Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2017 Ran by MattsPC (30-04-2017 09:29:53) Running from C:\Users\MattsPC\Desktop Windows 10 Home Version 1703 (X64) (2017-04-22 19:53:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-640220725-2510942893-1521674410-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-640220725-2510942893-1521674410-503 - Limited - Disabled) Guest (S-1-5-21-640220725-2510942893-1521674410-501 - Limited - Disabled) MattsPC (S-1-5-21-640220725-2510942893-1521674410-1001 - Administrator - Enabled) => C:\Users\MattsPC ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-640220725-2510942893-1521674410-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.) Zoom (HKU\S-1-5-21-640220725-2510942893-1521674410-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {33984D8A-AACF-4F26-A235-F858AD40AB18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-22] (Google Inc.) Task: {9BFBFF63-27D1-4C7C-ADFA-AE5B98B90F78} - \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask -> No File <==== ATTENTION Task: {BFDC4A20-EC0E-4291-B412-2887A2A1B70A} - System32\Tasks\S-1-5-21-640220725-2510942893-1521674410-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation) Task: {C7CD4428-DF9B-453A-A8E8-12D90141618E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-22] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-12 20:55 - 2016-07-12 20:55 - 01299952 _____ () C:\Windows\system32\IntelSSTAPO\ParameterService\libxml2.dll 2017-04-25 19:59 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\Windows\SYSTEM32\inputhost.dll 2017-03-18 13:59 - 2017-03-18 19:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 14:03 - 2017-03-18 14:01 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-640220725-2510942893-1521674410-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2B62F26C-2992-4530-86D8-9016E6914C32}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{1C0805AF-73C8-4863-926B-DABC44C97AB6}] => (Allow) C:\Users\MattsPC\AppData\Roaming\Zoom\bin\Zoom.exe FirewallRules: [{C6F04379-B28B-4AC3-99FC-1F9422ED342F}] => (Allow) C:\Users\MattsPC\AppData\Roaming\Zoom\bin\airhost.exe ==================== Restore Points ========================= 22-04-2017 22:35:59 Windows Update 25-04-2017 20:16:33 Geek Squad Restore Point 30-04-2017 05:55:20 Installed Windows Resource Kit Tools 30-04-2017 08:54:01 Restore Operation ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/30/2017 09:23:33 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-H0UDG65) Description: C:\Users\MattsPC\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalStateMicrosoft.SkypeApp_kzf8qxf38zg5c-2147024894 Error: (04/30/2017 09:21:48 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2400) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU0002A.log. Error: (04/30/2017 08:29:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program MSASCui.exe version 4.11.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1354 Start Time: 01d2c1c67625fd3c Termination Time: 15 Application Path: C:\Program Files\Windows Defender\MSASCui.exe Report Id: 9298c1db-c0fd-4286-adda-822b09db191d Faulting package full name: Faulting package-relative application ID: Error: (04/30/2017 08:21:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-H0UDG65) Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.250_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Error: (04/30/2017 07:52:48 AM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: Event-ID 4373 Error: (04/30/2017 07:47:35 AM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: Event-ID 4373 Error: (04/30/2017 07:14:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ODSW.exe, version: 21.0.25.80, time stamp: 0x58fa34fe Faulting module name: sciter.dll, version: 4.0.0.7, time stamp: 0x58e5194e Exception code: 0xc0000005 Fault offset: 0x000000000018da3b Faulting process id: 0xd20 Faulting application start time: 0x01d2c1bc013c2ec8 Faulting application path: C:\Bitdefender\Bitdefender 2017\ODSW.exe Faulting module path: C:\Bitdefender\Bitdefender 2017\sciter.dll Report Id: 29ad279d-e761-4514-8241-917fb88d56bc Faulting package full name: Faulting package-relative application ID: Error: (04/30/2017 07:13:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: bdtkexec.exe, version: 21.0.25.76, time stamp: 0x58f8c5ee Faulting module name: sciter.dll, version: 4.0.0.7, time stamp: 0x58e5194e Exception code: 0xc0000005 Fault offset: 0x000000000018da3b Faulting process id: 0x1f2c Faulting application start time: 0x01d2c1bb73fd3d2e Faulting application path: C:\Bitdefender\Bitdefender 2017\bdtkexec.exe Faulting module path: C:\Bitdefender\Bitdefender 2017\sciter.dll Report Id: ae0682f3-13ab-4993-af08-233b512c25a6 Faulting package full name: Faulting package-relative application ID: Error: (04/30/2017 07:13:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: bdwfdtls.exe, version: 21.0.25.76, time stamp: 0x58f8d56c Faulting module name: sciter.dll, version: 4.0.0.7, time stamp: 0x58e5194e Exception code: 0xc0000005 Fault offset: 0x000000000018da3b Faulting process id: 0x1fd8 Faulting application start time: 0x01d2c1bbe1d3d972 Faulting application path: C:\Bitdefender\Bitdefender 2017\bdwfdtls.exe Faulting module path: C:\Bitdefender\Bitdefender 2017\sciter.dll Report Id: b39c175b-ae47-4625-a229-55bcf4b4228f Faulting package full name: Faulting package-relative application ID: Error: (04/30/2017 07:11:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: odslv.exe, version: 21.0.25.80, time stamp: 0x58fa3511 Faulting module name: sciter.dll, version: 4.0.0.7, time stamp: 0x58e5194e Exception code: 0xc0000005 Fault offset: 0x000000000018da3b Faulting process id: 0x1f24 Faulting application start time: 0x01d2c1bba317876a Faulting application path: C:\Bitdefender\Bitdefender 2017\odslv.exe Faulting module path: C:\Bitdefender\Bitdefender 2017\sciter.dll Report Id: 1b88b310-a97d-4cf9-801e-bba765ec8867 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (04/30/2017 09:21:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CldFlt service failed to start due to the following error: The request is not supported. Error: (04/30/2017 09:20:40 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY) Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer. Error: (04/30/2017 09:19:55 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY) Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer. Error: (04/30/2017 08:29:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/30/2017 08:25:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/30/2017 08:23:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (04/30/2017 08:23:09 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-H0UDG65) Description: DCOM got error "1068" attempting to start the service MBAMService with arguments "Unavailable" in order to run the server: {F36AD0D0-B5F0-4C69-AF08-603D177FEF0E} Error: (04/30/2017 08:23:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (04/30/2017 08:23:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-H0UDG65) Description: DCOM got error "1068" attempting to start the service MBAMService with arguments "Unavailable" in order to run the server: {F36AD0D0-B5F0-4C69-AF08-603D177FEF0E} Error: (04/30/2017 08:23:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. CodeIntegrity: =================================== Date: 2017-04-30 09:20:06.833 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\bthport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-30 07:07:00.772 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume1\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-25 19:59:28.917 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-04-25 19:59:28.888 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-04-25 19:59:28.870 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz Percentage of memory in use: 28% Total physical RAM: 8060.22 MB Available physical RAM: 5757.27 MB Total Virtual: 9980.22 MB Available Virtual: 7781.52 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.02 GB) (Free:905.46 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0B960F26) Partition 1: (Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================