-7CA6A6E8C9CA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{21153F1A-94DF-4769-88BE-9AF6EBCA8DF9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
    FirewallRules: [{742F90A3-1952-4FA1-B408-E87C4B7D9E54}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
    FirewallRules: [{08B2672A-5F23-4F12-B815-0917759ABF27}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
    FirewallRules: [{0C46E5F1-C71D-4640-9B48-7DC0F69D56DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{AAA37A0B-9CA5-4636-8514-D820672B7C29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{7EE54433-2A7A-4B30-BDE9-C29496951135}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{6DB42FA5-AAA9-43AE-BA03-2B100951B36D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{D8329CCB-9C2D-40C1-8FB5-175692DB75A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{05C3CBD5-FA4D-4B6B-8B61-EE626058F39F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{4471E955-8F5D-4204-96C2-1E7949C5DEE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{86BA0809-A5FE-4956-8BAB-8CC1ACA0DE64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{923E347B-2ED7-42DF-8900-95FA59D11469}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{5A85B9CD-73BC-49B0-AA3E-C09082DDCF87}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    ==================== Restore Points =========================
    15-07-2018 00:02:57 Windows Update
    15-07-2018 00:50:20 Sunday 15/07 at 0050 hours.
    16-07-2018 17:15:59 Monday 16/7 at 1715 hours
    18-07-2018 23:13:59 Removed BlueStacks App Player
    19-07-2018 00:36:30 Restore Operation
    ==================== Faulty Device Manager Devices =============
    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (07/19/2018 10:08:30 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
    Error: (07/19/2018 10:08:25 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
    Error: (07/19/2018 09:51:57 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
    Error: (07/19/2018 09:51:54 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
    Error: (07/19/2018 09:51:35 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: Foresight.Common.InstallerTools.BrowserUtility: System.DllNotFoundException: Unable to load DLL 'SQLite.Interop.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
    at System.Data.SQLite.UnsafeNativeMethods.sqlite3_config_none(SQLiteConfigOpsEnum op)
    at System.Data.SQLite.SQLite3.StaticIsInitialized()
    at System.Data.SQLite.SQLiteLog.Initialize()
    at System.Data.SQLite.SQLiteConnection..ctor(String connectionString, Boolean parseViaFramework)
    at Foresight.Common.InstallerTools.BrowserUtility.ExtractLastUsedDateFromFirefox(DateTime lastUsedDate)
    Error: (07/19/2018 09:51:32 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
    Error: (07/19/2018 09:51:24 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
    Error: (07/19/2018 09:50:42 PM) (Source: Total System Care) (EventID: 0) (User: )
    Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
    System errors:
    =============
    Error: (07/20/2018 08:18:47 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 08:18:02 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 05:32:27 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 04:56:29 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 12:02:41 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 12:00:31 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 11:59:26 AM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Error: (07/20/2018 09:59:50 AM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz
    Percentage of memory in use: 43%
    Total physical RAM: 8110.58 MB
    Available physical RAM: 4545.88 MB
    Total Virtual: 9390.58 MB
    Available Virtual: 5608.41 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:930.91 GB) (Free:700.26 GB) NTFS
    Drive d: (TOSHIBA EXTERNAL) (Fixed) (Total:931.51 GB) (Free:691.44 GB) NTFS
    \\?\Volume{2cdc363e-6637-4c77-a179-178ee2b3ba1d}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
    \\?\Volume{9ebf5b30-efb5-4be5-b5c7-379e91292356}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: FB0AD6B7)
    Partition: GPT.
    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: CD586524)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,346
    First Name:
    Karen
    There is still evidence of AVG on the machine. I'll leave it in Derek's hands though since he requested the log.
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    You have pasted the addition.txt twice. I need to see the FRST.txt please
     
  12. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,137
    First Name:
    Douglas
    Apologies for that, but having now copied and pasted the FRST,txt file I am faced with an error showing "Unable to send - too many characters"!
     
  13. Macboatmaster

    Macboatmaster Trusted Advisor Spam Fighter

    Joined:
    Jan 14, 2010
    Messages:
    23,298
    Derek
    I will leave it with you as well if that is OK
    Seems to me that some attempt has been made to install
    Total System Care
    https://safebytes.com/products/total-system-care/

    if that has run who known what the effect has been
    Definitely a matter for your expertise.

    dougglos - good luck with it
    IF you did attempt to install Total System Care
    then if that has caused problems it most certainly falls within the category of what I warned you about on posy 69 of the Update topic
    Whether you have or not tried to run total system care I do not know.
    As I said good luck with it
     
    Last edited: Jul 20, 2018
  14. dougglos

    dougglos Thread Starter

    Joined:
    Nov 30, 2007
    Messages:
    1,137
    First Name:
    Douglas
    Macboatmaster - thanks anyway! I'm afraid that I wasn't able to remember the contents of your post 69 after a total of 292!

    Regarding Total System Care - I tried that because I did not wish to keep troubling you and other people with this. But what I am unable to understand is, if I had purchased a recommended anti-virus program would that have had the desired solution to the problem (Norton, McAfee, etc.) or are they also "third party" programs? All-in-all, I am coming to the opinion that perhaps I should forget Windows Defender and go for one of the other "highly thought of" programs. If dvk01 has any thoughts on this, I will probably go along these lines.
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    please attach the ftst txt file to the next reply. All you need to do is press upload file and follow prompts
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1213198

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice