Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019 Ran by piotr (05-11-2019 11:48:17) Running from C:\Users\piotr\Downloads Windows 10 Home Version 1903 18362.418 (X64) (2019-08-10 18:12:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3956460003-1498418990-1826556186-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3956460003-1498418990-1826556186-503 - Limited - Disabled) Gæst (S-1-5-21-3956460003-1498418990-1826556186-501 - Limited - Disabled) piotr (S-1-5-21-3956460003-1498418990-1826556186-1001 - Administrator - Enabled) => C:\Users\piotr WDAGUtilityAccount (S-1-5-21-3956460003-1498418990-1826556186-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.021.20049 - Adobe Systems Incorporated) Adobe Acrobat Reader DC - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-AC0F074E4100}) (Version: 19.021.20049 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.2.476 - Adobe Systems Incorporated) AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Apowersoft Online Launcher version 1.7.1 (HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.7.1 - APOWERSOFT LIMITED) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center Next Localization BR (HKLM\...\{9E5B3F61-CF03-1046-EA8C-1D9D5E80F88E}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{85ECE753-7DE4-ED29-A696-9AA7E58F0AFE}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{D13F406F-8E48-68C1-B41E-6810C1405D52}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{1695C647-1485-2562-B267-9BFEDF27A437}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{AE545D4D-613D-D725-BF4F-6EF79E548DCF}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{73C15FE6-E27A-9F44-06A5-5B27020255F3}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{43125DB8-9FAE-E4E8-B480-58F8A69C11F0}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{1696D602-6B12-8919-4418-DE274D0076CB}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{1383F8FC-5241-EBA5-5297-BF46F704A770}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{A4455B4E-7E40-31FD-AA28-67EE0980FF1C}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{C474D255-1507-722B-B927-51569F464782}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{E732A46D-B50D-7BFD-C846-9913403B5F5A}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{BE3C2A9E-507D-7E66-1903-F3F37D984D2B}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{67ABE141-C3A2-1E16-6B2B-CAEB7DCE3E31}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{41022C62-D1D1-A3EF-69A9-3CB15C1A84FD}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{37A5D9EC-7C6E-3850-2B7B-702F343FD175}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{14C0CB6C-8B1A-2881-D6BF-43639A780244}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{DFE959AC-4D6D-D377-6C7C-C1BE0DACF46B}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{DC658124-6CD3-63ED-40ED-C963071F8AE2}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{0DF9A738-43B2-0371-51AF-E150019DEEB7}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{BFF9E0AC-2F7A-3AC9-D91E-507C75C1352F}) (Version: 2017.0608.1046.17570 - Advanced Micro Devices, Inc.) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 84.4.170 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.) f.lux (HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\Flux) (Version: - f.lux Software LLC) FastStone Photo Resizer 3.8 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.8 - FastStone Soft.) Game Explorer Categories - freegames (HKLM-x32\...\WildTangentGameProvider-hp-freegames) (Version: 43.2.1.159 - WildTangent, Inc.) Hidden Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-hp-genres) (Version: 43.2.1.159 - WildTangent, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.120 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden GoTo Opener (HKLM-x32\...\{FCF5FF66-C2FB-45C1-B46E-7A596657B016}) (Version: 1.0.530 - LogMeIn, Inc.) GoToMeeting 10.3.0.15502 (HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\GoToMeeting) (Version: 10.3.0.15502 - LogMeIn, Inc.) HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.) HP Display Control (HKLM\...\{FECCB014-8DF1-4039-9044-D6F622997D60}) (Version: 2.0.0.016 - Portrait Displays, Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) HP ENVY 4500 series - basissoftware til enheden (HKLM\...\{92056545-4227-45F4-8700-D58E498F3573}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.) HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.) HP JumpStart Launch (HKLM-x32\...\{6A139049-EBB9-4076-8664-B468888E55A3}) (Version: 1.3.392.0 - HP Inc.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.8.24.33 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.13.42.1 - HP Inc.) HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.31 - HP Inc.) HP System Event Utility (HKLM-x32\...\{2FC69222-01B3-479E-80E6-0AFC593A312A}) (Version: 1.4.23 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Microsoft Office 365 - da-dk (HKLM\...\O365HomePremRetail - da-dk) (Version: 16.0.12130.20272 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Mozilla Firefox 62.0 (x64 da) (HKLM\...\Mozilla Firefox 62.0 (x64 da)) (Version: 62.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0406-0000-0000000FF1CE}) (Version: 16.0.12130.20272 - Microsoft Corporation) Hidden Opdateringsassistent til Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation) OpenOffice 4.1.5 (HKLM-x32\...\{36CB296A-23BC-4E3A-B199-73CC43CFB230}) (Version: 4.15.9789 - Apache Software Foundation) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.71 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.153 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.92 - REALTEK Semiconductor Corp.) SaxoTrader 2 (HKLM-x32\...\{024D66E9-D50C-44A7-92B4-2DFDDD95D228}) (Version: 0.0.0.0 - Saxo Bank) Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 10.2 - Screaming Frog Ltd) Trader Workstation (HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\5889-6375-8446-2021) (Version: latest (978.1c) 20191016 13:27:02 - Interactive Brokers LLC) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.8 - WildTangent) WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 1.0.0.187 - WildTangent) Hidden Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2018-10-11] (Adobe Systems Incorporated) Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2018-06-28] (Amazon.com) Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-28] (Autodesk Inc.) Booking.com: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comBigsavingsonhot_1.4.4.0_x64__mgae2k3ys4ra0 [2018-11-07] (Priceline Partner Network) Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.2.6.0_x86__kgqvnymyfvs32 [2019-10-24] (king.com) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.150.300.0_x86__kgqvnymyfvs32 [2019-10-21] (king.com) Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.4.0.5_x86__h6adky7gbf63m [2019-10-21] (Gameloft.) HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.3.407.0_x86__v10z8vjag6ke6 [2017-09-27] (HP Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2019-10-21] (HP Inc.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-28] (Microsoft Corporation) [MS Ad] March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.4.0.10_x86__h6adky7gbf63m [2019-10-24] (Gameloft.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-13] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Studios) [MS Ad] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.101.0_x64__8wekyb3d8bbwe [2019-09-05] (Microsoft Studios) MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-13] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.94.574.0_x64__mcm4njqhnhss8 [2019-10-02] (Netflix, Inc.) Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-01-26] (CYBERLINKCOM CORP) Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-01-09] (Adobe Systems Incorporated) Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-07-04] (Random Salad Games LLC) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0 [2019-10-21] (Spotify AB) [Startup Task] WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.80.0_x64__qt5r5pa5dyg8m [2019-10-24] (WildTangent Games) WinRarZip -> C:\Program Files\WindowsApps\YellowElephantProductions.Win-Rar_1.4.93.0_x64__p3e1zgp7z7szg [2019-03-28] (Yellow Elephant Productions) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3956460003-1498418990-1826556186-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-33709E16B9C3} -> [Creative Cloud Files] => C:\Users\piotr\Creative Cloud Files [2019-01-09 11:02] CustomCLSID: HKU\S-1-5-21-3956460003-1498418990-1826556186-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\piotr\AppData\Local\GoToMeeting\14316\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.) CustomCLSID: HKU\S-1-5-21-3956460003-1498418990-1826556186-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\piotr\Dropbox [2017-12-20 20:32] CustomCLSID: HKU\S-1-5-21-3956460003-1498418990-1826556186-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-08] (Advanced Micro Devices, Inc.) [File not signed] ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-10-20 17:41 - 2019-10-20 17:41 - 000138240 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\4d3a823aa0be68af95d36e8074dded84\Interop.IWshRuntimeLibrary.ni.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2019-10-16 21:27 - 2019-10-16 21:27 - 007948387 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\plug_ins\Annots.api 2019-10-16 21:27 - 2019-10-16 21:27 - 002761315 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\plug_ins\EScript.api 2019-10-16 21:27 - 2019-10-16 21:27 - 000136803 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\plug_ins\IA32.api 2019-10-16 21:27 - 2019-10-16 21:27 - 000167523 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\plug_ins\Updater.api 2019-10-16 21:27 - 2019-10-16 21:27 - 000337507 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\plug_ins\weblink.api 2017-12-12 02:50 - 2017-12-12 02:50 - 000542208 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll 2019-10-20 17:41 - 2019-10-20 17:41 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\2b1c5ee3bedd08046609eef7553ed5d7\Hardcodet.Wpf.TaskbarNotification.ni.dll 2019-10-20 17:41 - 2019-10-20 17:41 - 001701376 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\d302bbf536bb76d22eb7f7d9908abf23\NAudio.ni.dll 2019-10-20 17:41 - 2019-10-20 17:41 - 003060736 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\7ec3906175a4c347d9c3eb2033bc3ae5\Newtonsoft.Json.ni.dll 2018-05-11 00:12 - 2018-05-11 00:12 - 000217600 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\ccme_asym.dll 2018-05-11 00:12 - 2018-05-11 00:12 - 000404480 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\ccme_base.dll 2018-05-11 00:12 - 2018-05-11 00:12 - 000379904 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\ccme_base_non_fips.dll 2018-05-11 00:12 - 2018-05-11 00:12 - 000504320 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\ccme_ecc.dll 2018-05-11 00:12 - 2018-05-11 00:12 - 000806400 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\ccme_ecc_accel_fips.dll 2018-05-11 00:12 - 2018-05-11 00:12 - 000218624 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\cryptocme.dll 2019-10-20 17:41 - 2019-10-20 17:41 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\df276c996822413a84f2cef6b0cc660b\log4net.ni.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll 2016-09-13 00:34 - 2016-09-13 00:34 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 22:03 - 2018-01-09 21:30 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\piotr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{5EA60E2A-49D5-4C35-91A5-FBFF68A296FF}C:\program files\hp\hp envy 4500 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp envy 4500 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [UDP Query User{B19B4849-146B-4E54-85F6-C2C65BB92618}C:\program files\hp\hp envy 4500 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp envy 4500 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [TCP Query User{37539CD1-90D9-465B-BEDE-51B22399EAA4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{1078A670-48F7-4B64-A740-9EC930F49359}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{68B24D09-F2D9-4FB9-BCB9-3998B0E1ED3E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{D0F628CD-8C39-42F2-BC06-D16B5B131285}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{FACD70AF-0932-45EC-A5E2-7ED86630BB32}C:\program files\hp\hp envy 4500 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp envy 4500 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [UDP Query User{7E4FDEEC-C724-48CB-B63B-183A5BF7CB44}C:\program files\hp\hp envy 4500 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp envy 4500 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{0910E0FA-CF4F-4FE6-91BD-F23957C7F26C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{1D314019-418D-4DBD-B5FE-113A01E293A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D3451F33-6E08-4FAB-8709-E0AF5429CC3F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B7697E1E-39CD-41D5-9222-D22A061B37D2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{475BDDE6-B126-4B00-BB1D-50DAE888154D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A00AB25A-FC91-4584-9ADF-DBDAE709F55B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{0F6F0634-B88E-41A4-B750-900894400EB5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{507F5E67-16E0-413E-B513-E5430D2E6E0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1C1FE2F4-F6F7-4766-A07E-B6B69BEBFAC7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2D3D6A6D-FA11-4BB6-B99A-601D4C84C15E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{FBAA2716-3C8B-4590-8DE8-A20CF2FFF960}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 21-10-2019 08:31:37 Scheduled Checkpoint 03-11-2019 15:45:15 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (11/05/2019 11:15:05 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3280,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 10:46:09 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9672,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 10:39:47 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6136,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 10:25:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.18362.387, time stamp: 0xc9ad3ad7 Faulting module name: ntdll.dll, version: 10.0.18362.418, time stamp: 0x99ca0526 Exception code: 0xc0000005 Fault offset: 0x00000000000072a6 Faulting process id: 0x4668 Faulting application start time: 0x01d593ba00b3394e Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: b61d2022-0822-4f3b-b232-e6d6c238a2b1 Faulting package full name: Faulting package-relative application ID: Error: (11/05/2019 09:29:43 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (20440,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/05/2019 08:39:37 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (10660,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (11/04/2019 06:07:27 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 6392 and the required size was 38008. Error: (11/04/2019 06:07:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.18362.387, time stamp: 0xc9ad3ad7 Faulting module name: ntdll.dll, version: 10.0.18362.418, time stamp: 0x99ca0526 Exception code: 0xc0000005 Fault offset: 0x0000000000040853 Faulting process id: 0x1620 Faulting application start time: 0x01d5932df19110dd Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 62cc68ca-ee55-4f2e-8961-c115d5382985 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (11/04/2019 06:04:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FROVGQP) Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.18362.387_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout. Error: (11/04/2019 01:24:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FROVGQP) Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.18362.387_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout. Error: (11/03/2019 03:29:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (11/03/2019 03:29:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay. Error: (10/22/2019 07:58:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP. Error: (10/21/2019 08:05:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP. Error: (10/21/2019 08:03:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (10/10/2019 05:22:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FROVGQP) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2019-09-14 08:07:29.421 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {BF5EB732-7190-4ADB-9087-10C243DE3EA7} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-09-12 12:49:06.574 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {FE70A271-16A0-4D7A-A57C-DCF42F8DB480} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-09-12 12:44:06.610 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {3041D416-FF85-4DE8-A018-5E77344984D6} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-09-12 12:24:46.838 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {91C0D944-47CC-4BFF-BE18-7601902B8F84} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-09-07 13:45:43.684 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {A7007226-A922-4419-9740-F13251B9E790} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-10-10 09:24:04.265 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.303.1189.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16400.2 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-10-21 09:19:11.688 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\ADUIGP.DLL that did not meet the Unchecked signing level requirements. Date: 2019-10-21 09:19:11.653 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\ADUIGP.DLL that did not meet the Unchecked signing level requirements. Date: 2019-10-21 09:19:11.218 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\ADUIGP.DLL that did not meet the Unchecked signing level requirements. Date: 2019-10-21 09:19:11.188 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\ADUIGP.DLL that did not meet the Unchecked signing level requirements. Date: 2019-10-21 09:19:11.135 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\ADUIGP.DLL that did not meet the Unchecked signing level requirements. Date: 2019-10-21 09:19:11.001 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\ADUIGP.DLL that did not meet the Unchecked signing level requirements. Date: 2019-10-21 09:18:46.492 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements. Date: 2019-09-21 14:05:00.404 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: AMI F.02 07/11/2017 Motherboard: HP 8373 Processor: AMD A9-9430 RADEON R5, 5 COMPUTE CORES 2C+3G Percentage of memory in use: 62% Total physical RAM: 7628.25 MB Available physical RAM: 2887.19 MB Total Virtual: 8844.25 MB Available Virtual: 2520.39 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:237.24 GB) (Free:138.12 GB) NTFS Drive d: (DATA) (Fixed) (Total:915.18 GB) (Free:913.64 GB) NTFS Drive e: (RECOVERY) (Fixed) (Total:16.33 GB) (Free:1.94 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{699d909d-5fd3-4b2e-8462-5ae8afb504e5}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.5 GB) NTFS \\?\Volume{986df4a5-e46f-460f-b643-141c09e4c403}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 77A45C2C) Partition: GPT. ========================================================== Disk: 1 (Size: 238.5 GB) (Disk ID: 93BD5128) Partition: GPT. ==================== End of Addition.txt =======================