Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020 Ran by cstar (09-03-2020 18:49:29) Running from C:\Users\cstar\Desktop Windows 10 Home Version 1909 18363.657 (X64) (2020-03-06 20:53:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4035741328-3155629565-2648758277-500 - Administrator - Disabled) charl (S-1-5-21-4035741328-3155629565-2648758277-1003 - Limited - Disabled) cstar (S-1-5-21-4035741328-3155629565-2648758277-1001 - Administrator - Enabled) => C:\Users\cstar DefaultAccount (S-1-5-21-4035741328-3155629565-2648758277-503 - Limited - Disabled) famil (S-1-5-21-4035741328-3155629565-2648758277-1004 - Limited - Enabled) => C:\Users\famil Guest (S-1-5-21-4035741328-3155629565-2648758277-501 - Limited - Disabled) holly (S-1-5-21-4035741328-3155629565-2648758277-1002 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-4035741328-3155629565-2648758277-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3034 - Acer Incorporated) Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer) Acer Jumpstart (HKLM-x32\...\{4B92BFBE-917D-4FA1-97E9-DB9D91286E90}) (Version: 3.0.18135.100 - Acer) Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3028 - Acer Incorporated) Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3005 - Acer Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.1.1 - Advanced Micro Devices, Inc.) App Explorer (HKU\S-1-5-21-4035741328-3155629565-2648758277-1001\...\Host App Service) (Version: 0.273.3.727 - SweetLabs) <==== ATTENTION App Explorer (HKU\S-1-5-21-4035741328-3155629565-2648758277-1004\...\Host App Service) (Version: 0.273.3.727 - SweetLabs) <==== ATTENTION AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - ) Backup and Sync from Google (HKLM\...\{825F60D9-2633-4D52-B2B0-5DA143433BBC}) (Version: 3.48.8668.1933 - Google, Inc.) Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.132 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden HandBrake 1.2.0 (HKLM-x32\...\HandBrake) (Version: 1.2.0 - ) HP DeskJet 3630 series Basic Device Software (HKLM\...\{2125FB8B-5542-495A-B0F7-CD6DDBE99C2A}) (Version: 40.11.1107.1739 - HP Inc.) HP DeskJet 3630 series Help (HKLM-x32\...\{5F074370-FEB0-4477-820F-A59DF28A933E}) (Version: 35.0.0 - Hewlett Packard) HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP) HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) Microsoft OneDrive (HKU\S-1-5-21-4035741328-3155629565-2648758277-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4035741328-3155629565-2648758277-1004\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation) OEM Application Profile (HKLM-x32\...\{60499BF0-C3D1-40CC-8600-8A7246534466}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Plex Media Server (HKLM-x32\...\{31f2ca4b-f84d-4930-bc76-30d3ddb40bbc}) (Version: 1.18.3.2156 - Plex, Inc.) Plex Media Server (HKLM-x32\...\{8CC5692D-EC4C-49F9-82ED-92065D829FBB}) (Version: 1.18.2156 - Plex, Inc.) Hidden Product Improvement Study for HP DeskJet 3630 series (HKLM\...\{416B7D0C-0AEC-4FE6-AE40-4E12857CCA55}) (Version: 40.11.1107.1739 - HP Inc.) Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10454 - Qualcomm) Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.309 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8122 - Realtek Semiconductor Corp.) Roblox Player for famil (HKU\S-1-5-21-4035741328-3155629565-2648758277-1004\...\roblox-player) (Version: - Roblox Corporation) Roblox Studio for famil (HKU\S-1-5-21-4035741328-3155629565-2648758277-1004\...\roblox-studio) (Version: - Roblox Corporation) Stopping Plex (HKLM-x32\...\{62D904BF-8577-433A-BF34-7F7F6E906E9E}) (Version: 1.18.2156 - Plex, Inc.) Hidden UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.1 - WildTangent) WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 1.0.0.400 - WildTangent) Hidden Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited) Packages: ========= Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3013.0_x64__48frkmn4z8aw4 [2019-12-09] (Acer Incorporated) Booking.com Partner App -> C:\Program Files\WindowsApps\4AE8B7C2.Booking.comPartnerApp_1.1.2.1000_x64__6wqyppa9wfhnr [2018-09-05] (Booking.com B.V.) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.4081.0_x64__rz1tebttyb220 [2020-03-06] (Dolby Laboratories) eBay -> C:\Program Files\WindowsApps\eBay_1.0.1606.2210_x64__96rgg7pjt343r [2018-06-07] (CN=Acer Incorporated) Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.23.8859.0_x86__q4d96b2w5wcc2 [2020-02-21] (Evernote) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.671.0_x64__v10z8vjag6ke6 [2020-02-07] (HP Inc.) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa [2020-01-31] (Apple Inc.) [Startup Task] LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-09-05] (LinkedIn) Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2018-09-30] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2018-09-30] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20583.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation) [MS Ad] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.3002.0_x64__8wekyb3d8bbwe [2020-02-12] (Microsoft Studios) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-25] (Netflix, Inc.) PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2019-06-12] (CYBERLINK COM CORP) PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2018-06-07] (CYBERLINK COM CORP) Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_5.7.25.0_x64__kx24dqmazqk8j [2020-01-17] (Random Salad Games LLC) [MS Ad] Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_5.2.24.0_x64__kx24dqmazqk8j [2018-06-07] (Random Salad Games LLC) [MS Ad] Stagelight -> C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778 [2019-03-22] (Open Labs LLC) Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.82.0_x64__qt5r5pa5dyg8m [2019-12-24] (WildTangent Games) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-12-22] (Google LLC -> Google) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-12-22] (Google LLC -> Google) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-12-22] (Google LLC -> Google) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-12-26 21:43 - 2019-12-26 21:43 - 000629760 _____ () [File not signed] \\?\C:\Users\cstar\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\aac_decoder.dll 2019-12-26 21:43 - 2019-12-26 21:43 - 000336384 _____ () [File not signed] \\?\C:\Users\cstar\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\ac3_decoder.dll 2019-12-26 21:43 - 2019-12-26 21:43 - 000393728 _____ () [File not signed] \\?\C:\Users\cstar\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\ac3_encoder.dll 2019-12-26 21:43 - 2019-12-26 21:43 - 001558016 _____ () [File not signed] \\?\C:\Users\cstar\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\h264_decoder.dll 2019-12-26 21:43 - 2019-12-26 21:43 - 000817152 _____ () [File not signed] \\?\C:\Users\cstar\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\hevc_decoder.dll 2019-12-26 21:43 - 2019-12-26 21:43 - 001799680 _____ () [File not signed] \\?\C:\Users\cstar\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\libx264_encoder.dll 2019-12-26 21:43 - 2019-12-26 21:43 - 001267200 _____ () [File not signed] \\?\C:\Users\cstar\AppData\Local\Plex Media Server\Codecs\8bf330d-2818-windows-x86\mpeg4_decoder.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 001603072 _____ () [File not signed] C:\Program Files (x86)\Windscribe\libGLESv2.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 000071168 _____ () [File not signed] C:\Program Files (x86)\Windscribe\zlib1.dll 2018-03-13 03:47 - 2018-03-13 03:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll 2018-03-13 03:47 - 2018-03-13 03:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll 2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll 2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 000058368 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\cares.dll 2020-01-11 15:45 - 2018-09-13 23:56 - 000350208 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\libcurl.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 001212928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\LIBEAY32.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\SSLEAY32.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qgif.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qico.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 000986624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\platforms\qwindows.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 004694016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Core.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 003677184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Gui.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 000856064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Network.dll 2020-01-11 15:45 - 2018-07-06 17:22 - 004483072 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Widgets.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2020-02-16 21:05 - 2020-02-16 21:05 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4035741328-3155629565-2648758277-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cstar\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg HKU\S-1-5-21-4035741328-3155629565-2648758277-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-4035741328-3155629565-2648758277-1001\...\StartupApproved\Run: => "GoogleDriveSync" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{456E4800-7D6D-45E9-97E0-C21E8ED68CFF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{58DDFC90-CEFE-420B-B6D6-2ABB086EBE12}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12527.20242.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9FC92949-0850-4137-9B61-65D77ED44E74}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DD04D94A-B1E3-4C37-8D78-CF62E1A83DCE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6BC89333-55B1-4238-9EC1-102E89095615}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{EF7C3FCA-CFE0-43B6-A213-C6B69DC3242E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{ABFA87AF-64A5-46E1-BEAA-844848631C4B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0B8ADAC5-0008-4CB6-B96D-EB9A1DB4F7AA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C2DBF5AB-EEA6-4C77-9548-ADF38D078B48}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0481FA25-57AC-4F8C-B0C9-D6282BEA2E59}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [UDP Query User{069BFB9D-A822-499A-A165-0BAFF1CB8430}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [TCP Query User{42DAA503-36EE-481C-800A-AFB3A35FD027}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited) FirewallRules: [{F4D3316A-BAE4-4696-B793-F1E9162724A4}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> ) FirewallRules: [{3E3BF6D2-59EF-449F-A1DC-FCAA8BB40C4D}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.) FirewallRules: [{4CEEE69D-B350-4EAD-9987-7BEA17422B8E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation) FirewallRules: [{7185881E-BB66-456E-8C3D-6580F63E34C3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.) FirewallRules: [{DEBF7159-697B-49C1-9E26-E885BA173387}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> ) FirewallRules: [{838C3BE1-BDC7-498E-921C-9A9D2C34C51E}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> ) FirewallRules: [{8A29F89F-5363-4D1E-A96E-B41C7546B0C5}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> ) FirewallRules: [{22D3A992-DCE4-4F7E-A26C-627E3F7CD86C}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> ) FirewallRules: [{B569C5F2-09C9-481B-9F0F-365285C36C49}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> ) FirewallRules: [{9D00AF9B-170A-4FA0-A7AD-5DFB501F13B2}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> ) FirewallRules: [{72A59BCA-E358-4148-AC1A-AAD63C00C7CA}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> ) FirewallRules: [{A06E3237-FFF3-4661-8C25-917220490460}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> ) FirewallRules: [{5993E86B-1DB6-474C-BB06-2CB07CA40F79}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> ) FirewallRules: [{16244203-E66A-41D9-8313-79DCE7E13349}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> ) FirewallRules: [{EF618FFB-BB0B-4767-968C-11BC929FF9A1}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> ) FirewallRules: [{568A9013-774C-4554-A58C-585D6D859CB6}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> ) FirewallRules: [{C34C1F04-DB63-457B-9F24-8D00214EF32F}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{4A047994-DB1E-41EA-B346-B85AD9D593E6}] => (Allow) LPort=5357 FirewallRules: [{11F15BF7-1B28-4FDF-A07C-1ECF4C20D569}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{C2E7FE94-5E7A-44A6-BB35-E85922FABE5C}] => (Allow) C:\Users\cstar\AppData\Local\Temp\7zS1382\HPDiagnosticCoreUI.exe No File FirewallRules: [{B0A9EC79-0D40-4FB6-B78C-ECC062036BF4}] => (Allow) C:\Users\cstar\AppData\Local\Temp\7zS1382\HPDiagnosticCoreUI.exe No File FirewallRules: [UDP Query User{28756D35-6D16-485F-B65E-AC98BA1E3F75}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe No File FirewallRules: [TCP Query User{3F22C98C-FADB-4B6A-8DD6-4BAA8DDC675A}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe No File FirewallRules: [{AA716A3D-232B-44FC-9275-F04E561847BE}] => (Allow) C:\Users\cstar\AppData\Local\Temp\7zS5BFF\HP.EasyStart.exe No File FirewallRules: [{97CBA24A-DE23-4583-9ECC-2412FD8CCDDC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File FirewallRules: [{E933AB54-5E0B-4B3E-9CD8-0856336F9A29}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [{E6EC4295-FDC5-4B78-B831-E52A18FCC880}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [TCP Query User{BFC0F214-66B3-4667-90BC-2DB85C1E4C52}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [UDP Query User{4E5D133E-9237-4A5E-833A-FC745F903E8C}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [TCP Query User{9BE63530-9997-4313-8DA2-D644F327E760}C:\games\football manager 2019\fm.exe] => (Allow) C:\games\football manager 2019\fm.exe (Sports Interactive) [File not signed] FirewallRules: [UDP Query User{C4443C3B-5268-48A1-A97C-AE0F3CA04807}C:\games\football manager 2019\fm.exe] => (Allow) C:\games\football manager 2019\fm.exe (Sports Interactive) [File not signed] FirewallRules: [{5FCB64B6-CDF7-4F19-8DB1-CFE828B64797}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{78934094-D2FA-4644-BBF9-19D980C0F063}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C5DD9F18-F64B-4EDE-983F-5014BD4A2EB0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D3E556F8-AE35-45CE-B626-081E18AD8CFB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5EE9FDE7-1869-479E-BC83-84E6C7177172}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{270C3029-81DE-4618-BE77-D4A30C3E00DE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4F01DCDE-8582-49F1-9B89-B39D56AF84D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A158E49B-4143-40E4-98B4-2D1884D3E319}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{D9FC6865-3ACF-46FA-BC72-0C2E979D7ADB}C:\users\cstar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cstar\appdata\roaming\spotify\spotify.exe No File FirewallRules: [UDP Query User{453E3273-1F88-4AC2-ABB4-5C61D1C3B392}C:\users\cstar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cstar\appdata\roaming\spotify\spotify.exe No File ==================== Restore Points ========================= 06-03-2020 23:23:28 Windows Update 08-03-2020 18:40:12 Removed Java 8 Update 151 (64-bit) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/09/2020 05:38:36 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 26776 and the required size was 28072. Error: (03/08/2020 08:01:59 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (03/08/2020 08:01:59 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] System errors: ============= Error: (03/08/2020 08:01:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD User Experience Program Launcher service terminated unexpectedly. It has done this 1 time(s). Error: (03/08/2020 08:01:49 PM) (Source: DCOM) (EventID: 10010) (User: FAMILY-ACER-LAP) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2020-03-09 17:57:51.442 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {47424488-62FB-472D-89D0-6752AA0DB91E} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-03-09 17:29:53.860 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {30FE2782-DCF2-4896-A520-4511F6E915B1} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-03-09 15:52:51.816 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {79DB7D7F-21D9-4FD5-A8EA-F204E642140E} Scan Type: Antimalware Scan Parameters: Quick Scan ==================== Memory info =========================== BIOS: Insyde Corp. V1.04 03/12/2018 Motherboard: SR Squirtle_SR Processor: AMD A6-9220 RADEON R4, 5 COMPUTE CORES 2C+3G Percentage of memory in use: 90% Total physical RAM: 3973.37 MB Available physical RAM: 368.74 MB Total Virtual: 5936.83 MB Available Virtual: 1040.7 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:580.59 GB) NTFS \\?\Volume{c56f5c1e-1d22-4fbe-b5ca-832e751a33b3}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.57 GB) NTFS \\?\Volume{1806de26-f80f-4887-9a61-7747e7856366}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 4BAD8D68) Partition: GPT. ==================== End of Addition.txt =======================