Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019 Ran by Josip (08-10-2019 20:30:16) Running from C:\Users\Josip\Desktop Windows 10 Home Version 1903 18362.418 (X64) (2019-07-23 22:17:42) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administratör (S-1-5-21-81866132-2518726467-3289997804-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-81866132-2518726467-3289997804-503 - Limited - Disabled) Gäst (S-1-5-21-81866132-2518726467-3289997804-501 - Limited - Disabled) Josip (S-1-5-21-81866132-2518726467-3289997804-1001 - Administrator - Enabled) => C:\Users\Josip WDAGUtilityAccount (S-1-5-21-81866132-2518726467-3289997804-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5} FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe) AntiMicro (HKLM-x32\...\{584F5685-C0E5-4D84-B6F2-045B801A0BA1}) (Version: 2.20.2 - AntiMicro) Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.2.0 - Electronic Arts, Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.143 - Bitdefender) Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 24.0.9.46 - Bitdefender) Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 24.0.9.46 - Bitdefender) BitTorrent (HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\BitTorrent) (Version: 7.10.5.45312 - BitTorrent Inc.) CORSAIR iCUE Software (HKLM-x32\...\{204E1A5B-4076-4AFB-B9AA-6F9A7268D39D}) (Version: 3.14.104 - Corsair) Discord (HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.) Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.6.3.48 - Dolby Laboratories, Inc.) Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.02.1125 - Lenovo) Epic Games Launcher (HKLM-x32\...\{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard) ID_TITLE (HKLM-x32\...\{5E92B74C-D7DB-4FF3-9588-1566AC1FFBC0}) (Version: 1.01.0810 - Lenovo) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1829.12.0.1154 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.369.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{aa81bdf2-96a6-4400-a596-c7d1916ce9f7}) (Version: 1.50.369.0 - Intel Corporation) Hidden Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation) Intel® RealSense™ SDK Runtime Gold (x86): Core (HKLM-x32\...\{4BAB7070-1D73-11E6-8844-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (HKLM-x32\...\{676C639E-1D73-11E6-BF2F-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (HKLM-x32\...\{51040000-1D73-11E6-A45D-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Java 8 Update 221 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) Killer Bandwidth Control Filter Driver (HKLM\...\{B4F56827-60F8-4D8C-9DB3-83C73414710C}) (Version: 1.1.69.1151 - Rivet Networks) Hidden Killer E240x Drivers (HKLM\...\{4115C0DC-C430-4648-B7FE-7AECE4EE74FF}) (Version: 1.1.69.1151 - Rivet Networks) Hidden Killer Network Manager (HKLM\...\{B3DAB109-45EF-411C-9951-35BFC086FED8}) (Version: 1.1.69.1151 - Rivet Networks) Hidden Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.69.1151 - Rivet Networks) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lenovo App Explorer (HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\Host App Service) (Version: 0.273.2.314 - SweetLabs for Lenovo) <==== ATTENTION Lenovo Nerve Center (HKLM-x32\...\{93EA1F94-3617-47CE-9EB2-B8DC3AC0B880}) (Version: 1.50.1216 - Lenovo) Macromedia Fireworks MX 2004 (HKLM-x32\...\{E583ED6F-BD99-4066-A420-C815BF692B69}) (Version: 7 - Macromedia) Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo) Microsoft Office 365 - sv-se (HKLM\...\O365HomePremRetail - sv-se) (Version: 16.0.12026.20264 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation) Mozilla Firefox 67.0.4 (x64 sv-SE) (HKLM\...\Mozilla Firefox 67.0.4 (x64 sv-SE)) (Version: 67.0.4 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation) NVIDIA Grafikdrivrutin 436.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.02 - NVIDIA Corporation) NVIDIA HD audiodrivrutin 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation) NVIDIA PhysX systemprogramvara 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12026.20264 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20264 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20264 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-041D-0000-0000000FF1CE}) (Version: 16.0.12026.20264 - Microsoft Corporation) Hidden OpenIV (HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\OpenIV) (Version: 3.1.1032 - .black/OpenIV Team) Origin (HKLM-x32\...\Origin) (Version: 10.5.48.31055 - Electronic Arts, Inc.) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.20538 - Kakao Corp.) PowerISO (HKLM-x32\...\PowerISO) (Version: 7.0 - Power Software Ltd) Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10332 - Qualcomm Atheros) Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.242 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7824 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games) Spotify (HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB) Turtle Beach Arena Editor (HKLM-x32\...\{00B2A03E-F676-4296-ADD8-AFAB68D905DE}) (Version: 0.1.7 - Turtle Beach) Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.3.5 - Unified Intents AB) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation) Uppdateringsassistenten för Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22807 - Microsoft Corporation) WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) Packages: ========= AccuWeather - Weather for Life -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.348.1000_x64__8zz2pj9h1h1d8 [2018-04-08] (AccuWeather) [MS Ad] Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.) DirectX -> C:\Program Files\WindowsApps\Microsoft.DirectXRuntime_9.29.952.0_x64__8wekyb3d8bbwe [2019-07-24] (Microsoft Corporation) DirectX -> C:\Program Files\WindowsApps\Microsoft.DirectXRuntime_9.29.952.0_x86__8wekyb3d8bbwe [2019-07-24] (Microsoft Corporation) E-post och Kalender -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad] Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.351.461.2_x64__8wekyb3d8bbwe [2019-10-05] (Microsoft Studios) Game Controller Tester -> C:\Program Files\WindowsApps\11032Reconco.XboxControllerTester_1.5.5.0_x64__thvmwcgtjwwvy [2019-04-14] (Reconco) [MS Ad] Gears 5 -> C:\Program Files\WindowsApps\Microsoft.HalifaxBaseGame_1.1.74.0_x64__8wekyb3d8bbwe [2019-10-01] (Microsoft Studios) Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-07-29] (Keeper Security Inc) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1909.24.0_x64__k1h2ywk1493x8 [2019-09-20] (LENOVO INC.) Lenovo-kontoportal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-07-21] (LENOVO INCORPORATED.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad] Microsoft News - Nyheter -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] MSN Väder -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.94.574.0_x64__mcm4njqhnhss8 [2019-09-29] (Netflix, Inc.) Speltjänster -> C:\Program Files\WindowsApps\Microsoft.GamingServices_1.32.14001.0_x64__8wekyb3d8bbwe [2019-08-23] (Microsoft Corporation) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.) Xbox (Beta) -> C:\Program Files\WindowsApps\Microsoft.GamingApp_1910.1001.6.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) Zalando Shopping -> C:\Program Files\WindowsApps\ZALANDOGMBH.ZALANDOSHOPPING_4.12.0.0_x64__05n91v0wqp63r [2019-02-11] (Zalando SE) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll -> No File ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => D:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-10-24] (Power Software Ltd) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => D:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-10-24] (Power Software Ltd) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-08-16] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll -> No File ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => D:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2017-10-24] (Power Software Ltd) [File not signed] ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2019-01-28 19:29 - 2019-01-28 19:29 - 000015872 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libEGL.DLL 2019-01-28 19:28 - 2019-01-28 19:28 - 002786816 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libGLESv2.dll 2019-03-27 17:57 - 2019-03-27 17:57 - 000204800 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll 2019-03-27 17:52 - 2019-03-27 17:52 - 000098816 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll 2019-09-02 22:08 - 2019-05-28 15:06 - 001021440 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll 2017-10-24 04:38 - 2017-10-24 04:38 - 000311808 _____ (Power Software Ltd) [File not signed] D:\Program Files (x86)\PowerISO\PWRISOSH.DLL 2019-09-20 15:18 - 2019-06-08 16:48 - 001257472 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll 2019-02-01 11:31 - 2019-02-01 11:31 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll 2018-10-27 19:13 - 2014-12-29 23:22 - 000565248 _____ (Soft Service Company) [File not signed] D:\Program Files (x86)\Unified Remote 3\wcl.dll 2019-03-12 12:10 - 2019-03-12 12:10 - 001299456 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LIBEAY32.dll 2019-03-12 12:10 - 2019-03-12 12:10 - 000281600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ssleay32.dll 2019-10-08 19:41 - 2019-06-11 08:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\Program Files (x86)\Origin\LIBEAY32.dll 2019-10-08 19:41 - 2019-06-11 08:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\Program Files (x86)\Origin\ssleay32.dll 2019-10-08 19:41 - 2019-07-12 09:23 - 001611264 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\platforms\qwindows.dll 2019-10-08 19:41 - 2019-07-12 09:23 - 005487104 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5Core.dll 2019-10-08 19:41 - 2019-07-12 09:23 - 005841920 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5Gui.dll 2019-10-08 19:41 - 2019-07-12 09:23 - 001179136 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5Network.dll 2019-10-08 19:41 - 2019-07-12 09:23 - 005089792 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5Widgets.dll 2019-10-08 19:41 - 2019-07-12 09:23 - 000184832 _____ (The Qt Company Ltd) [File not signed] D:\Program Files (x86)\Origin\Qt5Xml.dll 2019-01-29 06:53 - 2019-01-29 06:53 - 000081408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\audio\qtaudio_wasapi.dll 2019-01-29 06:52 - 2019-01-29 06:52 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\audio\qtaudio_windows.dll 2019-01-28 19:35 - 2019-01-28 19:35 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qgif.dll 2019-01-29 06:21 - 2019-01-29 06:21 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qicns.dll 2019-01-28 19:35 - 2019-01-28 19:35 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qico.dll 2019-01-28 19:36 - 2019-01-28 19:36 - 000364032 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qjpeg.dll 2019-01-29 06:21 - 2019-01-29 06:21 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qsvg.dll 2019-01-29 06:20 - 2019-01-29 06:20 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtga.dll 2019-01-29 06:21 - 2019-01-29 06:21 - 000331776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtiff.dll 2019-01-29 06:20 - 2019-01-29 06:20 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwbmp.dll 2019-01-29 06:21 - 2019-01-29 06:21 - 000414208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwebp.dll 2019-01-28 19:37 - 2019-01-28 19:37 - 001192960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\platforms\qwindows.dll 2019-01-28 19:30 - 2019-01-28 19:30 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Concurrent.dll 2019-03-27 18:25 - 2019-03-27 18:25 - 005087232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Core.dll 2019-01-28 19:32 - 2019-01-28 19:32 - 005341184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Gui.dll 2019-01-29 06:50 - 2019-01-29 06:50 - 000576512 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Multimedia.dll 2019-01-28 19:31 - 2019-01-28 19:31 - 001043456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Network.dll 2019-01-29 06:42 - 2019-01-29 06:42 - 003360768 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Qml.dll 2019-01-29 06:37 - 2019-01-29 06:37 - 003175936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Quick.dll 2019-01-29 06:55 - 2019-01-29 06:55 - 000142336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickControls2.dll 2019-01-29 06:54 - 2019-01-29 06:54 - 000848384 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickTemplates2.dll 2019-01-29 06:50 - 2019-01-29 06:50 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Scxml.dll 2019-01-29 06:21 - 2019-01-29 06:21 - 000264704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Svg.dll 2019-01-28 19:34 - 2019-01-28 19:34 - 004529152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Widgets.dll 2019-01-29 07:04 - 2019-01-29 07:04 - 000444416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5WinExtras.dll 2019-01-28 19:30 - 2019-01-28 19:30 - 000147456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Xml.dll 2019-01-29 06:49 - 2019-01-29 06:49 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2019-01-29 06:48 - 2019-01-29 06:48 - 000056320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2019-01-29 06:40 - 2019-01-29 06:40 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick.2\qtquick2plugin.dll 2019-01-29 07:00 - 2019-01-29 07:00 - 000447488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls.2\qtquickcontrols2plugin.dll 2019-01-29 06:56 - 2019-01-29 06:56 - 000271360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-01-29 06:41 - 2019-01-29 06:41 - 000072192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-01-29 06:55 - 2019-01-29 06:55 - 000260608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Templates.2\qtquicktemplates2plugin.dll 2019-01-29 06:41 - 2019-01-29 06:41 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Window.2\windowplugin.dll 2019-01-28 19:36 - 2019-01-28 19:36 - 000122880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\styles\qwindowsvistastyle.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Josip\AppData\Local\Temp:$DATA​ [16] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 13:47 - 2019-10-08 20:17 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts 2017-10-31 20:20 - 2019-05-30 22:20 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 69.254.33.120 Josip.mshome.net # 2024 4 4 18 15 25 22 945 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-81866132-2518726467-3289997804-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Josip\Desktop\JJM\Bilder\joker_harley_quinn_105399_2560x16002.png DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: Killer Service V2 => 2 HKU\S-1-5-21-81866132-2518726467-3289997804-1001\...\StartupApproved\Run: => "Web Companion" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{49F49E88-DE09-442D-8158-97DF4B3600A7}D:\program files (x86)\killsquad\killsquad\game\binaries\win64\game-win64-shipping.exe] => (Block) D:\program files (x86)\killsquad\killsquad\game\binaries\win64\game-win64-shipping.exe No File FirewallRules: [TCP Query User{A6ABE2F4-71CD-4917-AEA2-D50288A314EA}D:\program files (x86)\killsquad\killsquad\game\binaries\win64\game-win64-shipping.exe] => (Block) D:\program files (x86)\killsquad\killsquad\game\binaries\win64\game-win64-shipping.exe No File FirewallRules: [{A737E13B-EA0E-46BA-9965-BAEF4F6CCFC5}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{7CDE90FD-7B1C-4999-8081-2F066E02361F}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{5C481D2C-DEB1-4AB7-9CD9-DA64FD6D9E38}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C7B1902F-9660-4ABD-8C82-94039C6F5F20}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [UDP Query User{CE2382EC-E9FA-468C-ABD8-6E0B07CAD724}D:\program files (x86)\unified remote 3\remoteserverwin.exe] => (Allow) D:\program files (x86)\unified remote 3\remoteserverwin.exe (Unified Intents AB -> Unified Intents AB) FirewallRules: [TCP Query User{0950BD51-B36C-4C2D-A247-7F0CD1F1A7AB}D:\program files (x86)\unified remote 3\remoteserverwin.exe] => (Allow) D:\program files (x86)\unified remote 3\remoteserverwin.exe (Unified Intents AB -> Unified Intents AB) FirewallRules: [UDP Query User{D01BDA1C-EE9B-4320-9A09-0B6AB2990BD8}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{199938E4-50DB-42D5-ADDC-E4C9DA96E974}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{999B6FA0-8E92-4981-BE8D-6F1723949A9E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation ) FirewallRules: [{699EE016-8F5F-4DFF-A376-E02315B93DF6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation ) FirewallRules: [TCP Query User{5E21CD7A-560B-4E0B-986F-2269EF4F19CD}D:\program files (x86)\destiny 2\destiny2.exe] => (Allow) D:\program files (x86)\destiny 2\destiny2.exe No File FirewallRules: [UDP Query User{202BD50D-1384-4FCE-AEE3-B86610234860}D:\program files (x86)\destiny 2\destiny2.exe] => (Allow) D:\program files (x86)\destiny 2\destiny2.exe No File FirewallRules: [{9552C980-3AA9-4CDD-AE91-4EF9B56FDC05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{18003498-687A-40ED-9BDC-326012A7F820}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{58C98010-4997-40EC-ABB0-0EAB2386A6B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6C6AB962-7C18-4428-834D-43DD63F1F020}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe (FUNCOM OSLO AS -> BattlEye Innovations) FirewallRules: [{9E6A7451-E915-49EB-A675-769EF8B5A8D4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe (FUNCOM OSLO AS -> BattlEye Innovations) FirewallRules: [{90F3ACEC-7820-41A3-BC9E-CACEB86A6793}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe (FUNCOM OSLO AS -> Funcom Oslo AS) FirewallRules: [{3A306772-FEF8-4EB0-A4F0-C6F5D71E432D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe (FUNCOM OSLO AS -> Funcom Oslo AS) FirewallRules: [TCP Query User{ACBAB5EB-338D-498F-9D81-57CF2F3E083C}C:\users\josip\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\josip\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{6A3BC499-56B5-4CF1-98A6-BF5FA705B41C}C:\users\josip\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\josip\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{7622394D-A6DC-45B5-9819-0BA8B66989D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{8419A2CC-9468-49B4-8364-90E520980F78}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{30EF84C6-4A97-45EE-8CDB-218E6E169551}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D76F097F-55F3-4E3E-8F26-DC466C65FFE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [TCP Query User{A5755C93-DA6E-402B-9A42-CD0A66FE6DD7}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File FirewallRules: [UDP Query User{C3CBCBCF-30C5-4B9D-980F-20289BC063FD}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File FirewallRules: [TCP Query User{60378A07-E3C2-46E6-9AD2-C0AD7E9E7536}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [UDP Query User{E4E44F89-2D60-48AF-ACB9-5621A4494481}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{01553C3A-7304-4ECE-AC16-73972551CD2B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{509780AF-9423-4A81-939D-DDAC12F30763}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{53284B65-B145-4459-89B8-0EE28A1EDC8C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{5E483FAC-FD76-43DD-A97C-F8A4223DC4F2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> ) FirewallRules: [{EAC8A59F-C8E1-40E6-B334-1AA964F9E8D4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{8B18DF19-3B84-43A1-AFAC-DF7110240DAD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{2BED438E-A0D4-4F82-B5B5-DE5BB43D45A6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{F44845BC-5ACC-4E48-8BE4-6849DF835C89}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> ) FirewallRules: [{1A5867C3-A918-4280-BE8D-FCD6C060BD95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{A31A09A7-9082-463C-B963-C49444F777A0}C:\users\josip\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josip\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{EA1C587C-8EE4-44F8-88BF-6CBF505C964E}C:\users\josip\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\josip\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8A1C480D-8ED4-4DBA-A6FF-68A09F6F8067}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{D54C7B48-3C65-49A1-9B51-46E8862D6DAC}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{B88A565A-64FE-4FCB-ACE6-73887F38FF1B}D:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) D:\program files (x86)\origin games\apex\r5apex.exe (NVIDIA GameStream Server -> Respawn Entertainment) [File not signed] FirewallRules: [UDP Query User{4CD7DC23-E919-4B1C-B872-DA3F1F30C68D}D:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) D:\program files (x86)\origin games\apex\r5apex.exe (NVIDIA GameStream Server -> Respawn Entertainment) [File not signed] FirewallRules: [{8CB54856-B0A1-4CB6-8FC8-F81773A841A4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie) FirewallRules: [{6E90207A-74E5-4B17-AA85-B50D287D0CE9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie) FirewallRules: [{13C81E5D-7F5D-4785-A0B2-14BC2BE0455C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{824781AC-6647-43A0-A522-F77B7397DE83}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) ==================== Codecs (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1470976 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed] HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com) ==================== Restore Points ========================= 29-09-2019 21:03:43 Schemalagd kontrollpunkt 01-10-2019 21:14:29 Windows Säkerhetskopiering 08-10-2019 19:42:14 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/08/2019 08:30:40 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5984,R,98) TILEREPOSITORYS-1-5-18: Felet -1023 (0xfffffc01) inträffade när loggfilen C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log öppnades. Error: (10/08/2019 08:17:49 PM) (Source: DAX2API) (EventID: 0) (User: ) Description: Det går inte att starta tjänsten. System.ApplicationException: CoRegisterClassObject failed w/err 0x80004015 vid DolbyDAX.COMService.OnStart(String[] args) vid System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (10/08/2019 08:17:03 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när rutinen CoCreateInstance anropades. hr = 0x8007045b, Systemet håller på att avslutas. . Error: (10/08/2019 08:17:03 PM) (Source: VSS) (EventID: 13) (User: ) Description: Information om tjänsten Volume Shadow Copy: COM-severn med CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} och namnet CEventSystem kan inte startas. [0x8007045b, Systemet håller på att avslutas. ] Error: (10/08/2019 08:16:12 PM) (Source: DAX2API) (EventID: 0) (User: ) Description: Det går inte att starta tjänsten. System.ApplicationException: CoRegisterClassObject failed w/err 0x80004015 vid DolbyDAX.COMService.OnStart(String[] args) vid System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (10/08/2019 08:15:32 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när rutinen CoCreateInstance anropades. hr = 0x8007045b, Systemet håller på att avslutas. . Error: (10/08/2019 08:15:32 PM) (Source: VSS) (EventID: 13) (User: ) Description: Information om tjänsten Volume Shadow Copy: COM-severn med CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} och namnet CEventSystem kan inte startas. [0x8007045b, Systemet håller på att avslutas. ] Error: (10/08/2019 08:15:32 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när rutinen CoCreateInstance anropades. hr = 0x8007045b, Systemet håller på att avslutas. . System errors: ============= Error: (10/08/2019 08:17:44 PM) (Source: BTHUSB) (EventID: 5) (User: ) Description: Bluetooth-drivrutinen förväntade en HCI-händelse av en viss storlek, men tog inte emot någon sådan. Error: (10/08/2019 08:17:03 PM) (Source: DCOM) (EventID: 10005) (User: NT instans) Description: DCOM fick felet "1115" vid försök att starta tjänsten SecurityHealthService med argumenten "Inte tillgänglig" för att köra servern: {8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0} Error: (10/08/2019 08:16:59 PM) (Source: DCOM) (EventID: 10010) (User: NT instans) Description: Servern {AB93B6F1-BE76-4185-A488-A9001B105B94} registrerades inte med DCOM inom erforderlig timeout. Error: (10/08/2019 08:16:57 PM) (Source: DCOM) (EventID: 10010) (User: JOSIP) Description: Servern {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} registrerades inte med DCOM inom erforderlig timeout. Error: (10/08/2019 08:16:57 PM) (Source: DCOM) (EventID: 10010) (User: JOSIP) Description: Servern {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} registrerades inte med DCOM inom erforderlig timeout. Error: (10/08/2019 08:16:06 PM) (Source: BTHUSB) (EventID: 5) (User: ) Description: Bluetooth-drivrutinen förväntade en HCI-händelse av en viss storlek, men tog inte emot någon sådan. Error: (10/08/2019 07:55:33 PM) (Source: BTHUSB) (EventID: 5) (User: ) Description: Bluetooth-drivrutinen förväntade en HCI-händelse av en viss storlek, men tog inte emot någon sådan. Error: (10/08/2019 07:54:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans) Description: Installationsfel: Det gick inte att installera följande uppdatering på grund av fel 0x8024001e: Windows-verktyget Borttagning av skadlig programvara – oktober 2019 (KB890830). Windows Defender: =================================== Date: 2019-10-07 12:23:19.812 Description: Windows Defender Antivirus-sökningen stoppades innan den slutfördes. Söknings-ID: {E8922200-C899-4489-8E1F-5487445A2D2C} Sökningstyp: Antimalware Sökningsparametrar: Snabbsökning Användare: NT instans\SYSTEM Date: 2019-10-07 12:11:22.916 Description: Windows Defender Antivirus-sökningen stoppades innan den slutfördes. Söknings-ID: {E2EEE5AF-D857-43B9-A67B-D2EDD39E89B4} Sökningstyp: Antimalware Sökningsparametrar: Snabbsökning Användare: NT instans\SYSTEM Date: 2019-10-06 14:27:31.072 Description: Windows Defender Antivirus har upptäckt skadlig kod eller oönskad programvara. Mer information finns här: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0 Namn: Trojan:Win32/Tiggre!plock ID: 2147723626 Allvarlighetsgrad: Allvarlig Kategori: Trojan Sökväg: file:_C:\Windows\System32\StartupCheckLibrary.dll Ursprung till identifieringen: Lokal dator Identifieringstyp: FastPath Identifieringskälla: Realtidsskydd Användare: JOSIP\Josip Processnamn: C:\Windows\System32\rundll32.exe Version av säkerhetsinsikter: AV: 1.303.1022.0, AS: 1.303.1022.0, NIS: 1.303.1022.0 Motorversion: AM: 1.1.16400.2, NIS: 1.1.16400.2 Date: 2019-10-04 20:34:13.701 Description: Windows Defender Antivirus-sökningen stoppades innan den slutfördes. Söknings-ID: {1A3CE3AB-4A93-45D4-B6A3-502B4FA6B131} Sökningstyp: Antimalware Sökningsparametrar: Snabbsökning Användare: NT instans\SYSTEM Date: 2019-09-30 22:39:00.294 Description: Windows Defender Antivirus-sökningen stoppades innan den slutfördes. Söknings-ID: {40B3FD01-9A68-4DA8-9938-F482C5F5CF94} Sökningstyp: Antimalware Sökningsparametrar: Snabbsökning Användare: NT instans\SYSTEM CodeIntegrity: =================================== Date: 2019-10-08 20:17:43.160 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-10-08 20:16:05.103 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-10-08 19:55:31.331 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-10-08 19:34:47.671 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-10-07 22:24:37.552 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-10-07 22:13:29.511 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-10-07 11:56:21.553 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-10-06 14:14:58.644 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: LENOVO O2DKT20A 10/24/2016 Motherboard: LENOVO 364A Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz Percentage of memory in use: 38% Total physical RAM: 16337.93 MB Available physical RAM: 10127.21 MB Total Virtual: 18769.93 MB Available Virtual: 10365.11 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:237.12 GB) (Free:154.25 GB) NTFS Drive d: () (Fixed) (Total:901.02 GB) (Free:475.47 GB) NTFS Drive e: (Seagate) (Fixed) (Total:3725.9 GB) (Free:2943.52 GB) NTFS \\?\Volume{a3be8299-c3a6-4d52-a8b1-b9de2e6e8267}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.55 GB) NTFS \\?\Volume{17a58569-2a56-4a9d-a156-7289cba7f6af}\ (LENOVO_PART) (Fixed) (Total:30 GB) (Free:17.85 GB) NTFS \\?\Volume{d61352c4-df8b-5954-9284-6256eeb8a3aa}\ () (Fixed) (Total:71.07 GB) (Free:0 GB) NTFS \\?\Volume{abe3faae-96cb-4df4-8165-3421c30c5f34}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 3D47853D) Partition: GPT. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 3D478551) Partition: GPT. ======================================================== Disk: 2 (Size: 3726 GB) (Disk ID: 0B9811F0) Partition: GPT. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 3. ==================== End of Addition.txt ============================