Inactive Not sure If my PC is safe

H

HYLLIAN

Ryzen 5 3500U
Win 10 v1809

Hi,

Long story, short version.

I bought this laptop, immediately wiped all junk ware using scripts for power shell and command prompts I found on the internet. Then I disabled Windows update because a) the updates frequently break your PC and b) they bundled these essential security updates with their junk ware re-enablement practices which I had thwarted by using a 3rd party firewall. So now I install Windows Updates manually after a cool off period. I have tried re-enabling windows updates but I have broken something. I have also manually disabled a lot of things in Services.msc and Task Scheduler and blocked everything in firewall.

Despite not knowing what the hell I am doing :D I was thinking I had done a grand job. I can browse internet, nothing gets connection to internet without notifying me and no pop up ads or junk ware or updates forcing me off my own PC.

However today I have noticed a lot of tasks running in task scheduler. I have no idea what these are, some of them I have disabled and they create new ones and some are not able to be disabled at all. Some are user tasks that I have certainly not set up and all these tasks are running numerous times a day. My Laptop is always running hot even when idle and I wish to sort it out but I do not have the knowledge or skills. I am currently trying to search all services and tasks to find out what I can disable and it is a mammoth task! The only other option I can think of starting over from scratch with a windows re-install but this I’d rather avoid.

Is there anybody who can help me on this site? Or maybe point me in the right direction?

Thanks, H
 
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Hwithyll (administrator) on HV551 (LENOVO 81V5) (06-06-2020 20:45:02)
Running from C:\Users\Hwithyll\Downloads
Loaded Profiles: Hwithyll
Platform: Windows 10 Home Version 1809 17763.973 (X64) Language: English (United States)
Default browser: "C:\Program Files\Tools\Mozilla\firefox.exe" -osint -url "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\Tools\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\Tools\AMD\CNext\CNext\RadeonSettings.exe
(Henry++) [File not signed] C:\Program Files\Tools\Simplewall\simplewall.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Tools\Mozilla\firefox.exe <6>
(ProtonVPN AG -> ) C:\Program Files (x86)\Tools\ProtonVPN\ProtonVPNService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\Tools\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [855528 2018-12-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
HKU\S-1-5-21-4195681536-1086729207-2622587325-1001\...\Run: [simplewall] => C:\Program Files\Tools\Simplewall\simplewall.exe [709120 2019-11-15] (Henry++) [File not signed]
HKU\S-1-5-21-4195681536-1086729207-2622587325-1001\...\MountPoints2: {0a414359-02fc-11ea-a21c-98fa9b04816a} - "E:\autorun.exe"

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07B1C6AD-F774-4AD2-899C-5F62F16DF54F} - System32\Tasks\StartCN => C:\Program Files\Tools\AMD\CNext\CNext\cncmd.exe [61112 2019-10-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {29580861-654D-429B-AF96-26831AF828C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8CE5A1FA-89B9-4BE7-A8A2-FE92C164170A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90A64A8D-B3A5-429F-ACD3-C21F7B41F506} - System32\Tasks\StartDVR => C:\Program Files\Tools\AMD\CNext\CNext\RSServCmd.exe [68280 2019-10-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {AF1605AB-F1E7-4F95-A46C-89C780829ACD} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe [2356736 2019-04-15] () [File not signed]
Task: {D281CFFD-5A19-46A1-8DD2-83C5B8053C9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2EF803B-8EE2-4881-BDD3-AA8A10BB73B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F593FA8E-7FA6-4D6D-A852-78592D1978B9} - System32\Tasks\Mozilla\Firefox Default Browser Agent DC7106893C83CC55 => C:\Program Files\Tools\Mozilla\default-browser-agent.exe [124112 2020-06-05] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{5c83dcfa-9a5a-4004-8081-cbd11649829e}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: v23zpqjl.default
FF ProfilePath: C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\v23zpqjl.default [2019-12-10]
FF ProfilePath: C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\ffv8osyh.default-release [2020-06-06]
FF Homepage: Mozilla\Firefox\Profiles\ffv8osyh.default-release -> about:blank
FF Extension: (AdGuard AdBlocker) - C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\ffv8osyh.default-release\Extensions\adguardadblocker@adguard.com.xpi [2020-06-04]
FF Extension: (I don't care about cookies) - C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\ffv8osyh.default-release\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2020-05-25]
FF Extension: (English (GB) Language Pack) - C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\ffv8osyh.default-release\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2020-06-05]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Hwithyll\AppData\Roaming\Mozilla\Firefox\Profiles\ffv8osyh.default-release\Extensions\marcoagpinto@mail.telepac.pt.xpi [2020-05-28]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: Firefox-DC7106893C83CC55 - C:\Program Files\Tools\Mozilla\firefox.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\Tools\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S3 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0347941.inf_amd64_1f3b4b494dc60019\B347949\atiesrxx.exe [509352 2019-10-24] (Advanced Micro Devices, Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-04-15] (BattlEye Innovations e.K. -> )
S4 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [602768 2018-11-21] (Dolby Laboratories, Inc. -> )
S3 FMAPOService; C:\WINDOWS\System32\FMService64.exe [312912 2018-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ProtonVPN Service; C:\Program Files (x86)\Tools\ProtonVPN\ProtonVPNService.exe [99560 2019-10-21] (ProtonVPN AG -> )
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [345520 2019-01-06] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2548224 2020-02-27] (Sony) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdacpbus; C:\WINDOWS\System32\drivers\amdacpbus.sys [1386912 2019-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdacpksl; C:\WINDOWS\system32\drivers\amdacpksl.sys [352256 2018-12-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2018-11-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [60912 2019-01-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0347941.inf_amd64_1f3b4b494dc60019\B347949\atikmdag.sys [60658592 2019-10-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0347941.inf_amd64_1f3b4b494dc60019\B347949\atikmpag.sys [598440 2019-10-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137688 2018-10-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [108152 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-10-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-10-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ProtonVPNSplitTunnelCalloutDriver; C:\Program Files (x86)\Tools\ProtonVPN\Resources\64-bit\win10\ProtonVPNSplitTunnelCalloutDriver.Sys [48664 2019-09-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 SASDIFSV; C:\Program Files\Tools\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\Tools\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41728 2019-01-06] (WDKTestCert myang,131801675084663740 -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42240 2019-01-06] (WDKTestCert myang,131801675084663740 -> Synaptics Incorporated)
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [55648 2019-01-06] (WDKTestCert myang,131801675084663740 -> Synaptics Incorporated)
R3 SynTP; C:\WINDOWS\System32\drivers\SynTP.sys [757024 2019-01-06] (WDKTestCert myang,131801675084663740 -> Synaptics Incorporated)
S3 SynTPFilterHID; C:\WINDOWS\System32\drivers\SynTP.sys [757024 2019-01-06] (WDKTestCert myang,131801675084663740 -> Synaptics Incorporated)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2019-09-13] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-06 20:45 - 2020-06-06 20:45 - 000013044 _____ C:\Users\Hwithyll\Downloads\FRST.txt
2020-06-06 20:44 - 2020-06-06 20:45 - 000000000 ____D C:\FRST
2020-06-06 20:44 - 2020-06-06 20:44 - 000000000 ____D C:\Users\Hwithyll\Downloads\FRST-OlderVersion
2020-06-06 20:43 - 2020-06-06 20:44 - 002289152 _____ (Farbar) C:\Users\Hwithyll\Downloads\FRST64.exe
2020-06-06 14:50 - 2020-06-06 19:11 - 000000000 ____D C:\Users\Hwithyll\AppData\Roaming\vlc
2020-06-06 14:46 - 2020-06-06 14:46 - 000000902 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-06-06 14:46 - 2020-06-06 14:46 - 000000902 _____ C:\ProgramData\Desktop\VLC media player.lnk
2020-06-06 13:19 - 2020-06-06 13:24 - 042544720 _____ C:\Users\Hwithyll\Downloads\vlc-3.0.10-win64.exe
2020-06-05 12:55 - 2020-06-05 12:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-06-02 17:06 - 2020-06-02 17:06 - 000702658 _____ C:\Users\Hwithyll\Downloads\387-TS-4215-LS_HSA Cleaning Catering JD.pdf
2020-05-26 12:45 - 2020-05-26 12:45 - 040550000 _____ (AMD Inc.) C:\Users\Hwithyll\Downloads\radeon-software-adrenalin-2020-20.2.2-minimalsetup-200304_64bit.exe
2020-05-26 12:25 - 2020-05-26 12:25 - 000000000 ____D C:\Users\Hwithyll\Desktop\Update phone project
2020-05-26 12:23 - 2020-05-26 12:23 - 000002271 _____ C:\Users\Public\Desktop\Xperia Companion.lnk
2020-05-26 12:23 - 2020-05-26 12:23 - 000002271 _____ C:\ProgramData\Desktop\Xperia Companion.lnk
2020-05-26 12:23 - 2020-05-26 12:23 - 000000000 ____D C:\Users\Hwithyll\Documents\Sony
2020-05-26 12:23 - 2020-05-26 12:23 - 000000000 ____D C:\Users\Hwithyll\AppData\Roaming\Apple Computer
2020-05-26 12:23 - 2020-05-26 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2020-05-26 12:23 - 2020-05-26 12:23 - 000000000 ____D C:\Program Files\Sony
2020-05-26 12:23 - 2020-05-26 12:23 - 000000000 ____D C:\Program Files (x86)\Sony
2020-05-26 12:19 - 2020-05-26 12:20 - 082335312 _____ (Sony) C:\Users\Hwithyll\Downloads\XperiaCompanion.exe
2020-05-16 22:24 - 2020-05-26 14:56 - 000000347 _____ C:\Users\Hwithyll\Desktop\list.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-06 20:38 - 2019-10-31 23:53 - 000000000 ____D C:\WINDOWS\INF
2020-06-06 20:38 - 2019-10-31 16:11 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-06 20:33 - 2019-11-20 12:01 - 000000000 ____D C:\Users\Hwithyll\AppData\LocalLow\Mozilla
2020-06-06 20:31 - 2019-11-05 23:38 - 000000000 ____D C:\Users\Hwithyll\Documents\888poker
2020-06-06 20:31 - 2019-10-31 23:55 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-06 20:31 - 2019-10-31 23:49 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-06-06 20:31 - 2019-10-31 16:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-06 20:22 - 2019-10-31 23:55 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-06 20:03 - 2019-10-31 16:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-06 19:16 - 2019-12-04 14:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-06 17:48 - 2019-10-31 23:52 - 000000000 ____D C:\Users\Hwithyll\AppData\Roaming\audacity
2020-06-06 12:34 - 2020-03-08 10:22 - 000002434 _____ C:\Users\Hwithyll\Desktop\PrivvyBrowse.lnk
2020-06-05 12:55 - 2019-12-04 14:23 - 000001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-05 12:55 - 2019-10-31 16:32 - 000000000 ____D C:\Program Files\Tools
2020-06-04 18:34 - 2019-11-01 00:07 - 000000000 ____D C:\Users\Hwithyll\AppData\Roaming\tixati
2020-06-04 16:08 - 2019-12-12 10:19 - 000000000 ___RD C:\Users\Hwithyll\Desktop\Games
2020-06-02 14:07 - 2020-02-29 04:04 - 000000000 ____D C:\Users\Hwithyll\AppData\Local\Arma 3 Launcher
2020-06-02 12:49 - 2020-02-29 04:12 - 000000000 ____D C:\Users\Hwithyll\AppData\Local\Arma 3
2020-05-31 13:16 - 2019-12-18 00:49 - 000036408 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2020-05-27 16:56 - 2019-10-31 16:15 - 000000000 ____D C:\Users\Hwithyll\AppData\Local\D3DSCache
2020-05-26 15:53 - 2019-10-30 20:21 - 000000000 ____D C:\Users\Hwithyll\Documents\Paradox Interactive
2020-05-26 12:45 - 2020-04-15 15:59 - 000000000 ____D C:\AMD
2020-05-26 12:23 - 2019-11-01 03:36 - 000000000 ____D C:\ProgramData\Package Cache
2020-05-26 12:00 - 2019-11-12 14:08 - 000000000 ____D C:\Users\Hwithyll\AppData\Roaming\ImageGlass
2020-05-25 22:26 - 2019-12-03 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2020-05-25 22:26 - 2019-10-31 23:49 - 000000000 ____D C:\WINDOWS\Panther

==================== Files in the root of some directories ========

2019-11-03 01:20 - 2020-01-19 17:51 - 000007616 _____ () C:\Users\Hwithyll\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by Hwithyll (06-06-2020 20:45:52)
Running from C:\Users\Hwithyll\Downloads
Windows 10 Home Version 1809 17763.973 (X64) (2019-10-31 15:10:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4195681536-1086729207-2622587325-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4195681536-1086729207-2622587325-503 - Limited - Disabled)
Guest (S-1-5-21-4195681536-1086729207-2622587325-501 - Limited - Disabled)
Hwithyll (S-1-5-21-4195681536-1086729207-2622587325-1001 - Administrator - Enabled) => C:\Users\Hwithyll
WDAGUtilityAccount (S-1-5-21-4195681536-1086729207-2622587325-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.9 (HKLM\...\{81E1EDDF-210B-4969-B96D-B14C6DBBA9C8}) (Version: 4.9.3.3112 - Open Media LLC)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
888poker (HKU\S-1-5-21-4195681536-1086729207-2622587325-1001\...\888poker) (Version: 1.1.2.29 - 888)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.2 - Advanced Micro Devices, Inc.)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version: - )
Crusader Kings II Holy Fury (HKLM-x32\...\Crusader Kings II Holy Fury_is1) (Version: - )
ImageGlass (HKLM\...\{D539FBEF-4AA8-4415-B66F-6367DA5D0186}_is1) (Version: 7.0.7.26 - Duong Dieu Phap)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mount and Blade Warband - Viking Conquest Reforged Edition (HKLM-x32\...\Mount and Blade Warband - Viking Conquest Reforg~0F961404_is1) (Version: - )
Mozilla Firefox 78.0 (x64 en-US) (HKLM\...\Mozilla Firefox 78.0 (x64 en-US)) (Version: 78.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.5.0 - Mozilla)
Mozilla Thunderbird 68.8.1 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 68.8.1 (x86 en-GB)) (Version: 68.8.1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.1 - Notepad++ Team)
paint.net (HKLM\...\{67F0783F-E72F-4CD5-A91C-F9CD2E56C2E4}) (Version: 4.2.5 - dotPDN LLC)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
ProtonVPN (HKLM-x32\...\{7852C4CB-2E2C-43A6-A134-733A611B1951}) (Version: 1.11.0 - ProtonVPN AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.11.0) (Version: 1.11.0 - ProtonVPN AG)
ProtonVPNTap (HKLM-x32\...\{C23BCE3A-FD25-48BA-948E-2CE94576F983}) (Version: 1.0.1 - ProtonVPN AG)
simplewall (HKLM\...\simplewall) (Version: 2.4.6 - Henry++)
SlimPDF Reader 1.0 (HKLM-x32\...\{7E1FEE27-F869-4D4B-8AA3-64C7FD99BD7C}_is1) (Version: 1.0 - Investintech.com Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1046 - SUPERAntiSpyware.com)
Tixati (HKLM-x32\...\tixati) (Version: - )
TreeSize Free V4.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4 - JAM Software)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{B926966E-0517-11E7-9D65-C2A106E0D44C}) (Version: 14.0.244 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinMerge 2.16.4.0 x64 (HKLM\...\WinMerge_is1) (Version: 2.16.4.0 - Thingamahoochie Software)
Xperia Companion (HKLM-x32\...\{0DAEA7C9-C970-4073-BE1E-3C1B487A33E2}) (Version: 2.9.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{c525c199-1efa-4ccd-92ee-fdf41f467dfc}) (Version: 2.9.2.0 - Sony)
Xperia Companion Service (HKLM\...\{D0CEE476-32BB-45F9-BAB0-8717579E50A6}) (Version: 2.9.2.0 - Sony) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Tools\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Tools\Notepad++\NppShell_06.dll [2019-10-27] (Notepad++ -> )
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files\Tools\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\Tools\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\Tools\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Tools\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\Tools\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\Tools\AMD\CNext\CNext\atiacm64.dll [2019-10-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\Tools\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Tools\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-09-13 09:17 - 2019-09-13 09:17 - 000152064 _____ () [File not signed] C:\Program Files (x86)\Tools\ProtonVPN\Resources\64-bit\SplitTunnel.dll
2019-10-21 08:37 - 2019-10-21 08:37 - 000484352 _____ () [File not signed] C:\Program Files (x86)\Tools\ProtonVPN\x64\IPFilter.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 000017920 _____ () [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\libEGL.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 003598336 _____ () [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\libGLESv2.dll
2019-06-28 18:29 - 2019-06-28 18:29 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\platforms\qwindows.dll
2019-10-23 16:43 - 2019-10-23 16:43 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5Core.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5Gui.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5Network.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5Positioning.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5Qml.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5Quick.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5Svg.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5WebChannel.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5WebEngine.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5Widgets.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5WinExtras.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5Xml.dll
2019-06-28 18:28 - 2019-06-28 18:28 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-06-28 18:29 - 2019-06-28 18:29 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-06-28 18:29 - 2019-06-28 18:29 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-06-28 18:29 - 2019-06-28 18:29 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-06-28 18:29 - 2019-06-28 18:29 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-06-28 18:29 - 2019-06-28 18:29 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-06-28 18:29 - 2019-06-28 18:29 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-06-28 18:29 - 2019-06-28 18:29 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Tools\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-10-31 23:55 - 2019-10-31 23:53 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4195681536-1086729207-2622587325-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hwithyll\Pictures\Wallpaper\DarthSmoke.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{75EE7B2C-ED4E-4EAE-965D-1762BDA03A4F}C:\program files\tools\tixati\tixati.exe] => (Allow) C:\program files\tools\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{1D6A04CE-1C38-43E0-A72B-9ED38C505860}C:\program files\tools\tixati\tixati.exe] => (Allow) C:\program files\tools\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [{858CA952-BFDC-4F00-8BDE-79557E383958}] => (Allow) C:\Program Files\Games\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{36D7620E-55D3-439D-A4FB-6E099D36C5C8}] => (Allow) C:\Program Files\Games\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{80FB1911-0A57-4E2F-9153-14E7B97665E5}] => (Allow) C:\Program Files\Games\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{D4FFC171-C316-41DA-908B-101217B2CBE4}] => (Allow) C:\Program Files\Games\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{F4F76BFA-9F28-4B91-8393-4A62A8F949F0}] => (Allow) C:\Program Files\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{637C2CA9-60B7-4EA3-A98F-D6E78046923C}] => (Allow) C:\Program Files\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{28F0CB8A-3F65-4B2F-BACE-50D9118F4598}] => (Allow) C:\Program Files\Tools\Mozilla\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2D0E6263-C399-4C99-A05F-460DF0720141}] => (Allow) C:\Program Files\Tools\Mozilla\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E5825C9-5CB9-4807-8A76-E30F158E9098}] => (Allow) C:\Program Files\Games\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{7E976867-4647-4A84-98BB-08B98668A220}] => (Allow) C:\Program Files\Games\Steam\steamapps\common\Europa Universalis IV\eu4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{EC94972D-9424-4A4F-8558-B1AB7A581A2B}] => (Allow) C:\Program Files\Games\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{839C8EAC-D945-4D40-A792-9036AC9F0D63}] => (Allow) C:\Program Files\Games\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{53BFBE03-A2A4-4260-B407-8A170E93EBCF}] => (Allow) C:\Program Files\Games\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{22F5B265-F7B2-4743-B49D-8B7151E21CFA}] => (Allow) C:\Program Files\Games\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{260D6DC2-ECA4-4EB2-8659-688582AEAEC9}] => (Allow) C:\Program Files\Games\Steam\steamapps\common\Total War Attila\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{947A76A6-6B4D-41C8-84CB-BB86A8E45DF4}] => (Allow) C:\Program Files\Games\Steam\steamapps\common\Total War Attila\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [TCP Query User{18ED08FC-F1BD-422C-B902-C172FB1DB3C8}C:\program files\games\steam\steamapps\common\total war attila\attila.exe] => (Block) C:\program files\games\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{2F6E08CE-1EF8-4011-B0F9-E6EAB9B26C55}C:\program files\games\steam\steamapps\common\total war attila\attila.exe] => (Block) C:\program files\games\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{59D14D27-B463-486D-B824-0E317A62F4E3}C:\program files\games\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files\games\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [UDP Query User{E6965918-EDDD-4236-A34F-DED04BFC287B}C:\program files\games\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) C:\program files\games\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{EED18153-DC6A-44B2-947F-5D4538C88D4A}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony)

==================== Restore Points =========================

14-05-2020 22:59:53 Scheduled Checkpoint
24-05-2020 17:53:11 Scheduled Checkpoint
26-05-2020 12:23:02 Xperia Companion
02-06-2020 22:15:11 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============
Error: (06/06/2020 08:33:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/06/2020 08:22:01 PM) (Source: DCOM) (EventID: 10000) (User: HV551)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"0"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/06/2020 08:16:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/06/2020 08:14:32 PM) (Source: DCOM) (EventID: 10010) (User: HV551)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (06/06/2020 07:43:25 PM) (Source: DCOM) (EventID: 10016) (User: HV551)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user HV551\Hwithyll SID (S-1-5-21-4195681536-1086729207-2622587325-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/06/2020 07:43:25 PM) (Source: DCOM) (EventID: 10016) (User: HV551)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user HV551\Hwithyll SID (S-1-5-21-4195681536-1086729207-2622587325-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/06/2020 07:19:03 PM) (Source: DCOM) (EventID: 10016) (User: HV551)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user HV551\Hwithyll SID (S-1-5-21-4195681536-1086729207-2622587325-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/06/2020 07:19:02 PM) (Source: DCOM) (EventID: 10016) (User: HV551)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user HV551\Hwithyll SID (S-1-5-21-4195681536-1086729207-2622587325-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2020-06-06 20:41:38.838
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.313.1955.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072efd
Error description: A connection with the server could not be established

Date: 2020-06-06 20:41:38.838
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.313.1955.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072efd
Error description: A connection with the server could not be established

Date: 2020-06-06 20:41:38.837
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.313.1955.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072efd
Error description: A connection with the server could not be established

Date: 2020-06-06 20:41:38.829
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.313.1955.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072efd
Error description: A connection with the server could not be established

Date: 2020-06-06 20:41:38.829
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.313.1955.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072efd
Error description: A connection with the server could not be established

CodeIntegrity:
===================================

Date: 2019-12-10 13:17:18.951
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: LENOVO ARCN29WW 04/10/2019
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 45%
Total physical RAM: 6020.26 MB
Available physical RAM: 3270.46 MB
Total Virtual: 13444.26 MB
Available Virtual: 9439.17 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:34.77 GB) NTFS

\\?\Volume{8ae4a348-8c5b-4067-82cf-a6e4d4c0334d}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.53 GB) NTFS
\\?\Volume{f7c7ecde-916f-423d-a0ea-6b333292b216}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: BBE2D61D)

Partition: GPT.

==================== End of Addition.txt =======================
 
I don't see anything malicious.
I suggest new topic in Windows forum.
Good luck :)
 
You're very welcome
file.php
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Microsoft and Intel nail down what an "AI PC" is
Replies
18
Views
287
hwertz
hwertz
Shawn Knight
AI PCs will make up nearly 60% of total PC shipments by 2027
Replies
15
Views
330
toooooot
T
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back