Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019 Ran by Admin (12-12-2019 17:02:38) Running from D:\Users\Hari\Desktop Windows 10 Pro Version 1903 18362.476 (X64) (2019-08-29 10:11:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-3076391084-2480122960-4283986350-1002 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-3076391084-2480122960-4283986350-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3076391084-2480122960-4283986350-503 - Limited - Disabled) Guest (S-1-5-21-3076391084-2480122960-4283986350-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3076391084-2480122960-4283986350-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Total Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8} AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Total Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20058 - Adobe Systems Incorporated) Aegisub r8942 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 0.0.0 - Aegisub Team) Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft) AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.4.0 - philandro Software GmbH) A-PDF Page Cut (HKLM-x32\...\A-PDF Page Cut_is1) (Version: - A-PDF Solution) Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.) Avidemux VC++ 64bits (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\{15a6614d-4d21-4da2-bc10-2f436661353c}) (Version: 2.7.5 - Mean) AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.1.20 - Brave Software Inc) Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft) EPUB Converter 14.0.1 (HKLM-x32\...\{6B97C53D-9973-4754-8F65-EA400F667BD6}) (Version: 14.0.1 - AniceSoft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden Intel Driver && Support Assistant (HKLM-x32\...\{31990087-E845-4714-B8D2-750497D90341}) (Version: 19.11.46.6 - Intel) Hidden Intel(R) Computing Improvement Program (HKLM\...\{85B6BF0F-EF1B-4F0F-892D-E68BD798950C}) (Version: 2.4.04669 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4703 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000030-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.30.0.5 - Intel Corporation) Intel® Driver & Support Assistant (HKLM-x32\...\{9d54562c-195e-463a-9d06-3c71c3998dfb}) (Version: 19.11.46.6 - Intel) IrfanView 4.53 (64-bit) (HKLM\...\IrfanView64) (Version: 4.53 - Irfan Skiljan) iTube Studio(Build 7.4.6.6) (HKLM-x32\...\iTube Studio_is1) (Version: 7.4.6.6 - iTube Studio) Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Kaspersky Total Security (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden Kaspersky Total Security (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.30 - PandoraTV) LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes) LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.4.2 - LG Electronics) MediaInfo 19.09 (HKLM\...\MediaInfo) (Version: 19.09 - MediaArea.net) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation) Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.1 - Mozilla) MP4Tools v3.8 (HKLM-x32\...\MP4Tools_is1) (Version: - Thüring IT-Consulting) MultiDoc Converter (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\ce473c10956d7832) (Version: 1.6.0.0 - Polenter) My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin) OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.) SoftorinoYoutubeConverter2 version 2.1.24 (HKLM\...\{E384C002-A6C9-4F6E-9BF2-2F6348653880}_is1) (Version: 2.1.24 - Softorino, Inc.) Subtitle Edit 3.5.9 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.9.0 - Nikse) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) Telegram Desktop version 1.8.15 (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN) Vodafone Mobile Connect (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.3 - ZTE Corporation) WhatsApp (HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\WhatsApp) (Version: 0.3.5374 - WhatsApp) Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) Packages: ========= Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.26.7.0_x86__kgqvnymyfvs32 [2019-12-01] (king.com) Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1652.1.0_x86__kgqvnymyfvs32 [2019-12-11] (king.com) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-10] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-10] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-14] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-24] (Microsoft Corporation) [MS Ad] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-16] (Microsoft Corporation) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0 [2019-12-11] (Spotify AB) [Startup Task] WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.3.9308.0_x64__cv1g1gvanyjgm [2019-12-01] (WhatsApp Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3076391084-2480122960-4283986350-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed] ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed] ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-11-22] (Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-11-22] (Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-11-22] (Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [2019-11-22] (Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed] ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e2f3576b7abb043d\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory=Default ShortcutWithArgument: C:\Users\Public\Desktop\Vodafone.lnk -> C:\Program Files (x86)\Vodafone Mobile Connect\LaunchWebUI.exe () -> hxxp://vodafonemobileconnect.4G ==================== Loaded Modules (Whitelisted) ============= 2019-06-10 11:03 - 2019-02-21 21:30 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2018-07-15 13:15 - 2018-07-15 13:15 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll 2018-07-15 13:15 - 2018-07-15 13:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll 2018-07-15 13:15 - 2018-07-15 13:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll 2019-05-15 20:01 - 2019-05-15 20:01 - 001878528 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-09-15 13:01 - 2018-09-15 13:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\IrfanView\IrfanView_Wallpaper.png DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk" HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-3076391084-2480122960-4283986350-1002\...\StartupApproved\StartupFolder: => "Kaspersky Internet Security.lnk" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{EDE3E3C1-849D-4E6C-9285-F661D131BD6B}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{FF554FC3-DA37-4885-BAA4-26EEF1FA3A53}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{462499F1-27A9-494B-998D-612289A1CC86}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{D1DE5F2B-F210-49AE-AF64-FFC67FA45881}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{64DE0D83-0207-415E-B8CC-A9EA8F25C788}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5F7A98BC-5DA7-4590-AFDE-C6C56D465BA7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{41E1C05F-0876-4969-9AFF-2A7AA61D1212}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{97C3E0E6-A5E2-4C82-8C58-0AB8FC4E1EFD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0040F244-1059-4D83-A2C0-4101549D9976}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6FC9802D-0549-4D20-9407-C9C93E04175F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7D6D911B-D827-4E86-AFC4-4B0D1BC7A241}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{AA05599E-A3C2-4B8E-BD29-3C7E08281E56}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{E8D43F6F-8452-4251-A56D-3378EF995225}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{31A323AA-76FA-48E2-B4E6-4DAF9BA6E979}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{BEB9E178-D4B8-4EF6-A904-0CB089CAC418}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{049C60CD-A64B-436D-8C5E-0744D750E19D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{750874B7-A881-4078-82BD-5BB82215BB96}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D99572FC-A9E2-4FFB-BAE1-2119DE77361D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B9EAC0B3-7180-447D-9D3E-AEED9BC0F9A2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{71C4347F-1E66-40D3-91F1-99AA4232F71C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{DB8929E0-10A9-4A40-9C2A-F1E4AB5D5A87}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{33FF3497-A065-4316-96F5-3D5DFA9E78D5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{7573D886-EF62-40E0-92E4-C5888DE06E5D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{08B14FD3-C3EC-4DC0-8CBB-D0483077663E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{654D70D0-1CF9-421C-BC30-5A249CF50448}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{565E6DB3-8F0C-4F9F-B88B-3C7C60246F0B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) FirewallRules: [{15FA4D69-7DB3-4984-B38A-24EE372F02F1}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> ) ==================== Restore Points ========================= 03-12-2019 12:31:28 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ Name: Remote NDIS based Internet Sharing Device Description: Remote NDIS based Internet Sharing Device Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: usbrndis6 Problem: : Currently, this hardware device is not connected to the computer. (Code 45). Resolution: The device is not present or was previously attached to the computer. To fix this problem, reconnect this hardware device to the computer. If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code. ==================== Event log errors: ======================== Application errors: ================== Error: (12/12/2019 04:55:14 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7036,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/12/2019 04:42:44 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4952,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/12/2019 01:06:55 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (12044,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/12/2019 12:47:27 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9708,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/12/2019 11:05:46 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6028,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/12/2019 10:13:08 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4252,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/12/2019 10:01:55 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (11780,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/12/2019 09:57:28 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3RTM1QB) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. System errors: ============= Error: (12/12/2019 04:26:23 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY) Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer. Error: (12/12/2019 04:26:48 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:31:52 PM on ‎12/‎12/‎2019 was unexpected. Error: (12/12/2019 08:17:15 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY) Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer. Error: (12/11/2019 05:17:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3RTM1QB) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/11/2019 05:17:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3RTM1QB) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/11/2019 05:17:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3RTM1QB) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/11/2019 05:17:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3RTM1QB) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (12/11/2019 05:17:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3RTM1QB) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2019-12-07 18:56:22.053 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {1C035F59-B540-4599-A6BC-6D92294DFEE7} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-05 18:56:20.215 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F8644728-8C8B-4730-AFF9-9EC4B813BC77} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-05 11:59:22.709 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {46C61093-5BFE-44EA-BA5F-040530616B95} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-11-30 06:21:16.332 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {76056A82-AF49-4591-A81B-5636AC40349D} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-11-29 13:01:40.359 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {0BF57C95-346F-401F-BBBA-24DCC313D36E} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-11 15:22:07.946 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.307.244.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-12-10 16:40:40.033 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.307.160.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-12-10 14:31:38.991 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.307.160.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-12-10 07:56:21.495 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.307.144.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-12-10 06:58:23.078 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.307.144.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-12-12 17:08:12.175 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-12 17:08:12.173 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-12 17:08:11.975 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-12 17:08:11.973 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-12 17:08:11.959 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-12 17:08:11.957 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-12 17:08:11.943 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-12 17:08:11.940 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Insyde Corp. V1.37 02/16/2016 Motherboard: Acer ZORO_BH Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 57% Total physical RAM: 4016.42 MB Available physical RAM: 1704.72 MB Total Virtual: 7216.42 MB Available Virtual: 3581.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:243.65 GB) (Free:114.87 GB) NTFS Drive d: (Data) (Fixed) (Total:341.8 GB) (Free:203.45 GB) NTFS Drive e: () (Fixed) (Total:345.57 GB) (Free:211.77 GB) NTFS \\?\Volume{f7b2add7-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F7B2ADD7) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=243.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================