Solved Windows Defender Security Centre question

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,363
In the Windows Defender screen, under "Security at a Glance", I have five items indicating that "No action is Required", but can someone please explain what the other item means when it shows "Your virus and threat protection is managed by your organisation?" I am puzzled as to its meaning and would be grateful if anyone can help me understand this.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
That normally means that you have a 3rd party AV and are not using defender as only AV

what AV do you have installed
 

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,363
If I go to Control Panel and look under Security & Maintenance, it reads "Virus protection - Windows Defender is turned off and is currently being managed by your system administrator". If I try to click on "Turn on now", it has no effect, it being greyed out. I do not know how to check whether I have some other method installed.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
I have sent a message to Macboatmaster to help you. I think this might be related to the long, long, long thread you had going about updates.
 

Macboatmaster

Trusted Advisor
Spam Fighter
Joined
Jan 14, 2010
Messages
24,591
I think it may be the best approach if the tools used by our colleague in his examination of - infection possibility were removed first
I so sent a message to JSntgRvr
Please would you revisit the topic for me
https://forums.techguy.org/threads/windows-updates-do-not-complete.1211870/page-8
and cleanup if necessary any of the tools you used
Repair install was successful
but it appears he has not been online since the message last Sunday
Could you assist in that regard
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
I wouldn't worry about uninstalling any tools used at this time. However looking back quickly at the multitude of logs in that thread, it looks like there is a Windows defender restriction set by something and I can't see anything having removed it.

Lets start again with frst
You should have it on the computer still, but just in case you have removed it, I will post the full instructions. BUT if it is still on the computer just run it as administrator as you did before, make sure to enable addition.txt in the extra settings section as well

Post both logs back here


Please download Farbar Recovery Scan Tool and save it to your Desktop or downloads folder.

Note: You need to download and run the 64 bit version

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory/folder/place as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,056
At the beginning of the other thread there was evidence in the Speccy report that AVG was the resident a/v and WD was disabled. However, I thought they did a full reinstallation of Windows at the end of that thread so AVG wouldn't survive that.
 

Macboatmaster

Trusted Advisor
Spam Fighter
Joined
Jan 14, 2010
Messages
24,591
A repair install of windows 10 was carried out under my guidance by using the ISO and from within windows 10 - clicking setup
This leaves all apps and programs intact
However may I refer to post 14 on the original topic
Before I even joined the topic AVG was uninstalled and the AVG uninstaller was used.

Malwarebytes was used by JSntgRvr - I think, and I found that on the list of apps, as programs and features on 10 are no longer used to uninstall apps, it is done through settings

It was uninstalled from there.

This is partially my error although I did of course run rather a long topic.
I should have checked the Defender was working.
Subject to what is found now after post 6 I suggest a uninstall of malwarebytes using their uninstaller

To make it easier post 260 refers to installed apps.

The repair install of 10 leaves the registry entries for existing apps still in place
 

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,363
FRST.txt duly pasted here:-

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Douglas (20-07-2018 20:29:42)
Running from C:\Users\Douglas\Downloads
Windows 10 Home Version 1803 17134.167 (X64) (2018-07-14 22:31:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1071689139-868899152-4079591715-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1071689139-868899152-4079591715-503 - Limited - Disabled)
Douglas (S-1-5-21-1071689139-868899152-4079591715-1001 - Administrator - Enabled) => C:\Users\Douglas
Guest (S-1-5-21-1071689139-868899152-4079591715-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1071689139-868899152-4079591715-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
8GadgetPack (HKLM-x32\...\{A6ED7695-0EDF-47C6-BD79-669FA92C6E78}) (Version: 26.0.0 - 8GadgetPack.net)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.08.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}) (Version: 22.5.12510 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}Visible) (Version: 22.5.12510 - Acronis)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6329.01 - CyberLink Corp.)
Free Chess version 2.0.4 (HKLM-x32\...\FreeChess_is1) (Version: 2.0.4 - Jorge Pardo Serrano)
Gmail Notifier (HKLM-x32\...\Gmail Notifier) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version: - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{7FADF1ED-241A-4F82-B8FD-19BD0A82FFA0}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{544ecb18-5d76-44bb-ac33-8d06719e39e7}) (Version: 19.20.0 - Intel Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7954 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
RogueKiller version 12.12.24.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.24.0 - Adlice Software)
SeaTools for Windows 1.4.0.6 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.6 - Seagate Technology)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Startup Sound Changer (HKLM-x32\...\Startup Sound Changer) (Version: 1.0 - hxxp://winreview.ru/)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
Wise Auto Shutdown 1.7.2 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.7.2 - WiseCleaner.com, Inc.)
WPS Office (10.2.0.7439) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.7439 - Kingsoft Corp.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Douglas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Douglas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d839b083f4352477\igfxDTCM.dll [2017-08-08] (Intel Corporation)
ContextMenuHandlers1_S-1-5-21-1071689139-868899152-4079591715-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03CC8827-5428-4F4C-B547-E058BF24099C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-12] (Google Inc.)
Task: {1935F3F8-BEE3-40C5-82F0-75624FAD9DD7} - System32\Tasks\WpsUpdateTask_Douglas => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\wtoolex\wpsupdate.exe [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {24F5E931-4DA1-42F9-8920-AC9DCBA30BE5} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-09-19] (Acer Incorporated)
Task: {31887983-A835-4D5A-B455-0AFD709813BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-12] (Google Inc.)
Task: {536C0D1A-93CD-4820-8FA1-65844404D4F4} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [2015-05-14] ()
Task: {548553D6-9F5C-4651-B638-BAD1D8EE9AEC} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-03-20] (Acer Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {79B90344-94ED-46D2-BF20-96241E615AD8} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-25] (AVG Technologies CZ, s.r.o.)
Task: {8D9C2C66-34E5-4E56-9BEC-E86BCBC4A65F} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {C48B9F12-8AF9-482D-A78F-929E5BB1B9D7} - System32\Tasks\WpsExternal_Douglas_20180531173733 => C:\Program Files (x86)\Kingsoft\Kingsoft Office\ksolaunch.exe [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {F84BF63E-A9D7-4DE2-8153-9F54A9241934} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Netflix app.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agjklhbcklaggfamomeeagcdkglffngn
ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
==================== Loaded Modules (Whitelisted) ==============
2018-04-03 09:07 - 2018-04-03 09:07 - 001218920 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2018-06-20 23:05 - 2018-06-20 23:05 - 006096688 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 005825576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2017-02-15 13:30 - 2016-05-16 12:02 - 000111320 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-15 00:04 - 2018-07-06 07:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 007003048 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2018-07-15 00:17 - 2018-07-15 00:17 - 000199168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-15 00:17 - 2018-07-15 00:17 - 002449952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-15 00:17 - 2018-07-15 00:17 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2018-06-25 21:35 - 2018-06-22 20:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-25 21:35 - 2018-06-22 20:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-06-18 22:42 - 2018-06-18 22:42 - 003490136 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2018-06-18 22:41 - 2018-06-18 22:41 - 001334488 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2018-06-18 22:37 - 2018-06-18 22:37 - 022782256 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2018-06-18 19:47 - 2018-06-18 19:47 - 000414936 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2018-04-03 08:40 - 2018-04-03 08:40 - 000136736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 000255008 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 000277538 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 002386352 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\xerces_c.dll
2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2018-07-14 23:21 - 2018-07-14 23:21 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-03-20 14:24 - 2017-03-20 14:24 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-03-20 14:21 - 2017-03-20 14:21 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-09-14 21:25 - 2016-09-14 21:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2018-04-03 08:40 - 2018-04-03 08:40 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1071689139-868899152-4079591715-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Douglas\Documents\A DESKTOP - Old Town at Night.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AVGUI.exe"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"
HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\StartupFolder: => "Sidebar139.lnk"
HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\Run: => "DeskCalc"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{BD832581-3AA0-47E1-AC88-02F528998F63}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2F4820FD-99B6-4663-A753-89A8305FC31D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{C086D55F-7B4F-4784-A5FC-6C3CCDD475A3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{386085D1-E92E-48BF-A643-2E0CF9BF5F47}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
FirewallRules: [{FA66D84C-6076-426E-83B7-6F4D45F3FAE4}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe
FirewallRules: [{934073E5-91C6-4FD6-8871-95528EFE4A04}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{99E07FE0-1755-4D0A-956A-C968098595D3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{A87EF652-8FD0-45A3-83A8-EB1BCE5C90FD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{E52CEDFE-C384-4610-B9B6-2F09C7E811A1}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{278BFF8B-D2AC-47F3-8C40-DD9128201A21}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{543639D8-AA6A-4BFC-A92B-870AF55E841E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
FirewallRules: [{FA2FDCFD-6CBA-4963-BFA7-5BBB29867F10}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{31432273-7E29-4AB5-B0D6-18743B2911EB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{9E8A2853-C7E6-447A-AE35-801274EB29FD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{31359C43-D8BE-47FA-9238-D4EA60F1B102}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{20099A4A-5A34-4C60-9015-4EB4DDDE98D7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C8049A26-7718-46D0-B6FC-87D2C79B35ED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{7040FA0B-8E05-4E96-95AB-C6ED8C7ECF93}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{909B687C-0980-4E61-8917-42AD3B2023DE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{2E633F74-53C6-46A5-BBBA-DABB7F502497}] => (Allow) C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\wpscloudsvr.exe
FirewallRules: [{E22792C7-02C9-4EB5-A479-BC9C97BAE11E}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{25DCBAB1-26FC-4ADF-9781-6228FEF5EB68}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{EEB2E776-425B-4BFD-B5D8-A73E452E6D58}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{13B5332D-5FCD-4C6B-B3B6-330DBEF4EE36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E31A295E-0379-48FA-A664-D93FCC0B6515}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A69693CF-21CA-41DC-ABAD-5334B53E2484}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CD64B198-4901-4EA9-BF71-353DE5BB69C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0CE16C68-903E-46A2-935F-99F7B217BCD9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{60BD16C3-67AE-49BE-BAA2-7E242F4CC02E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{386CF555-A13F-4365-A076-EE39000466D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4BFFEC22-2CDF-470D-B427-CB83E4455330}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{6105F125-EE5E-4659-938F-1B07DA9E7629}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{219B9693-C6CB-49A4-A6B5-3D8DDFFB2A42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3A22A60A-5583-438E-81F9-AF12A05F3A7B}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{42139FB3-7C6E-49A8-BCEC-A6EE53157F2D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{23F3E70C-9FE4-46BF-80DD-F729F10D7E3F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E79DF124-BFEB-4E5B-A77D-BC9FEBB5BDA3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{237E61BA-3856-4268-898B-7CA6A6E8C9CA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{21153F1A-94DF-4769-88BE-9AF6EBCA8DF9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{742F90A3-1952-4FA1-B408-E87C4B7D9E54}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{08B2672A-5F23-4F12-B815-0917759ABF27}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0C46E5F1-C71D-4640-9B48-7DC0F69D56DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{AAA37A0B-9CA5-4636-8514-D820672B7C29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7EE54433-2A7A-4B30-BDE9-C29496951135}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6DB42FA5-AAA9-43AE-BA03-2B100951B36D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D8329CCB-9C2D-40C1-8FB5-175692DB75A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{05C3CBD5-FA4D-4B6B-8B61-EE626058F39F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4471E955-8F5D-4204-96C2-1E7949C5DEE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{86BA0809-A5FE-4956-8BAB-8CC1ACA0DE64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{923E347B-2ED7-42DF-8900-95FA59D11469}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{5A85B9CD-73BC-49B0-AA3E-C09082DDCF87}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
==================== Restore Points =========================
15-07-2018 00:02:57 Windows Update
15-07-2018 00:50:20 Sunday 15/07 at 0050 hours.
16-07-2018 17:15:59 Monday 16/7 at 1715 hours
18-07-2018 23:13:59 Removed BlueStacks App Player
19-07-2018 00:36:30 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/19/2018 10:08:30 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
Error: (07/19/2018 10:08:25 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
Error: (07/19/2018 09:51:57 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .

Error: (07/19/2018 09:51:54 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
Error: (07/19/2018 09:51:35 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: Foresight.Common.InstallerTools.BrowserUtility: System.DllNotFoundException: Unable to load DLL 'SQLite.Interop.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
at System.Data.SQLite.UnsafeNativeMethods.sqlite3_config_none(SQLiteConfigOpsEnum op)
at System.Data.SQLite.SQLite3.StaticIsInitialized()
at System.Data.SQLite.SQLiteLog.Initialize()
at System.Data.SQLite.SQLiteConnection..ctor(String connectionString, Boolean parseViaFramework)
at Foresight.Common.InstallerTools.BrowserUtility.ExtractLastUsedDateFromFirefox(DateTime lastUsedDate)
Error: (07/19/2018 09:51:32 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
Error: (07/19/2018 09:51:24 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
Error: (07/19/2018 09:50:42 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
System errors:
=============
Error: (07/20/2018 08:18:47 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 08:18:02 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 05:32:27 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 04:56:29 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 12:02:41 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 12:00:31 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 11:59:26 AM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 09:59:50 AM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz
Percentage of memory in use: 43%
Total physical RAM: 8110.58 MB
Available physical RAM: 4545.88 MB
Total Virtual: 9390.58 MB
Available Virtual: 5608.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.91 GB) (Free:700.26 GB) NTFS
Drive d: (TOSHIBA EXTERNAL) (Fixed) (Total:931.51 GB) (Free:691.44 GB) NTFS
\\?\Volume{2cdc363e-6637-4c77-a179-178ee2b3ba1d}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
\\?\Volume{9ebf5b30-efb5-4be5-b5c7-379e91292356}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FB0AD6B7)
Partition: GPT.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CD586524)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

Now looking for the Addition.txt see below:-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Douglas (20-07-2018 20:29:42)
Running from C:\Users\Douglas\Downloads
Windows 10 Home Version 1803 17134.167 (X64) (2018-07-14 22:31:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1071689139-868899152-4079591715-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1071689139-868899152-4079591715-503 - Limited - Disabled)
Douglas (S-1-5-21-1071689139-868899152-4079591715-1001 - Administrator - Enabled) => C:\Users\Douglas
Guest (S-1-5-21-1071689139-868899152-4079591715-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1071689139-868899152-4079591715-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
8GadgetPack (HKLM-x32\...\{A6ED7695-0EDF-47C6-BD79-669FA92C6E78}) (Version: 26.0.0 - 8GadgetPack.net)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.08.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}) (Version: 22.5.12510 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}Visible) (Version: 22.5.12510 - Acronis)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6329.01 - CyberLink Corp.)
Free Chess version 2.0.4 (HKLM-x32\...\FreeChess_is1) (Version: 2.0.4 - Jorge Pardo Serrano)
Gmail Notifier (HKLM-x32\...\Gmail Notifier) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version: - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{7FADF1ED-241A-4F82-B8FD-19BD0A82FFA0}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{544ecb18-5d76-44bb-ac33-8d06719e39e7}) (Version: 19.20.0 - Intel Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7954 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
RogueKiller version 12.12.24.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.24.0 - Adlice Software)
SeaTools for Windows 1.4.0.6 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.6 - Seagate Technology)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Startup Sound Changer (HKLM-x32\...\Startup Sound Changer) (Version: 1.0 - hxxp://winreview.ru/)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
Wise Auto Shutdown 1.7.2 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.7.2 - WiseCleaner.com, Inc.)
WPS Office (10.2.0.7439) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.7439 - Kingsoft Corp.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Douglas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Douglas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1071689139-868899152-4079591715-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-04-03] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d839b083f4352477\igfxDTCM.dll [2017-08-08] (Intel Corporation)
ContextMenuHandlers1_S-1-5-21-1071689139-868899152-4079591715-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03CC8827-5428-4F4C-B547-E058BF24099C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-12] (Google Inc.)
Task: {1935F3F8-BEE3-40C5-82F0-75624FAD9DD7} - System32\Tasks\WpsUpdateTask_Douglas => C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\wtoolex\wpsupdate.exe [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {24F5E931-4DA1-42F9-8920-AC9DCBA30BE5} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-09-19] (Acer Incorporated)
Task: {31887983-A835-4D5A-B455-0AFD709813BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-12] (Google Inc.)
Task: {536C0D1A-93CD-4820-8FA1-65844404D4F4} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [2015-05-14] ()
Task: {548553D6-9F5C-4651-B638-BAD1D8EE9AEC} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-03-20] (Acer Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {79B90344-94ED-46D2-BF20-96241E615AD8} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-25] (AVG Technologies CZ, s.r.o.)
Task: {8D9C2C66-34E5-4E56-9BEC-E86BCBC4A65F} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {C48B9F12-8AF9-482D-A78F-929E5BB1B9D7} - System32\Tasks\WpsExternal_Douglas_20180531173733 => C:\Program Files (x86)\Kingsoft\Kingsoft Office\ksolaunch.exe [2018-07-18] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {F84BF63E-A9D7-4DE2-8153-9F54A9241934} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Netflix app.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=agjklhbcklaggfamomeeagcdkglffngn
ShortcutWithArgument: C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
==================== Loaded Modules (Whitelisted) ==============
2018-04-03 09:07 - 2018-04-03 09:07 - 001218920 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2018-06-20 23:05 - 2018-06-20 23:05 - 006096688 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 005825576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2017-02-15 13:30 - 2016-05-16 12:02 - 000111320 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-15 00:04 - 2018-07-06 07:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 007003048 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2018-07-15 00:17 - 2018-07-15 00:17 - 000199168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-15 00:17 - 2018-07-15 00:17 - 002449952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-15 00:17 - 2018-07-15 00:17 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2018-06-25 21:35 - 2018-06-22 20:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-25 21:35 - 2018-06-22 20:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-06-18 22:42 - 2018-06-18 22:42 - 003490136 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2018-06-18 22:41 - 2018-06-18 22:41 - 001334488 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2018-06-18 22:37 - 2018-06-18 22:37 - 022782256 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2018-06-18 19:47 - 2018-06-18 19:47 - 000414936 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2018-04-03 08:40 - 2018-04-03 08:40 - 000136736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 000255008 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 000277538 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 002386352 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\xerces_c.dll
2017-09-22 15:14 - 2017-09-22 15:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 15:17 - 2017-09-22 15:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 15:16 - 2017-09-22 15:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2018-07-14 23:21 - 2018-07-14 23:21 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-03-20 14:24 - 2017-03-20 14:24 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-03-20 14:21 - 2017-03-20 14:21 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-09-14 21:25 - 2016-09-14 21:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-04-03 08:51 - 2018-04-03 08:51 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2018-04-03 08:40 - 2018-04-03 08:40 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1071689139-868899152-4079591715-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Douglas\Documents\A DESKTOP - Old Town at Night.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AVGUI.exe"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"
HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\StartupFolder: => "Sidebar139.lnk"
HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1071689139-868899152-4079591715-1001\...\StartupApproved\Run: => "DeskCalc"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{BD832581-3AA0-47E1-AC88-02F528998F63}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2F4820FD-99B6-4663-A753-89A8305FC31D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{C086D55F-7B4F-4784-A5FC-6C3CCDD475A3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{386085D1-E92E-48BF-A643-2E0CF9BF5F47}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
FirewallRules: [{FA66D84C-6076-426E-83B7-6F4D45F3FAE4}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe
FirewallRules: [{934073E5-91C6-4FD6-8871-95528EFE4A04}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{99E07FE0-1755-4D0A-956A-C968098595D3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{A87EF652-8FD0-45A3-83A8-EB1BCE5C90FD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{E52CEDFE-C384-4610-B9B6-2F09C7E811A1}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{278BFF8B-D2AC-47F3-8C40-DD9128201A21}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{543639D8-AA6A-4BFC-A92B-870AF55E841E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
FirewallRules: [{FA2FDCFD-6CBA-4963-BFA7-5BBB29867F10}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{31432273-7E29-4AB5-B0D6-18743B2911EB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{9E8A2853-C7E6-447A-AE35-801274EB29FD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{31359C43-D8BE-47FA-9238-D4EA60F1B102}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{20099A4A-5A34-4C60-9015-4EB4DDDE98D7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C8049A26-7718-46D0-B6FC-87D2C79B35ED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{7040FA0B-8E05-4E96-95AB-C6ED8C7ECF93}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{909B687C-0980-4E61-8917-42AD3B2023DE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{2E633F74-53C6-46A5-BBBA-DABB7F502497}] => (Allow) C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.2.0.7439\office6\wpscloudsvr.exe
FirewallRules: [{E22792C7-02C9-4EB5-A479-BC9C97BAE11E}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{25DCBAB1-26FC-4ADF-9781-6228FEF5EB68}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{EEB2E776-425B-4BFD-B5D8-A73E452E6D58}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{13B5332D-5FCD-4C6B-B3B6-330DBEF4EE36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E31A295E-0379-48FA-A664-D93FCC0B6515}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A69693CF-21CA-41DC-ABAD-5334B53E2484}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CD64B198-4901-4EA9-BF71-353DE5BB69C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0CE16C68-903E-46A2-935F-99F7B217BCD9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{60BD16C3-67AE-49BE-BAA2-7E242F4CC02E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{386CF555-A13F-4365-A076-EE39000466D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4BFFEC22-2CDF-470D-B427-CB83E4455330}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{6105F125-EE5E-4659-938F-1B07DA9E7629}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{219B9693-C6CB-49A4-A6B5-3D8DDFFB2A42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3A22A60A-5583-438E-81F9-AF12A05F3A7B}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{42139FB3-7C6E-49A8-BCEC-A6EE53157F2D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{23F3E70C-9FE4-46BF-80DD-F729F10D7E3F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E79DF124-BFEB-4E5B-A77D-BC9FEBB5BDA3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{237E61BA-3856-4268-898B-7CA6A6E8C9CA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{21153F1A-94DF-4769-88BE-9AF6EBCA8DF9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{742F90A3-1952-4FA1-B408-E87C4B7D9E54}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{08B2672A-5F23-4F12-B815-0917759ABF27}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0C46E5F1-C71D-4640-9B48-7DC0F69D56DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{AAA37A0B-9CA5-4636-8514-D820672B7C29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7EE54433-2A7A-4B30-BDE9-C29496951135}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6DB42FA5-AAA9-43AE-BA03-2B100951B36D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D8329CCB-9C2D-40C1-8FB5-175692DB75A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{05C3CBD5-FA4D-4B6B-8B61-EE626058F39F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4471E955-8F5D-4204-96C2-1E7949C5DEE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{86BA0809-A5FE-4956-8BAB-8CC1ACA0DE64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{923E347B-2ED7-42DF-8900-95FA59D11469}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{5A85B9CD-73BC-49B0-AA3E-C09082DDCF87}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
==================== Restore Points =========================
15-07-2018 00:02:57 Windows Update
15-07-2018 00:50:20 Sunday 15/07 at 0050 hours.
16-07-2018 17:15:59 Monday 16/7 at 1715 hours
18-07-2018 23:13:59 Removed BlueStacks App Player
19-07-2018 00:36:30 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/19/2018 10:08:30 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
Error: (07/19/2018 10:08:25 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
Error: (07/19/2018 09:51:57 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
Error: (07/19/2018 09:51:54 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
Error: (07/19/2018 09:51:35 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: Foresight.Common.InstallerTools.BrowserUtility: System.DllNotFoundException: Unable to load DLL 'SQLite.Interop.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
at System.Data.SQLite.UnsafeNativeMethods.sqlite3_config_none(SQLiteConfigOpsEnum op)
at System.Data.SQLite.SQLite3.StaticIsInitialized()
at System.Data.SQLite.SQLiteLog.Initialize()
at System.Data.SQLite.SQLiteConnection..ctor(String connectionString, Boolean parseViaFramework)
at Foresight.Common.InstallerTools.BrowserUtility.ExtractLastUsedDateFromFirefox(DateTime lastUsedDate)
Error: (07/19/2018 09:51:32 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
Error: (07/19/2018 09:51:24 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: GenericSkinnedInstaller.Installing: Unexpected exception while sending installation data.
Error: (07/19/2018 09:50:42 PM) (Source: Total System Care) (EventID: 0) (User: )
Description: InstallerCore.Downloader: Unexpected Exception while checking contentLength of file: http://download.totalsystemcare.com/main/PayloadTotalSystemCare-Setup.exe .
System errors:
=============
Error: (07/20/2018 08:18:47 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 08:18:02 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 05:32:27 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 04:56:29 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 12:02:41 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 12:00:31 PM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 11:59:26 AM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/20/2018 09:59:50 AM) (Source: DCOM) (EventID: 10016) (User: DOUGLAS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DOUGLAS\Douglas SID (S-1-5-21-1071689139-868899152-4079591715-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz
Percentage of memory in use: 43%
Total physical RAM: 8110.58 MB
Available physical RAM: 4545.88 MB
Total Virtual: 9390.58 MB
Available Virtual: 5608.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.91 GB) (Free:700.26 GB) NTFS
Drive d: (TOSHIBA EXTERNAL) (Fixed) (Total:931.51 GB) (Free:691.44 GB) NTFS
\\?\Volume{2cdc363e-6637-4c77-a179-178ee2b3ba1d}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
\\?\Volume{9ebf5b30-efb5-4be5-b5c7-379e91292356}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FB0AD6B7)
Partition: GPT.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CD586524)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,056
There is still evidence of AVG on the machine. I'll leave it in Derek's hands though since he requested the log.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
You have pasted the addition.txt twice. I need to see the FRST.txt please
 

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,363
Apologies for that, but having now copied and pasted the FRST,txt file I am faced with an error showing "Unable to send - too many characters"!
 

Macboatmaster

Trusted Advisor
Spam Fighter
Joined
Jan 14, 2010
Messages
24,591
Derek
I will leave it with you as well if that is OK
Seems to me that some attempt has been made to install
Total System Care
https://safebytes.com/products/total-system-care/

if that has run who known what the effect has been
Definitely a matter for your expertise.

dougglos - good luck with it
IF you did attempt to install Total System Care
then if that has caused problems it most certainly falls within the category of what I warned you about on posy 69 of the Update topic
Before you go - do you use any third party maintenance programs
of the Make it go faster clean your registry type programs
These can often be the cause.
Whether you have or not tried to run total system care I do not know.
As I said good luck with it
 
Last edited:

dougglos

Douglas
Thread Starter
Joined
Nov 30, 2007
Messages
1,363
Macboatmaster - thanks anyway! I'm afraid that I wasn't able to remember the contents of your post 69 after a total of 292!

Regarding Total System Care - I tried that because I did not wish to keep troubling you and other people with this. But what I am unable to understand is, if I had purchased a recommended anti-virus program would that have had the desired solution to the problem (Norton, McAfee, etc.) or are they also "third party" programs? All-in-all, I am coming to the opinion that perhaps I should forget Windows Defender and go for one of the other "highly thought of" programs. If dvk01 has any thoughts on this, I will probably go along these lines.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
please attach the ftst txt file to the next reply. All you need to do is press upload file and follow prompts
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top