Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2019 Ran by gwatrobski (14-01-2019 08:37:02) Running from C:\Users\gwatrobski\Desktop Windows 10 Home Version 1803 17134.523 (X64) (2019-01-12 20:09:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3645243886-2104201124-4151335660-500 - Administrator - Enabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-3645243886-2104201124-4151335660-503 - Limited - Disabled) Guest (S-1-5-21-3645243886-2104201124-4151335660-501 - Limited - Disabled) gwatrobski (S-1-5-21-3645243886-2104201124-4151335660-1001 - Administrator - Enabled) => C:\Users\gwatrobski HomeGroupUser$ (S-1-5-21-3645243886-2104201124-4151335660-1003 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-3645243886-2104201124-4151335660-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) LibreOffice 6.1.4.2 (HKLM\...\{080C0C39-B1B5-48BB-85AB-4F9A8768CD10}) (Version: 6.1.4.2 - The Document Foundation) Microsoft OneDrive (HKU\S-1-5-21-3645243886-2104201124-4151335660-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation) MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.4.1 PRO - MP3 Rocket Inc) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8485 - Realtek Semiconductor Corp.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3C65A4AE-85F4-4411-B904-3BC6179D0E69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-13] (Microsoft Corporation) Task: {45DC1BFE-8F35-4CB4-8932-4D1DE210C2BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-01-12] (Google Inc.) Task: {51E1C368-F36D-4871-A793-AAF317467C3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-01-12] (Google Inc.) Task: {5911158B-5A19-4C12-AAA4-87B3227E6FEB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-13] (Microsoft Corporation) Task: {C1E2375A-B861-4721-B049-75974C5ABC75} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] () Task: {DABF87AF-A964-41C7-9C2B-F70E379BFB99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-13] (Microsoft Corporation) Task: {DF44A79D-7150-4E22-BD09-0DB0450D501A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-13] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\gwatrobski\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm ==================== Loaded Modules (Whitelisted) ============== 2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-12 08:39 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2019-01-09 10:24 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2019-01-12 16:07 - 2019-01-12 16:08 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 2019-01-12 16:07 - 2019-01-12 16:08 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll 2019-01-12 16:07 - 2019-01-12 16:08 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll 2019-01-12 16:07 - 2019-01-12 16:08 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll 2019-01-12 16:07 - 2019-01-12 16:08 - 010927616 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\LibWrapper.dll 2019-01-12 16:07 - 2019-01-12 16:08 - 002916864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\skypert.dll 2019-01-12 16:07 - 2019-01-12 16:08 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2019-01-12 16:06 - 2019-01-12 16:09 - 066031104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_core320.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 014097920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 002863616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-01-12 16:06 - 2019-01-12 16:10 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\SKU.dll 2019-01-12 15:37 - 2018-12-12 00:12 - 002682336 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\swiftshader\libglesv2.dll 2019-01-12 15:37 - 2018-12-12 00:12 - 000156640 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\swiftshader\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-01-12 17:12 - 2019-01-12 17:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-3645243886-2104201124-4151335660-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gwatrobski\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\universe wall paper.jpg DNS Servers: 64.233.217.2 - 64.233.217.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe () FirewallRules: [{7DB59AFD-3C17-42A1-A0F6-A9A1CEA13FFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) FirewallRules: [TCP Query User{6401B81A-AB27-4F2D-9FFF-3807A718D70E}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe (Oracle Corporation) FirewallRules: [UDP Query User{0B7F6E18-A3AC-4909-8549-B6363559CE60}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe (Oracle Corporation) ==================== Restore Points ========================= 12-01-2019 16:07:58 Installed LibreOffice 6.1.4.2 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/12/2019 04:08:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (01/12/2019 03:40:21 PM) (Source: ESENT) (EventID: 489) (User: ) Description: chrome (7668,D,50) EdgeDataImporter: An attempt to open the file "C:\Users\gwatrobski\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (01/12/2019 03:09:31 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Error: (01/12/2019 03:09:30 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. System errors: ============= Error: (01/14/2019 08:26:14 AM) (Source: DCOM) (EventID: 10016) (User: SPAREROOM) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user spareroom\gwatrobski SID (S-1-5-21-3645243886-2104201124-4151335660-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/14/2019 08:04:56 AM) (Source: DCOM) (EventID: 10016) (User: SPAREROOM) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user spareroom\gwatrobski SID (S-1-5-21-3645243886-2104201124-4151335660-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/14/2019 07:55:47 AM) (Source: DCOM) (EventID: 10016) (User: SPAREROOM) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user spareroom\gwatrobski SID (S-1-5-21-3645243886-2104201124-4151335660-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (01/14/2019 07:55:30 AM) (Source: DCOM) (EventID: 10016) (User: SPAREROOM) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user spareroom\gwatrobski SID (S-1-5-21-3645243886-2104201124-4151335660-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (01/13/2019 08:01:50 PM) (Source: DCOM) (EventID: 10010) (User: SPAREROOM) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Error: (01/13/2019 08:01:43 PM) (Source: DCOM) (EventID: 10010) (User: SPAREROOM) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Error: (01/13/2019 08:01:43 PM) (Source: DCOM) (EventID: 10010) (User: SPAREROOM) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Error: (01/13/2019 08:01:42 PM) (Source: DCOM) (EventID: 10010) (User: SPAREROOM) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. ==================== Memory info =========================== Processor: AMD E1-2500 APU with Radeon(TM) HD Graphics Percentage of memory in use: 52% Total physical RAM: 3517.35 MB Available physical RAM: 1678.77 MB Total Virtual: 4861.35 MB Available Virtual: 1934.99 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:449.78 GB) (Free:383.63 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (New Volume) (Fixed) (Total:14.06 GB) (Free:13.96 GB) NTFS Drive f: () (Removable) (Total:14.86 GB) (Free:14.86 GB) exFAT Drive i: () (Removable) (Total:14.86 GB) (Free:14.86 GB) exFAT \\?\Volume{e0702554-3438-4691-923a-b8a64e8161b4}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS \\?\Volume{1475be08-6127-44a7-a207-46ef997a8455}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS \\?\Volume{3c3dd008-67ac-4e1a-98f1-e8bd83442212}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.3 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 11DE1F21) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.9 GB) (Disk ID: 0D3479BC) Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================