Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by jswh0 (22-05-2019 15:13:37)
Running from C:\Users\jswh0\Desktop
Windows 10 Home Version 1803 17134.765 (X64) (2019-01-08 15:55:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-621734548-2853496009-1861087639-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-621734548-2853496009-1861087639-503 - Limited - Disabled)
Guest (S-1-5-21-621734548-2853496009-1861087639-501 - Limited - Disabled)
jswh0 (S-1-5-21-621734548-2853496009-1861087639-1001 - Administrator - Enabled) => C:\Users\jswh0
WDAGUtilityAccount (S-1-5-21-621734548-2853496009-1861087639-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.192 - Adobe)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.0810.2245.39118 - Advanced Micro Devices, Inc.)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.15.112 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Discord (HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Icons8 (HKLM-x32\...\{195AC760-D5CE-47B9-99EE-E144CD7BF94A}_is1) (Version: 6.0.0.6 - Icons8)
Java(TM) SE Development Kit 11.0.1 (64-bit) (HKLM\...\{F4039C0F-E4C1-5905-9E7D-DDA8EDE365BC}) (Version: 11.0.1.0 - Oracle Corporation)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20334 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.7 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Opera Stable 60.0.3255.95 (HKLM-x32\...\Opera 60.0.3255.95) (Version: 60.0.3255.95 - Opera Software)
RogueKiller version 13.2.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.1.0 - Adlice Software)
Scribus 1.4.7 (HKLM-x32\...\Scribus 1.4.7) (Version: 1.4.7 - The Scribus Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_2.1001.237.0_x64__rz1tebttyb220 [2019-01-08] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-12-07] (Fitbit)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-25] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.52.0_x64__5grkq8ppsgwt4 [2019-04-15] (LENOVO INC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-12-07] (LinkedIn)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.11.301.0_x64__8wekyb3d8bbwe [2019-05-19] (Microsoft Studios)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2018-12-07] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
Power2Go for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.9516.0_x86__m916jedk64snt [2018-12-07] (CYBERLINKCOM CORPORATION)
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.1.9528.0_x86__m916jedk64snt [2018-12-20] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.172.0_x64__dt26b99r8h8gj [2019-05-06] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0 [2019-05-13] (Spotify AB)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-05-19] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-08-10] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-24 23:55 - 2018-04-24 23:55 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 23:55 - 2018-04-24 23:55 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-03-15 13:53 - 2018-08-12 20:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 001136128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2018-08-10 23:42 - 2018-08-10 23:42 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000139264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 06:46 - 2019-05-20 23:04 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jswh0\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\8enncLP.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{FC56CA74-8DF1-4655-909E-59C9ABBDF42E}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{8278E2E2-4C4D-4444-B7B4-34D3BBD65327}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{E1A13FB0-70C4-428C-8588-C8F850E4B455}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{AC4B67F2-0721-4C42-8B05-4AB59DD623D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{0198CA1A-BC7B-4829-9AA7-63C2A16E8D11}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{3FAA38CB-F5FF-45E6-9AF6-C7A80670853C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{8E1384BE-7B37-450F-A3E7-23812B681D2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6FD1215A-61B9-4DCD-8B87-FE1572E48FC8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7D6D655C-8D14-4EDE-BE24-5FA04ABE9FD4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{F028F8A3-DEE2-4964-9076-0CB775D0792B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{579A9896-8B18-4BE6-82D8-ECBBD6FB2CE5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8DC35067-3D90-4337-85F8-DD5BCFD2F244}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8B48B1FD-592A-4DD7-AC20-29496C325464}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B2568729-1BB2-42D3-A77A-F79FC21A8513}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C525691F-3339-4A9B-BF25-60E406C0BDBE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A16BB2A8-319B-4EDC-9FAC-8C1D3370C612}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED8657B2-B0E0-41CB-B65B-09C8608CDCDB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2EF2D1F0-1BB0-4C67-B2A0-82DC4ED41F15}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [TCP Query User{139CC1B3-BBB9-4361-9A58-9B13E0830B0A}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{A0F10011-3630-4807-911C-134BD7064ECE}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{BCF72614-5749-48EC-A937-3A0C7BBCB77F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{51FFFBAD-25A6-4AFB-BBFF-795F08717F21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{20CC0E9F-CC5B-4918-B3AA-1AA6293E8F89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0675136F-D9C2-44DB-8429-B36525D19807}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E24BFCA8-883A-4FA9-960D-19731EFB7542}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2E82001E-06D4-4440-B43D-3D05DDA82BBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D46A3EE4-5899-495E-8EF9-4DE5A8DDD7E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F45101F-4D7C-4956-BDA2-8AB0EBE5D430}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DA263E2C-32CC-4A13-8F71-705CC4B76D1D}] => (Allow) C:\Program Files\Opera\60.0.3255.84\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{EA18E15B-241C-4511-ADDD-70073262F5A9}] => (Allow) C:\Program Files\Opera\60.0.3255.95\opera.exe (Opera Software AS -> Opera Software)
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/21/2019 11:20:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/21/2019 11:20:20 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (05/21/2019 11:20:19 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (05/21/2019 11:20:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/21/2019 11:20:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/21/2019 11:20:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/21/2019 11:20:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/21/2019 06:25:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.
System errors:
=============
Error: (05/22/2019 02:28:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/22/2019 12:12:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/21/2019 08:19:11 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/21/2019 08:18:16 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/21/2019 08:04:05 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/21/2019 11:19:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/21/2019 11:18:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/21/2019 11:18:14 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2019-05-21 17:39:29.201
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...keeyah.B!rfn&threatid=2147726897&enterprise=0
Name: Trojan:Win32/Skeeyah.B!rfn
ID: 2147726897
Severity: Severe
Category: Trojan
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.3710e42b416cdc.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0
Date: 2019-05-20 23:02:36.318
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...keeyah.B!rfn&threatid=2147726897&enterprise=0
Name: Trojan:Win32/Skeeyah.B!rfn
ID: 2147726897
Severity: Severe
Category: Trojan
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.3710e42b416cdc.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-05-20 23:02:26.513
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...32/Unwaders.A!ml&threatid=242872&enterprise=0
Name: Program:Win32/Unwaders.A!ml
ID: 242872
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\Hmhc.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-05-20 23:02:21.653
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in32/Socelar&threatid=2147734469&enterprise=0
Name: TrojanDownloader:Win32/Socelar
ID: 2147734469
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.f113538b4771b8.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-05-20 23:01:15.110
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...uerboos.D!cl&threatid=2147723655&enterprise=0
Name: Trojan:Win32/Fuerboos.D!cl
ID: 2147723655
Severity: Severe
Category: Trojan
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.1f0e31f35937f.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-04-06 22:43:03.506
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
Date: 2019-04-05 22:29:47.471
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1107.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-04-05 22:20:00.481
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
CodeIntegrity:
===================================
Date: 2019-05-22 14:45:07.078
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Opera\60.0.3255.95\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 7VCN24WW 06/15/2018
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 3 2200U with Radeon Vega Mobile Gfx
Percentage of memory in use: 69%
Total physical RAM: 7733.49 MB
Available physical RAM: 2380.65 MB
Total Virtual: 12597.49 MB
Available Virtual: 5891.9 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:905.27 GB) (Free:861.58 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.95 GB) NTFS
\\?\Volume{3b38e2fc-20df-477a-a739-c5f39c9dbf5e}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{101c9948-c770-436a-b8b3-08e8963bf300}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2CD38575)
Partition: GPT.
==================== End of Addition.txt ============================