rcb56
2018-02-18, 22:47
i just can't stay away! someone on facebook sent me a file and before i thought...click! it never showed what the file was or anything but since this has been querky as the devil and hoping y'all can help again. my browser just goes on the blink literally and begins to blink out of control until i have to kill it. also scrolling is impossible!
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Dad (18-02-2018 14:28:27)
Running from C:\Users\Dad\Downloads
Windows 10 Home Version 1709 16299.248 (X64) (2018-02-02 09:33:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2107755742-302254199-1763176924-500 - Administrator - Disabled)
Dad (S-1-5-21-2107755742-302254199-1763176924-1001 - Administrator - Enabled) => C:\Users\Dad
DefaultAccount (S-1-5-21-2107755742-302254199-1763176924-503 - Limited - Disabled)
Guest (S-1-5-21-2107755742-302254199-1763176924-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2107755742-302254199-1763176924-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2107755742-302254199-1763176924-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
Dwyco CDC-X version 2.16 (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Dwyco CDC-X_is1) (Version: 2.16 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
Paltalk Messenger 11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.667.17975 - AVM Software Inc.)
QuickBooks Online Edition Utilities V11 (HKLM-x32\...\{06346CB3-EB19-4CD8-8DDC-3C46EA2785A0}) (Version: 1.0.0 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 4.00 - NCH Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.13 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.13 - NCH Software)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
World of Tanks (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1118C60B-02B0-44C3-AC05-3C7FD709523A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {18E61CDA-83AA-49D1-943F-14A92ECCD261} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {21E01E09-89F0-4AEA-A66B-6223D5C4B2ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {2346F721-A9D9-4A64-8DA2-AE86F27DE23A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {37F4D2E2-0574-4037-BD0A-94B879EBF583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-19] (Google Inc.)
Task: {491AB039-0341-4956-83F6-3106AC11F233} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {59AE5AC2-446F-4C83-AAE5-E8DE5953CF57} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {631A030E-4CC0-4B28-8DA3-0C8FF31FB0AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {7D738910-14A4-4408-9B42-521F259B2A0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {91A918B3-3AD4-4A80-9259-71D36D225780} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {B0503919-9EAF-478E-8474-B463F64F275A} - System32\Tasks\update-S-1-5-21-2107755742-302254199-1763176924-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {BD9808D1-0BA9-49E1-91FB-356C844647E2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {D621BF45-7E6D-443B-81AF-0976AC3CF091} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {E4C5BED5-2CBE-4EE0-922A-5A08E7AD9BED} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E53F4C69-36FB-449A-955E-9822096E0AC8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {E749E9EF-2C90-421D-A2AA-D920463EEED4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-19] (Google Inc.)
Task: {ED3C6BCE-6A5C-4A89-92FE-2287836728DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {FF54DC2E-577F-4E54-B8F1-39ACA69B6368} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2107755742-302254199-1763176924-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Dad\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat ()
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-02-13 20:06 - 2018-02-09 22:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-13 20:06 - 2018-02-09 22:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-09 00:16 - 2017-03-09 00:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-12-31 22:11 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-31 22:11 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-12-31 22:11 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-31 22:11 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-06-05 01:11 - 2018-01-02 10:46 - 000454537 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15601 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "World of Tanks"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8CCAC849-70E3-46E5-917C-BC8AF033E480}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{75A45EA3-8F6E-40A6-ABEA-BEE725167883}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB709A6E-44BB-49AD-8FD6-4C5F1FC92929}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6212E99-160B-4688-8CBA-D7A12F5EC108}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3B37680-C314-40B7-BC39-16EEDE3EF147}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46B65E1E-BEDF-4DC5-9D92-8D74D4F9F47D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{D040F650-7821-46C1-B3E2-FC21FE4540A8}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [TCP Query User{003B7E6E-80BD-439B-8A70-857B9C41445E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{E97CF5CC-E875-4413-AF67-EA0BDE39744F}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [TCP Query User{652BCC34-0101-42ED-8CFC-BDF4E367733E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{CA8FC303-D0A8-43A6-84C6-54CAC9CA4FC0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{3BB79B1F-5EAF-409D-9277-3D93CF6A5BBB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{D6644C78-5BEB-4F4F-ADF4-0DFCEECD800B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{DDA1ECFF-9C07-456F-AED1-E7E4ACC6DC69}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{3983567D-ABED-414F-8346-E716A1AC4AD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{842718F1-D799-4129-B411-C6AA75BCCAF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEC79ECD-6681-4E93-B010-ADEB31358442}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{3B10229E-CDCB-4838-A588-A36298F46539}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{EE52C107-CFB0-4AB6-AB07-511083C515F1}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{0B8C3854-02F3-4873-8137-AA07C6AACD70}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{FC40BBF2-173D-4DEA-BC2E-ABD4E67FC263}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{037AE302-F2C3-4DA1-94A4-AA16771A2D65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8C55A400-28B0-41E2-9EC2-E2C156B2E5CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DCB0F72F-2794-49C3-B4BE-B7F7259D4D09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F6CE2F8-C0BC-4AE4-968C-49CE7DD5A004}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DACA846C-1058-4C65-B0BF-275A6B880817}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7BE9129F-4D4D-4CA1-8758-718D105B9007}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{04DC7985-D6D7-4F0C-85D1-DE82C0E499EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{249411A6-EFB5-4AB4-8A4D-4CCECD63F018}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8A178460-A3B6-4DC5-A28F-6B4A27949C57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6DBBD56B-09BF-492D-8393-6F891C6CD024}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{F6953542-567D-4F47-821B-15F4AE58C583}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{FE373094-A60A-41B7-AAB1-E8E73E51FDF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48380C01-FCD2-4F6A-9B1C-67F99EA78734}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
02-02-2018 09:50:04 Windows Update
07-02-2018 09:59:31 Windows Update
10-02-2018 22:40:16 Installed QuickBooks Online Edition Utilities V11
14-02-2018 18:51:00 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/18/2018 01:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDWelcome.exe, version: 2.6.46.130, time stamp: 0x535a5196
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0x3a21d961
Exception code: 0xc0000005
Fault offset: 0x00089122
Faulting process id: 0x1920
Faulting application start time: 0x01d3a8f209b8873d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 700622d4-c787-46a7-8a6d-eca3e89f25f1
Faulting package full name:
Faulting package-relative application ID:
Error: (02/18/2018 01:52:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.16299.248 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 620
Start Time: 01d3a8f1c524fa53
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Report Id: 6c96892b-cf9d-4327-ad8b-e114802c3d7f
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (02/18/2018 01:52:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BRIDGES1)
Description: Package Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/15/2018 06:43:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234
Error: (02/15/2018 06:43:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234
System errors:
=============
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
An attempt was made to reference a token that does not exist.
Error: (02/18/2018 02:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sxuptp service failed to start due to the following error:
This driver has been blocked from loading
Error: (02/18/2018 02:16:05 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: sxuptp.sys
Error: (02/18/2018 01:55:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Windows Defender:
===================================
Date: 2018-02-16 10:40:46.523
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D8421488-FA25-4AC4-AA43-7BD12DC792AD}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-15 07:36:43.311
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D11514C6-91B5-4C2A-84BB-2C5E5B1D8FAA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-15 06:01:51.666
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8CFE747C-BA0B-4427-92F7-B76E0F378FAC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-14 02:26:17.389
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9C6BC7F6-2B1B-4175-BE63-F9F28FDAEB2F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-13 23:08:09.418
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5F8DA687-83A9-46E6-9C32-102DB7566E20}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-18 13:56:49.274
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2018-02-18 13:56:49.274
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2018-02-18 14:27:34.794
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:27:34.791
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:14.914
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:14.912
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:09.590
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:09.589
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:07.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:07.484
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 37%
Total physical RAM: 6048.27 MB
Available physical RAM: 3776.07 MB
Total Virtual: 6432.27 MB
Available Virtual: 4208.92 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:728.48 GB) NTFS
Drive d: (Recovery1) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF
Drive j: (FAT16) (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32
\\?\Volume{1f74b045-50b1-11e1-94c3-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{1f74b044-50b1-11e1-94c3-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 5D81C09C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 7.4 GB) (Disk ID: 1C8F1BEF)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=0B)
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Dad (18-02-2018 14:28:27)
Running from C:\Users\Dad\Downloads
Windows 10 Home Version 1709 16299.248 (X64) (2018-02-02 09:33:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2107755742-302254199-1763176924-500 - Administrator - Disabled)
Dad (S-1-5-21-2107755742-302254199-1763176924-1001 - Administrator - Enabled) => C:\Users\Dad
DefaultAccount (S-1-5-21-2107755742-302254199-1763176924-503 - Limited - Disabled)
Guest (S-1-5-21-2107755742-302254199-1763176924-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2107755742-302254199-1763176924-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2107755742-302254199-1763176924-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
Dwyco CDC-X version 2.16 (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Dwyco CDC-X_is1) (Version: 2.16 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
Paltalk Messenger 11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.667.17975 - AVM Software Inc.)
QuickBooks Online Edition Utilities V11 (HKLM-x32\...\{06346CB3-EB19-4CD8-8DDC-3C46EA2785A0}) (Version: 1.0.0 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 4.00 - NCH Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.13 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.13 - NCH Software)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
World of Tanks (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1118C60B-02B0-44C3-AC05-3C7FD709523A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {18E61CDA-83AA-49D1-943F-14A92ECCD261} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {21E01E09-89F0-4AEA-A66B-6223D5C4B2ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {2346F721-A9D9-4A64-8DA2-AE86F27DE23A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {37F4D2E2-0574-4037-BD0A-94B879EBF583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-19] (Google Inc.)
Task: {491AB039-0341-4956-83F6-3106AC11F233} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {59AE5AC2-446F-4C83-AAE5-E8DE5953CF57} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {631A030E-4CC0-4B28-8DA3-0C8FF31FB0AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {7D738910-14A4-4408-9B42-521F259B2A0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {91A918B3-3AD4-4A80-9259-71D36D225780} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {B0503919-9EAF-478E-8474-B463F64F275A} - System32\Tasks\update-S-1-5-21-2107755742-302254199-1763176924-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {BD9808D1-0BA9-49E1-91FB-356C844647E2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {D621BF45-7E6D-443B-81AF-0976AC3CF091} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {E4C5BED5-2CBE-4EE0-922A-5A08E7AD9BED} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E53F4C69-36FB-449A-955E-9822096E0AC8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {E749E9EF-2C90-421D-A2AA-D920463EEED4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-19] (Google Inc.)
Task: {ED3C6BCE-6A5C-4A89-92FE-2287836728DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {FF54DC2E-577F-4E54-B8F1-39ACA69B6368} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2107755742-302254199-1763176924-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Dad\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat ()
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-02-13 20:06 - 2018-02-09 22:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-13 20:06 - 2018-02-09 22:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-09 00:16 - 2017-03-09 00:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-12-31 22:11 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-31 22:11 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-12-31 22:11 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-31 22:11 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-06-05 01:11 - 2018-01-02 10:46 - 000454537 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15601 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "World of Tanks"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8CCAC849-70E3-46E5-917C-BC8AF033E480}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{75A45EA3-8F6E-40A6-ABEA-BEE725167883}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB709A6E-44BB-49AD-8FD6-4C5F1FC92929}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6212E99-160B-4688-8CBA-D7A12F5EC108}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3B37680-C314-40B7-BC39-16EEDE3EF147}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46B65E1E-BEDF-4DC5-9D92-8D74D4F9F47D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{D040F650-7821-46C1-B3E2-FC21FE4540A8}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [TCP Query User{003B7E6E-80BD-439B-8A70-857B9C41445E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{E97CF5CC-E875-4413-AF67-EA0BDE39744F}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [TCP Query User{652BCC34-0101-42ED-8CFC-BDF4E367733E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{CA8FC303-D0A8-43A6-84C6-54CAC9CA4FC0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{3BB79B1F-5EAF-409D-9277-3D93CF6A5BBB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{D6644C78-5BEB-4F4F-ADF4-0DFCEECD800B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{DDA1ECFF-9C07-456F-AED1-E7E4ACC6DC69}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{3983567D-ABED-414F-8346-E716A1AC4AD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{842718F1-D799-4129-B411-C6AA75BCCAF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEC79ECD-6681-4E93-B010-ADEB31358442}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{3B10229E-CDCB-4838-A588-A36298F46539}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{EE52C107-CFB0-4AB6-AB07-511083C515F1}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{0B8C3854-02F3-4873-8137-AA07C6AACD70}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{FC40BBF2-173D-4DEA-BC2E-ABD4E67FC263}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{037AE302-F2C3-4DA1-94A4-AA16771A2D65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8C55A400-28B0-41E2-9EC2-E2C156B2E5CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DCB0F72F-2794-49C3-B4BE-B7F7259D4D09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F6CE2F8-C0BC-4AE4-968C-49CE7DD5A004}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DACA846C-1058-4C65-B0BF-275A6B880817}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7BE9129F-4D4D-4CA1-8758-718D105B9007}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{04DC7985-D6D7-4F0C-85D1-DE82C0E499EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{249411A6-EFB5-4AB4-8A4D-4CCECD63F018}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8A178460-A3B6-4DC5-A28F-6B4A27949C57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6DBBD56B-09BF-492D-8393-6F891C6CD024}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{F6953542-567D-4F47-821B-15F4AE58C583}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{FE373094-A60A-41B7-AAB1-E8E73E51FDF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48380C01-FCD2-4F6A-9B1C-67F99EA78734}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
02-02-2018 09:50:04 Windows Update
07-02-2018 09:59:31 Windows Update
10-02-2018 22:40:16 Installed QuickBooks Online Edition Utilities V11
14-02-2018 18:51:00 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/18/2018 01:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDWelcome.exe, version: 2.6.46.130, time stamp: 0x535a5196
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0x3a21d961
Exception code: 0xc0000005
Fault offset: 0x00089122
Faulting process id: 0x1920
Faulting application start time: 0x01d3a8f209b8873d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 700622d4-c787-46a7-8a6d-eca3e89f25f1
Faulting package full name:
Faulting package-relative application ID:
Error: (02/18/2018 01:52:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.16299.248 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 620
Start Time: 01d3a8f1c524fa53
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Report Id: 6c96892b-cf9d-4327-ad8b-e114802c3d7f
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (02/18/2018 01:52:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BRIDGES1)
Description: Package Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/15/2018 06:43:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234
Error: (02/15/2018 06:43:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234
System errors:
=============
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
An attempt was made to reference a token that does not exist.
Error: (02/18/2018 02:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sxuptp service failed to start due to the following error:
This driver has been blocked from loading
Error: (02/18/2018 02:16:05 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: sxuptp.sys
Error: (02/18/2018 01:55:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Windows Defender:
===================================
Date: 2018-02-16 10:40:46.523
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D8421488-FA25-4AC4-AA43-7BD12DC792AD}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-15 07:36:43.311
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D11514C6-91B5-4C2A-84BB-2C5E5B1D8FAA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-15 06:01:51.666
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8CFE747C-BA0B-4427-92F7-B76E0F378FAC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-14 02:26:17.389
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9C6BC7F6-2B1B-4175-BE63-F9F28FDAEB2F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-13 23:08:09.418
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5F8DA687-83A9-46E6-9C32-102DB7566E20}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-18 13:56:49.274
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2018-02-18 13:56:49.274
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2018-02-18 14:27:34.794
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:27:34.791
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:14.914
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:14.912
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:09.590
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:09.589
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:07.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:07.484
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 37%
Total physical RAM: 6048.27 MB
Available physical RAM: 3776.07 MB
Total Virtual: 6432.27 MB
Available Virtual: 4208.92 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:728.48 GB) NTFS
Drive d: (Recovery1) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF
Drive j: (FAT16) (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32
\\?\Volume{1f74b045-50b1-11e1-94c3-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{1f74b044-50b1-11e1-94c3-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 5D81C09C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 7.4 GB) (Disk ID: 1C8F1BEF)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=0B)
==================== End of Addition.txt ============================
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/18/18
Scan Time: 2:33 PM
Log File:
Administrator: Yes
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.3994
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: BRIDGES1\Dad
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293564
Threats Detected: 9
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 47 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 6
PUP.Optional.AmazonTB, C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\nnzgkec8.default\jetpack\abb@amazon.com\simple-storage, No Action By User, [9471], [175409],1.0.3994
PUP.Optional.AmazonTB, C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNZGKEC8.DEFAULT\JETPACK\ABB@AMAZON.COM, No Action By User, [9471], [175409],1.0.3994
PUP.Optional.Converter, C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\nnzgkec8.default\jetpack\@Converter\simple-storage, No Action By User, [7236], [386988],1.0.3994
PUP.Optional.Converter, C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNZGKEC8.DEFAULT\JETPACK\@CONVERTER, No Action By User, [7236], [386988],1.0.3994
PUP.Optional.DriverSupport, C:\Users\Dad\Downloads\Driver Support\Driver Support, No Action By User, [2320], [484517],1.0.3994
PUP.Optional.DriverSupport, C:\USERS\DAD\DOWNLOADS\DRIVER SUPPORT, No Action By User, [2320], [484517],1.0.3994
File: 3
PUP.Optional.AmazonTB, C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\nnzgkec8.default\jetpack\abb@amazon.com\simple-storage\store.json, No Action By User, [9471], [175409],1.0.3994
PUP.Optional.Converter, C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\nnzgkec8.default\jetpack\@Converter\simple-storage\store.json, No Action By User, [7236], [386988],1.0.3994
PUP.Optional.ConsumerInput, C:\COMPETE-HEADER-LONG2.BMP, No Action By User, [170], [464144],1.0.3994
Physical Sector: 0
(No malicious items detected)
(end)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Dad (18-02-2018 14:28:27)
Running from C:\Users\Dad\Downloads
Windows 10 Home Version 1709 16299.248 (X64) (2018-02-02 09:33:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2107755742-302254199-1763176924-500 - Administrator - Disabled)
Dad (S-1-5-21-2107755742-302254199-1763176924-1001 - Administrator - Enabled) => C:\Users\Dad
DefaultAccount (S-1-5-21-2107755742-302254199-1763176924-503 - Limited - Disabled)
Guest (S-1-5-21-2107755742-302254199-1763176924-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2107755742-302254199-1763176924-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2107755742-302254199-1763176924-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
Dwyco CDC-X version 2.16 (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Dwyco CDC-X_is1) (Version: 2.16 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
Paltalk Messenger 11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.667.17975 - AVM Software Inc.)
QuickBooks Online Edition Utilities V11 (HKLM-x32\...\{06346CB3-EB19-4CD8-8DDC-3C46EA2785A0}) (Version: 1.0.0 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 4.00 - NCH Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.13 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.13 - NCH Software)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
World of Tanks (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1118C60B-02B0-44C3-AC05-3C7FD709523A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {18E61CDA-83AA-49D1-943F-14A92ECCD261} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {21E01E09-89F0-4AEA-A66B-6223D5C4B2ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {2346F721-A9D9-4A64-8DA2-AE86F27DE23A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {37F4D2E2-0574-4037-BD0A-94B879EBF583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-19] (Google Inc.)
Task: {491AB039-0341-4956-83F6-3106AC11F233} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {59AE5AC2-446F-4C83-AAE5-E8DE5953CF57} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {631A030E-4CC0-4B28-8DA3-0C8FF31FB0AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {7D738910-14A4-4408-9B42-521F259B2A0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {91A918B3-3AD4-4A80-9259-71D36D225780} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {B0503919-9EAF-478E-8474-B463F64F275A} - System32\Tasks\update-S-1-5-21-2107755742-302254199-1763176924-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {BD9808D1-0BA9-49E1-91FB-356C844647E2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {D621BF45-7E6D-443B-81AF-0976AC3CF091} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {E4C5BED5-2CBE-4EE0-922A-5A08E7AD9BED} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E53F4C69-36FB-449A-955E-9822096E0AC8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {E749E9EF-2C90-421D-A2AA-D920463EEED4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-19] (Google Inc.)
Task: {ED3C6BCE-6A5C-4A89-92FE-2287836728DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {FF54DC2E-577F-4E54-B8F1-39ACA69B6368} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2107755742-302254199-1763176924-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Dad\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat ()
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-02-13 20:06 - 2018-02-09 22:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-13 20:06 - 2018-02-09 22:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-09 00:16 - 2017-03-09 00:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-12-31 22:11 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-31 22:11 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-12-31 22:11 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-31 22:11 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-06-05 01:11 - 2018-01-02 10:46 - 000454537 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15601 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "World of Tanks"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8CCAC849-70E3-46E5-917C-BC8AF033E480}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{75A45EA3-8F6E-40A6-ABEA-BEE725167883}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB709A6E-44BB-49AD-8FD6-4C5F1FC92929}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6212E99-160B-4688-8CBA-D7A12F5EC108}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3B37680-C314-40B7-BC39-16EEDE3EF147}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46B65E1E-BEDF-4DC5-9D92-8D74D4F9F47D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{D040F650-7821-46C1-B3E2-FC21FE4540A8}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [TCP Query User{003B7E6E-80BD-439B-8A70-857B9C41445E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{E97CF5CC-E875-4413-AF67-EA0BDE39744F}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [TCP Query User{652BCC34-0101-42ED-8CFC-BDF4E367733E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{CA8FC303-D0A8-43A6-84C6-54CAC9CA4FC0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{3BB79B1F-5EAF-409D-9277-3D93CF6A5BBB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{D6644C78-5BEB-4F4F-ADF4-0DFCEECD800B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{DDA1ECFF-9C07-456F-AED1-E7E4ACC6DC69}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{3983567D-ABED-414F-8346-E716A1AC4AD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{842718F1-D799-4129-B411-C6AA75BCCAF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEC79ECD-6681-4E93-B010-ADEB31358442}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{3B10229E-CDCB-4838-A588-A36298F46539}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{EE52C107-CFB0-4AB6-AB07-511083C515F1}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{0B8C3854-02F3-4873-8137-AA07C6AACD70}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{FC40BBF2-173D-4DEA-BC2E-ABD4E67FC263}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{037AE302-F2C3-4DA1-94A4-AA16771A2D65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8C55A400-28B0-41E2-9EC2-E2C156B2E5CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DCB0F72F-2794-49C3-B4BE-B7F7259D4D09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F6CE2F8-C0BC-4AE4-968C-49CE7DD5A004}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DACA846C-1058-4C65-B0BF-275A6B880817}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7BE9129F-4D4D-4CA1-8758-718D105B9007}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{04DC7985-D6D7-4F0C-85D1-DE82C0E499EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{249411A6-EFB5-4AB4-8A4D-4CCECD63F018}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8A178460-A3B6-4DC5-A28F-6B4A27949C57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6DBBD56B-09BF-492D-8393-6F891C6CD024}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{F6953542-567D-4F47-821B-15F4AE58C583}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{FE373094-A60A-41B7-AAB1-E8E73E51FDF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48380C01-FCD2-4F6A-9B1C-67F99EA78734}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
02-02-2018 09:50:04 Windows Update
07-02-2018 09:59:31 Windows Update
10-02-2018 22:40:16 Installed QuickBooks Online Edition Utilities V11
14-02-2018 18:51:00 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/18/2018 01:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDWelcome.exe, version: 2.6.46.130, time stamp: 0x535a5196
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0x3a21d961
Exception code: 0xc0000005
Fault offset: 0x00089122
Faulting process id: 0x1920
Faulting application start time: 0x01d3a8f209b8873d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 700622d4-c787-46a7-8a6d-eca3e89f25f1
Faulting package full name:
Faulting package-relative application ID:
Error: (02/18/2018 01:52:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.16299.248 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 620
Start Time: 01d3a8f1c524fa53
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Report Id: 6c96892b-cf9d-4327-ad8b-e114802c3d7f
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (02/18/2018 01:52:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BRIDGES1)
Description: Package Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/15/2018 06:43:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234
Error: (02/15/2018 06:43:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234
System errors:
=============
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
An attempt was made to reference a token that does not exist.
Error: (02/18/2018 02:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sxuptp service failed to start due to the following error:
This driver has been blocked from loading
Error: (02/18/2018 02:16:05 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: sxuptp.sys
Error: (02/18/2018 01:55:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Windows Defender:
===================================
Date: 2018-02-16 10:40:46.523
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D8421488-FA25-4AC4-AA43-7BD12DC792AD}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-15 07:36:43.311
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D11514C6-91B5-4C2A-84BB-2C5E5B1D8FAA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-15 06:01:51.666
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8CFE747C-BA0B-4427-92F7-B76E0F378FAC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-14 02:26:17.389
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9C6BC7F6-2B1B-4175-BE63-F9F28FDAEB2F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-13 23:08:09.418
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5F8DA687-83A9-46E6-9C32-102DB7566E20}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-18 13:56:49.274
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2018-02-18 13:56:49.274
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2018-02-18 14:27:34.794
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:27:34.791
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:14.914
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:14.912
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:09.590
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:09.589
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:07.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:07.484
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 37%
Total physical RAM: 6048.27 MB
Available physical RAM: 3776.07 MB
Total Virtual: 6432.27 MB
Available Virtual: 4208.92 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:728.48 GB) NTFS
Drive d: (Recovery1) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF
Drive j: (FAT16) (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32
\\?\Volume{1f74b045-50b1-11e1-94c3-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{1f74b044-50b1-11e1-94c3-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 5D81C09C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 7.4 GB) (Disk ID: 1C8F1BEF)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=0B)
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Dad (18-02-2018 14:28:27)
Running from C:\Users\Dad\Downloads
Windows 10 Home Version 1709 16299.248 (X64) (2018-02-02 09:33:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2107755742-302254199-1763176924-500 - Administrator - Disabled)
Dad (S-1-5-21-2107755742-302254199-1763176924-1001 - Administrator - Enabled) => C:\Users\Dad
DefaultAccount (S-1-5-21-2107755742-302254199-1763176924-503 - Limited - Disabled)
Guest (S-1-5-21-2107755742-302254199-1763176924-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2107755742-302254199-1763176924-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2107755742-302254199-1763176924-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
Dwyco CDC-X version 2.16 (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Dwyco CDC-X_is1) (Version: 2.16 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
Paltalk Messenger 11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.667.17975 - AVM Software Inc.)
QuickBooks Online Edition Utilities V11 (HKLM-x32\...\{06346CB3-EB19-4CD8-8DDC-3C46EA2785A0}) (Version: 1.0.0 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 4.00 - NCH Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.13 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.13 - NCH Software)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
World of Tanks (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1118C60B-02B0-44C3-AC05-3C7FD709523A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {18E61CDA-83AA-49D1-943F-14A92ECCD261} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {21E01E09-89F0-4AEA-A66B-6223D5C4B2ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {2346F721-A9D9-4A64-8DA2-AE86F27DE23A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {37F4D2E2-0574-4037-BD0A-94B879EBF583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-19] (Google Inc.)
Task: {491AB039-0341-4956-83F6-3106AC11F233} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {59AE5AC2-446F-4C83-AAE5-E8DE5953CF57} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {631A030E-4CC0-4B28-8DA3-0C8FF31FB0AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {7D738910-14A4-4408-9B42-521F259B2A0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {91A918B3-3AD4-4A80-9259-71D36D225780} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {B0503919-9EAF-478E-8474-B463F64F275A} - System32\Tasks\update-S-1-5-21-2107755742-302254199-1763176924-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {BD9808D1-0BA9-49E1-91FB-356C844647E2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {D621BF45-7E6D-443B-81AF-0976AC3CF091} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {E4C5BED5-2CBE-4EE0-922A-5A08E7AD9BED} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E53F4C69-36FB-449A-955E-9822096E0AC8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
Task: {E749E9EF-2C90-421D-A2AA-D920463EEED4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-19] (Google Inc.)
Task: {ED3C6BCE-6A5C-4A89-92FE-2287836728DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {FF54DC2E-577F-4E54-B8F1-39ACA69B6368} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-02] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2107755742-302254199-1763176924-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Dad\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat ()
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-02-13 20:06 - 2018-02-09 22:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-13 20:06 - 2018-02-09 22:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-09 00:16 - 2017-03-09 00:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-12-31 22:11 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-12-31 22:11 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-12-31 22:11 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-31 22:11 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-06-05 01:11 - 2018-01-02 10:46 - 000454537 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15601 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "World of Tanks"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8CCAC849-70E3-46E5-917C-BC8AF033E480}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{75A45EA3-8F6E-40A6-ABEA-BEE725167883}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB709A6E-44BB-49AD-8FD6-4C5F1FC92929}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6212E99-160B-4688-8CBA-D7A12F5EC108}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3B37680-C314-40B7-BC39-16EEDE3EF147}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46B65E1E-BEDF-4DC5-9D92-8D74D4F9F47D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{D040F650-7821-46C1-B3E2-FC21FE4540A8}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [TCP Query User{003B7E6E-80BD-439B-8A70-857B9C41445E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{E97CF5CC-E875-4413-AF67-EA0BDE39744F}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [TCP Query User{652BCC34-0101-42ED-8CFC-BDF4E367733E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{CA8FC303-D0A8-43A6-84C6-54CAC9CA4FC0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{3BB79B1F-5EAF-409D-9277-3D93CF6A5BBB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{D6644C78-5BEB-4F4F-ADF4-0DFCEECD800B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{DDA1ECFF-9C07-456F-AED1-E7E4ACC6DC69}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{3983567D-ABED-414F-8346-E716A1AC4AD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{842718F1-D799-4129-B411-C6AA75BCCAF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEC79ECD-6681-4E93-B010-ADEB31358442}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{3B10229E-CDCB-4838-A588-A36298F46539}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{EE52C107-CFB0-4AB6-AB07-511083C515F1}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{0B8C3854-02F3-4873-8137-AA07C6AACD70}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{FC40BBF2-173D-4DEA-BC2E-ABD4E67FC263}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{037AE302-F2C3-4DA1-94A4-AA16771A2D65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8C55A400-28B0-41E2-9EC2-E2C156B2E5CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DCB0F72F-2794-49C3-B4BE-B7F7259D4D09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F6CE2F8-C0BC-4AE4-968C-49CE7DD5A004}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DACA846C-1058-4C65-B0BF-275A6B880817}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7BE9129F-4D4D-4CA1-8758-718D105B9007}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{04DC7985-D6D7-4F0C-85D1-DE82C0E499EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{249411A6-EFB5-4AB4-8A4D-4CCECD63F018}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8A178460-A3B6-4DC5-A28F-6B4A27949C57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6DBBD56B-09BF-492D-8393-6F891C6CD024}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{F6953542-567D-4F47-821B-15F4AE58C583}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{FE373094-A60A-41B7-AAB1-E8E73E51FDF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48380C01-FCD2-4F6A-9B1C-67F99EA78734}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
02-02-2018 09:50:04 Windows Update
07-02-2018 09:59:31 Windows Update
10-02-2018 22:40:16 Installed QuickBooks Online Edition Utilities V11
14-02-2018 18:51:00 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/18/2018 01:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDWelcome.exe, version: 2.6.46.130, time stamp: 0x535a5196
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0x3a21d961
Exception code: 0xc0000005
Fault offset: 0x00089122
Faulting process id: 0x1920
Faulting application start time: 0x01d3a8f209b8873d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 700622d4-c787-46a7-8a6d-eca3e89f25f1
Faulting package full name:
Faulting package-relative application ID:
Error: (02/18/2018 01:52:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.16299.248 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 620
Start Time: 01d3a8f1c524fa53
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Report Id: 6c96892b-cf9d-4327-ad8b-e114802c3d7f
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (02/18/2018 01:52:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BRIDGES1)
Description: Package Microsoft.MicrosoftEdge_41.16299.248.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203
Error: (02/17/2018 03:12:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/15/2018 06:43:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234
Error: (02/15/2018 06:43:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234
System errors:
=============
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2018 02:16:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
An attempt was made to reference a token that does not exist.
Error: (02/18/2018 02:16:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sxuptp service failed to start due to the following error:
This driver has been blocked from loading
Error: (02/18/2018 02:16:05 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: sxuptp.sys
Error: (02/18/2018 01:55:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Windows Defender:
===================================
Date: 2018-02-16 10:40:46.523
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D8421488-FA25-4AC4-AA43-7BD12DC792AD}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-15 07:36:43.311
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D11514C6-91B5-4C2A-84BB-2C5E5B1D8FAA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-15 06:01:51.666
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8CFE747C-BA0B-4427-92F7-B76E0F378FAC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-14 02:26:17.389
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9C6BC7F6-2B1B-4175-BE63-F9F28FDAEB2F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-13 23:08:09.418
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5F8DA687-83A9-46E6-9C32-102DB7566E20}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-18 13:56:49.274
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2018-02-18 13:56:49.274
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2018-02-18 14:27:34.794
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:27:34.791
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:14.914
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:14.912
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:09.590
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:09.589
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:07.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-18 14:21:07.484
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 37%
Total physical RAM: 6048.27 MB
Available physical RAM: 3776.07 MB
Total Virtual: 6432.27 MB
Available Virtual: 4208.92 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:728.48 GB) NTFS
Drive d: (Recovery1) (CDROM) (Total:3.9 GB) (Free:0 GB) UDF
Drive j: (FAT16) (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32
\\?\Volume{1f74b045-50b1-11e1-94c3-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{1f74b044-50b1-11e1-94c3-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 5D81C09C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 7.4 GB) (Disk ID: 1C8F1BEF)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=0B)
==================== End of Addition.txt ============================
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/18/18
Scan Time: 2:33 PM
Log File:
Administrator: Yes
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.3994
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: BRIDGES1\Dad
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293564
Threats Detected: 9
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 47 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 6
PUP.Optional.AmazonTB, C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\nnzgkec8.default\jetpack\abb@amazon.com\simple-storage, No Action By User, [9471], [175409],1.0.3994
PUP.Optional.AmazonTB, C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNZGKEC8.DEFAULT\JETPACK\ABB@AMAZON.COM, No Action By User, [9471], [175409],1.0.3994
PUP.Optional.Converter, C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\nnzgkec8.default\jetpack\@Converter\simple-storage, No Action By User, [7236], [386988],1.0.3994
PUP.Optional.Converter, C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNZGKEC8.DEFAULT\JETPACK\@CONVERTER, No Action By User, [7236], [386988],1.0.3994
PUP.Optional.DriverSupport, C:\Users\Dad\Downloads\Driver Support\Driver Support, No Action By User, [2320], [484517],1.0.3994
PUP.Optional.DriverSupport, C:\USERS\DAD\DOWNLOADS\DRIVER SUPPORT, No Action By User, [2320], [484517],1.0.3994
File: 3
PUP.Optional.AmazonTB, C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\nnzgkec8.default\jetpack\abb@amazon.com\simple-storage\store.json, No Action By User, [9471], [175409],1.0.3994
PUP.Optional.Converter, C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\nnzgkec8.default\jetpack\@Converter\simple-storage\store.json, No Action By User, [7236], [386988],1.0.3994
PUP.Optional.ConsumerInput, C:\COMPETE-HEADER-LONG2.BMP, No Action By User, [170], [464144],1.0.3994
Physical Sector: 0
(No malicious items detected)
(end)