- Sep 29, 2019
- 2
Downloaded Immunet after reading here and ran a scan yesterday. Nothing. Ran again today and it found several. The most worrisome is the following message: recognizerCryptolocker.dll has been detected as Clam.Win.Ransomware.Generic-6545091-0. Quarantine failed. There were two notifications for the same issue.
It found 3 other viruses which is quarantined but they seem to be associated with a program I use called ProcessHacker which shows computer use. One is kprocesshacker.sys, detected as PUA.Win.Tool.Prochack::95.sbx.tg Quarantine was successful. The second was peview.exe has been detected as PUA.WinTool.Prochack::95.sbx.tg. Quarantine was successful. The last is ProcessHacker.exe has been detected as W32.ProHackg1.22k2.1201. Quarantine was successful. I can not find a way to upload a Word file so I am copying the text and pasting it here.
First.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-09-2019
Ran by john (administrator) on DESKTOP-3VLR0DJ (Dell Inc. XPS 8920) (30-09-2019 10:34:44)
Running from C:\Users\john\Desktop\uploadfiles
Loaded Profiles: john (Available Profiles: john & DefaultAppPool)
Platform: Windows 10 Home Version 1903 18362.387 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Cisco Systems, Inc. -> ) C:\Program Files\Immunet\6.5.0\cscm.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files\Immunet\6.5.0\sfc.exe
(Cisco Systems, Inc. -> Immunet) C:\Program Files\Immunet\6.5.0\iptray.exe
(Comodo Security Solutions -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132869.inf_amd64_052eb72d070df60f\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132869.inf_amd64_052eb72d070df60f\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132869.inf_amd64_052eb72d070df60f\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_a9a8972288e9f3b5\RstMwService.exe
(Intel(R) RMT -> Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\pcdrwi.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Ruiware, LLC -> Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-09-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-09-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1198448 2017-08-30] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13036496 2019-07-31] (Comodo Security Solutions -> COMODO)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-07-29] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\6.5.0\iptray.exe [852672 2019-09-29] (Cisco Systems, Inc. -> Immunet)
HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-07] (Ruiware, LLC -> Ruiware)
HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3681944 2019-09-05] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {024A08D1-2A77-4BF0-A55E-0385BB4BE105} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe
Task: {1113E4A1-A9D9-4C40-BD2A-7E35C14C99B4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855592 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {12464C68-2622-4427-987B-D63C10686566} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855592 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {17B1E544-870D-4196-9AD1-A2464829470F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
Task: {1D586BAD-F85E-4338-8F97-9A4C36EDCA23} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2089375E-4F57-4461-ADCF-D854AA5D07FD} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950312 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {25A309F0-3A05-4CDB-8685-6B746523DEB0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950312 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {41F034F9-100A-4C98-AC6C-123241DAD28E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BEEAF73-7DCE-4598-8ACD-C8219410275E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {5C04EC03-4EF1-4B3B-A719-3B3DEE980E5A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {602169EB-3F4D-4895-92F3-096CF8DE83CB} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950312 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6AD14494-B4FF-4F74-84CE-FD9E5C4E149E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [903520 2019-02-13] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {6B84A512-C906-4967-8621-B5D3B6A9A2D4} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5714384 2019-07-31] (Comodo Security Solutions -> COMODO)
Task: {6D7D7F46-C97D-44BB-AE47-E4E81156B1E1} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {724A31AE-773F-49DA-A011-65A9E1C71D66} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5714384 2019-07-31] (Comodo Security Solutions -> COMODO)
Task: {76D778B2-DAA7-4959-98A5-B108FBE9DC95} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {775204CF-EAE2-4835-A1EB-AE2605624946} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {7AE1ABA5-0116-4FBC-B3BD-5D42915C1401} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-09-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {837586DC-921E-4971-9DEF-9CEB489BCA3F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1571464 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {8937F14B-268E-4950-B07C-494C519AF1C6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8A557C8C-952D-4BC7-AF9B-5DCC068043E2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {92FEA408-A201-473E-B0D7-C4E520A03527} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {9EFACDD5-0414-42F6-AA43-1F2DF53B5C1E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A560809D-EDE1-4457-A671-9C7762D36E28} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3487272 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
______________________________________________________________________________________________________________________________
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-09-2019
Ran by john (30-09-2019 10:29:48)
Running from C:\Users\john\Desktop\uploadfiles
Windows 10 Home Version 1903 18362.387 (X64) (2019-06-21 20:52:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-822668767-2629868110-4160438993-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-822668767-2629868110-4160438993-503 - Limited - Disabled)
Guest (S-1-5-21-822668767-2629868110-4160438993-501 - Limited - Disabled)
john (S-1-5-21-822668767-2629868110-4160438993-1001 - Administrator - Enabled) => C:\Users\john
WDAGUtilityAccount (S-1-5-21-822668767-2629868110-4160438993-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Immunet (Enabled - Up to date) {05A27767-0425-EB45-C06B-DA28DB7FCD38}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {3D9428CB-50D2-A37E-F90F-1D238F042427}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Any Video Converter 6.3.1 (HKLM-x32\...\Any Video Converter) (Version: 6.3.1 - Anvsoft)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 4.3 - Power Software Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bridge Base Online (HKLM-x32\...\Bridge Base OnlineVersion 5.2.21) (Version: Version 5.2.21 - Bridge Base Online, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
COMODO Firewall (HKLM\...\{C7126FFC-A751-471B-93B4-19439D6AA992}) (Version: 12.0.0.6882 - COMODO Security Solutions Inc.) Hidden
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 12.0.0.6882 - COMODO Security Solutions Inc.)
Dell Digital Delivery (HKLM-x32\...\{4B38FF9D-7308-411D-93BF-CCF259B476ED}) (Version: 3.5.2013.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{95BD6E30-2B18-4FB0-B5AE-8250E5584831}) (Version: 3.3.3.13 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.6.0.25114 - Foxit Software Inc.)
Immunet (HKLM-x32\...\Immunet Protect) (Version: 6.5.0.11255 - Cisco Systems, Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.6951 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1003 - Intel Corporation)
Intel(R) Ready Mode Technology (HKLM\...\{CC3C017C-876D-4A31-A128-593FF92A1FE7}) (Version: 1.1.70.528 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.20.0.4 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{4B3C56AB-963E-4F48-9747-05297683DB3B}) (Version: 16.8.3.1003 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86f7f90f-40a4-4cf2-b9dc-cfde74107a2f}) (Version: 21.20.1 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9266.0 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B9966F27-9678-4620-9579-925E3084647E}) (Version: 07.03.0719 - Microsoft Corporation)
Microsoft Works 2004 Setup Launcher (HKLM-x32\...\Works2004Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{33BEE6F3-9987-4F98-A069-97A64EC8321A}) (Version: 7.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 69.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.1 (x64 en-US)) (Version: 69.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1 - Mozilla)
MRU-Blaster v1.5 (Database 3/28/2004) (HKLM-x32\...\MRU-Blaster_is1) (Version: 1.5 - Javacool Software LLC)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.15.0.186 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.186 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Privacy Mantra 3.00 (HKLM-x32\...\Privacy Mantra 3.00) (Version: - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8248 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Sandboxie 5.31.4 (64-bit) (HKLM\...\Sandboxie) (Version: 5.31.4 - Sandboxie Holdings, LLC)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-3) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Zic Player v.3.7 (HKLM\...\Zic Player_is1) (Version: 3.7 - Ivan BUBLOZ)
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-06-12] (Autodesk Inc.)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.13.0_x64__htrsf667h5kn2 [2019-06-12] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2019-06-12] (Dell Inc)
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.3.8.0_x64__htrsf667h5kn2 [2019-09-19] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.1.0_x64__xbfy0k16fey96 [2019-06-13] (Dropbox Inc.)
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-07-30] (Keeper Security Inc)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.4.2725.0_x86__mcezb6ze687jp [2019-06-12] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.1.1107.0_x86__8wekyb3d8bbwe [2019-09-04] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-28] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.94.574.0_x64__mcm4njqhnhss8 [2019-09-28] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-09] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.1.9506.0_x86__mcezb6ze687jp [2019-06-12] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_8.0.8908.0_x86__mcezb6ze687jp [2019-06-12] (CYBERLINK CORPORATION.)
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2019-06-12] (CYBERLINK CORPORATION.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0 [2019-09-17] (Spotify AB)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-822668767-2629868110-4160438993-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-07-31] (Comodo Security Solutions -> COMODO)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-07-31] (Comodo Security Solutions -> COMODO)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-07-31] (Comodo Security Solutions -> COMODO)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
==================== Loaded Modules (Whitelisted) ==============
2019-07-15 10:20 - 2019-07-15 10:20 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2005-01-13 11:47 - 2005-01-13 11:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ESPSUTL.dll
2011-04-14 10:25 - 2011-04-14 10:25 - 000206336 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnCom10.dll
2011-04-14 10:25 - 2011-04-14 10:25 - 000082944 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnEps25.dll
2011-04-14 10:25 - 2011-04-14 10:25 - 000055808 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnMgr10.dll
2012-02-09 13:53 - 2012-02-09 13:53 - 000110080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2011-04-14 10:16 - 2011-04-14 10:16 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScanEngine30.dll
2017-12-19 10:05 - 2011-08-30 14:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2017-12-19 10:05 - 2011-08-01 19:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
2018-04-20 10:17 - 2013-12-23 11:00 - 000040448 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL
2018-04-20 10:17 - 2013-12-23 11:00 - 000181760 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\EFXMI09A.dll
2018-04-20 10:17 - 2013-12-23 11:00 - 000235008 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 16:03 - 2018-09-12 07:37 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-822668767-2629868110-4160438993-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run32: => "IseUI"
HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{D3080380-A6D1-4F32-B05A-DA8294A65F33}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{4DB23F0B-B35A-4912-8424-5F01FFED2B36}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
==================== Restore Points =========================
21-09-2019 10:06:29 ZHPcleaner
24-09-2019 07:12:06 Intel® PROSet/Wireless Software
27-09-2019 08:28:08 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/30/2019 10:24:03 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (21164,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (09/30/2019 09:58:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8492,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (09/30/2019 09:23:18 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15416,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (09/30/2019 08:23:18 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (18816,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (09/30/2019 07:23:17 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (17976,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (09/30/2019 06:33:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-3VLR0DJ.local already in use; will try DESKTOP-3VLR0DJ-2.local instead
Error: (09/30/2019 06:33:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-3VLR0DJ.local. Addr 10.0.0.249
Error: (09/30/2019 06:33:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.249:5353 16 DESKTOP-3VLR0DJ.local. AAAA 2601:0246:CF00:BE50:54CB:4258:BFA3:8D64
System errors:
=============
Error: (09/29/2019 10:12:12 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:12 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2019-09-30 10:19:02.412
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 09:49:37.806
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 09:49:24.322
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 09:49:23.749
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 09:48:21.910
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 09:18:18.160
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 08:18:18.331
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 07:18:17.899
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Dell Inc. 1.0.20 06/20/2019
Motherboard: Dell Inc. 0VHXCD
Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 75%
Total physical RAM: 8095.51 MB
Available physical RAM: 2000.53 MB
Total Virtual: 11935.37 MB
Available Virtual: 3121.3 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.28 GB) (Free:839.41 GB) NTFS
\\?\Volume{7ca2d8b2-788e-4e1d-b1bc-77671605bc2e}\ (WINRETOOLS) (Fixed) (Total:0.45 GB) (Free:0.05 GB) NTFS
\\?\Volume{e8326976-25f0-424d-bc37-245e528efd6d}\ (Image) (Fixed) (Total:13.04 GB) (Free:0.14 GB) NTFS
\\?\Volume{ebc6df12-0779-4dd6-9019-8bb408f8d011}\ (DELLSUPPORT) (Fixed) (Total:1.12 GB) (Free:0.5 GB) NTFS
\\?\Volume{638e460e-85e9-4db3-9317-c26fc3b00638}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E287D8D3)
Partition: GPT.
==================== End of Addition.txt ============================
It found 3 other viruses which is quarantined but they seem to be associated with a program I use called ProcessHacker which shows computer use. One is kprocesshacker.sys, detected as PUA.Win.Tool.Prochack::95.sbx.tg Quarantine was successful. The second was peview.exe has been detected as PUA.WinTool.Prochack::95.sbx.tg. Quarantine was successful. The last is ProcessHacker.exe has been detected as W32.ProHackg1.22k2.1201. Quarantine was successful. I can not find a way to upload a Word file so I am copying the text and pasting it here.
First.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-09-2019
Ran by john (administrator) on DESKTOP-3VLR0DJ (Dell Inc. XPS 8920) (30-09-2019 10:34:44)
Running from C:\Users\john\Desktop\uploadfiles
Loaded Profiles: john (Available Profiles: john & DefaultAppPool)
Platform: Windows 10 Home Version 1903 18362.387 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Cisco Systems, Inc. -> ) C:\Program Files\Immunet\6.5.0\cscm.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files\Immunet\6.5.0\sfc.exe
(Cisco Systems, Inc. -> Immunet) C:\Program Files\Immunet\6.5.0\iptray.exe
(Comodo Security Solutions -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132869.inf_amd64_052eb72d070df60f\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132869.inf_amd64_052eb72d070df60f\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132869.inf_amd64_052eb72d070df60f\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_a9a8972288e9f3b5\RstMwService.exe
(Intel(R) RMT -> Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\pcdrwi.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Ruiware, LLC -> Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-09-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-09-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1198448 2017-08-30] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13036496 2019-07-31] (Comodo Security Solutions -> COMODO)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-07-29] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\6.5.0\iptray.exe [852672 2019-09-29] (Cisco Systems, Inc. -> Immunet)
HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-07] (Ruiware, LLC -> Ruiware)
HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3681944 2019-09-05] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {024A08D1-2A77-4BF0-A55E-0385BB4BE105} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe
Task: {1113E4A1-A9D9-4C40-BD2A-7E35C14C99B4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855592 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {12464C68-2622-4427-987B-D63C10686566} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855592 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {17B1E544-870D-4196-9AD1-A2464829470F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
Task: {1D586BAD-F85E-4338-8F97-9A4C36EDCA23} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2089375E-4F57-4461-ADCF-D854AA5D07FD} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950312 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {25A309F0-3A05-4CDB-8685-6B746523DEB0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950312 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {41F034F9-100A-4C98-AC6C-123241DAD28E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BEEAF73-7DCE-4598-8ACD-C8219410275E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {5C04EC03-4EF1-4B3B-A719-3B3DEE980E5A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {602169EB-3F4D-4895-92F3-096CF8DE83CB} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950312 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6AD14494-B4FF-4F74-84CE-FD9E5C4E149E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [903520 2019-02-13] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {6B84A512-C906-4967-8621-B5D3B6A9A2D4} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5714384 2019-07-31] (Comodo Security Solutions -> COMODO)
Task: {6D7D7F46-C97D-44BB-AE47-E4E81156B1E1} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {724A31AE-773F-49DA-A011-65A9E1C71D66} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5714384 2019-07-31] (Comodo Security Solutions -> COMODO)
Task: {76D778B2-DAA7-4959-98A5-B108FBE9DC95} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {775204CF-EAE2-4835-A1EB-AE2605624946} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {7AE1ABA5-0116-4FBC-B3BD-5D42915C1401} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-09-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {837586DC-921E-4971-9DEF-9CEB489BCA3F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1571464 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {8937F14B-268E-4950-B07C-494C519AF1C6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8A557C8C-952D-4BC7-AF9B-5DCC068043E2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {92FEA408-A201-473E-B0D7-C4E520A03527} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {9EFACDD5-0414-42F6-AA43-1F2DF53B5C1E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A560809D-EDE1-4457-A671-9C7762D36E28} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3487272 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
______________________________________________________________________________________________________________________________
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-09-2019
Ran by john (30-09-2019 10:29:48)
Running from C:\Users\john\Desktop\uploadfiles
Windows 10 Home Version 1903 18362.387 (X64) (2019-06-21 20:52:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-822668767-2629868110-4160438993-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-822668767-2629868110-4160438993-503 - Limited - Disabled)
Guest (S-1-5-21-822668767-2629868110-4160438993-501 - Limited - Disabled)
john (S-1-5-21-822668767-2629868110-4160438993-1001 - Administrator - Enabled) => C:\Users\john
WDAGUtilityAccount (S-1-5-21-822668767-2629868110-4160438993-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Immunet (Enabled - Up to date) {05A27767-0425-EB45-C06B-DA28DB7FCD38}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {3D9428CB-50D2-A37E-F90F-1D238F042427}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Any Video Converter 6.3.1 (HKLM-x32\...\Any Video Converter) (Version: 6.3.1 - Anvsoft)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 4.3 - Power Software Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bridge Base Online (HKLM-x32\...\Bridge Base OnlineVersion 5.2.21) (Version: Version 5.2.21 - Bridge Base Online, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
COMODO Firewall (HKLM\...\{C7126FFC-A751-471B-93B4-19439D6AA992}) (Version: 12.0.0.6882 - COMODO Security Solutions Inc.) Hidden
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 12.0.0.6882 - COMODO Security Solutions Inc.)
Dell Digital Delivery (HKLM-x32\...\{4B38FF9D-7308-411D-93BF-CCF259B476ED}) (Version: 3.5.2013.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{8917AEA5-01A5-476F-AA27-A52EA6C94212}) (Version: 2.6.1.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{95BD6E30-2B18-4FB0-B5AE-8250E5584831}) (Version: 3.3.3.13 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.6.0.25114 - Foxit Software Inc.)
Immunet (HKLM-x32\...\Immunet Protect) (Version: 6.5.0.11255 - Cisco Systems, Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.6951 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1003 - Intel Corporation)
Intel(R) Ready Mode Technology (HKLM\...\{CC3C017C-876D-4A31-A128-593FF92A1FE7}) (Version: 1.1.70.528 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.20.0.4 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{4B3C56AB-963E-4F48-9747-05297683DB3B}) (Version: 16.8.3.1003 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86f7f90f-40a4-4cf2-b9dc-cfde74107a2f}) (Version: 21.20.1 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9266.0 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B9966F27-9678-4620-9579-925E3084647E}) (Version: 07.03.0719 - Microsoft Corporation)
Microsoft Works 2004 Setup Launcher (HKLM-x32\...\Works2004Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{33BEE6F3-9987-4F98-A069-97A64EC8321A}) (Version: 7.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 69.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.1 (x64 en-US)) (Version: 69.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1 - Mozilla)
MRU-Blaster v1.5 (Database 3/28/2004) (HKLM-x32\...\MRU-Blaster_is1) (Version: 1.5 - Javacool Software LLC)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.15.0.186 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.186 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Privacy Mantra 3.00 (HKLM-x32\...\Privacy Mantra 3.00) (Version: - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8248 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
Sandboxie 5.31.4 (64-bit) (HKLM\...\Sandboxie) (Version: 5.31.4 - Sandboxie Holdings, LLC)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-3) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Zic Player v.3.7 (HKLM\...\Zic Player_is1) (Version: 3.7 - Ivan BUBLOZ)
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-06-12] (Autodesk Inc.)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.13.0_x64__htrsf667h5kn2 [2019-06-12] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2019-06-12] (Dell Inc)
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.3.8.0_x64__htrsf667h5kn2 [2019-09-19] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.1.0_x64__xbfy0k16fey96 [2019-06-13] (Dropbox Inc.)
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-07-30] (Keeper Security Inc)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.4.2725.0_x86__mcezb6ze687jp [2019-06-12] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.1.1107.0_x86__8wekyb3d8bbwe [2019-09-04] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-28] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.94.574.0_x64__mcm4njqhnhss8 [2019-09-28] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-06-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-09] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.1.9506.0_x86__mcezb6ze687jp [2019-06-12] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_8.0.8908.0_x86__mcezb6ze687jp [2019-06-12] (CYBERLINK CORPORATION.)
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2019-06-12] (CYBERLINK CORPORATION.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0 [2019-09-17] (Spotify AB)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-822668767-2629868110-4160438993-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-07-31] (Comodo Security Solutions -> COMODO)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-07-31] (Comodo Security Solutions -> COMODO)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2019-07-31] (Comodo Security Solutions -> COMODO)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\john\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
==================== Loaded Modules (Whitelisted) ==============
2019-07-15 10:20 - 2019-07-15 10:20 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2005-01-13 11:47 - 2005-01-13 11:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ESPSUTL.dll
2011-04-14 10:25 - 2011-04-14 10:25 - 000206336 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnCom10.dll
2011-04-14 10:25 - 2011-04-14 10:25 - 000082944 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnEps25.dll
2011-04-14 10:25 - 2011-04-14 10:25 - 000055808 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnMgr10.dll
2012-02-09 13:53 - 2012-02-09 13:53 - 000110080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2011-04-14 10:16 - 2011-04-14 10:16 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScanEngine30.dll
2017-12-19 10:05 - 2011-08-30 14:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2017-12-19 10:05 - 2011-08-01 19:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
2018-04-20 10:17 - 2013-12-23 11:00 - 000040448 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL
2018-04-20 10:17 - 2013-12-23 11:00 - 000181760 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\EFXMI09A.dll
2018-04-20 10:17 - 2013-12-23 11:00 - 000235008 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 16:03 - 2018-09-12 07:37 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-822668767-2629868110-4160438993-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run32: => "IseUI"
HKU\S-1-5-21-822668767-2629868110-4160438993-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{D3080380-A6D1-4F32-B05A-DA8294A65F33}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{4DB23F0B-B35A-4912-8424-5F01FFED2B36}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
==================== Restore Points =========================
21-09-2019 10:06:29 ZHPcleaner
24-09-2019 07:12:06 Intel® PROSet/Wireless Software
27-09-2019 08:28:08 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/30/2019 10:24:03 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (21164,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (09/30/2019 09:58:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8492,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (09/30/2019 09:23:18 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15416,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (09/30/2019 08:23:18 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (18816,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (09/30/2019 07:23:17 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (17976,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (09/30/2019 06:33:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-3VLR0DJ.local already in use; will try DESKTOP-3VLR0DJ-2.local instead
Error: (09/30/2019 06:33:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-3VLR0DJ.local. Addr 10.0.0.249
Error: (09/30/2019 06:33:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.249:5353 16 DESKTOP-3VLR0DJ.local. AAAA 2601:0246:CF00:BE50:54CB:4258:BFA3:8D64
System errors:
=============
Error: (09/29/2019 10:12:12 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:12 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/29/2019 10:12:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3VLR0DJ)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2019-09-30 10:19:02.412
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 09:49:37.806
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 09:49:24.322
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 09:49:23.749
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 09:48:21.910
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 09:18:18.160
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 08:18:18.331
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-09-30 07:18:17.899
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Dell Inc. 1.0.20 06/20/2019
Motherboard: Dell Inc. 0VHXCD
Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 75%
Total physical RAM: 8095.51 MB
Available physical RAM: 2000.53 MB
Total Virtual: 11935.37 MB
Available Virtual: 3121.3 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.28 GB) (Free:839.41 GB) NTFS
\\?\Volume{7ca2d8b2-788e-4e1d-b1bc-77671605bc2e}\ (WINRETOOLS) (Fixed) (Total:0.45 GB) (Free:0.05 GB) NTFS
\\?\Volume{e8326976-25f0-424d-bc37-245e528efd6d}\ (Image) (Fixed) (Total:13.04 GB) (Free:0.14 GB) NTFS
\\?\Volume{ebc6df12-0779-4dd6-9019-8bb408f8d011}\ (DELLSUPPORT) (Fixed) (Total:1.12 GB) (Free:0.5 GB) NTFS
\\?\Volume{638e460e-85e9-4db3-9317-c26fc3b00638}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E287D8D3)
Partition: GPT.
==================== End of Addition.txt ============================