Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-11-2020 01
Ran by 17026 (administrator) on DESKTOP-SP92S5H (ASUSTeK COMPUTER INC. X555LAB) (23-11-2020 13:14:51)
Running from C:\Users\17026\Desktop
Loaded Profiles: 17026
Platform: Windows 10 Home Version 1909 18363.657 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\17026\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\17026\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <30>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\17026\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(RealNetworks, Inc. -> ) C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [353064 2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [1272104 2020-03-04] (RealNetworks, Inc. -> )
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [Dashlane] => C:\Users\17026\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-11-04] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [DashlanePlugin] => C:\Users\17026\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-11-04] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32281272 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\...\Print\Monitors\HP a011 Status Monitor: C:\WINDOWS\system32\hpinkstsa011LM.dll [331664 2012-06-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3050A J611 series): C:\WINDOWS\system32\HPDiscoPMa011.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.66\Installer\chrmstp.exe [2020-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2020-10-08]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {26A328C8-CC1F-4247-AEDC-4B5D2169C5A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {37BFF36D-BA36-422B-B03D-BA112D5F3D5D} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {476A98B5-8DD6-4378-A529-AC2C9E7D22D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {57F48879-3541-4D03-99DA-87BE99E95C02} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [1272104 2020-03-04] (RealNetworks, Inc. -> )
Task: {70C1BF04-4074-4685-8B8B-FF0A39ECF6C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7262357A-E069-4457-8A44-00BBBD537EB7} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {79F6373D-CA19-4D54-80ED-287B18874869} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {83BEB29E-3918-46CE-B548-B77F47BC414C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4056018188-887826847-156463569-1001 => C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe [135464 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {94689567-01BE-4164-B14F-5710E760319C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A1A8A548-3127-4C44-8FF8-F3EDE398D3FF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4056018188-887826847-156463569-1001 => C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe [135464 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {A2C3BC46-A9E2-4F15-BE36-8720DBD89FEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-29] (Google LLC -> Google LLC)
Task: {B2937A79-803A-441F-8DBE-25790240A588} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B717044B-E874-466B-970E-42162FF5F37C} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411856 2015-11-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {BB244012-207E-4DFE-AFA8-D5AC7CEC3D59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-29] (Google LLC -> Google LLC)
Task: {E1DB297E-AA6E-4109-9862-E229B3301471} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174352 2015-11-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{77eb6f5f-c7c0-41dc-b206-fca31a539384}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Edge:
======
DownloadDir: C:\Users\17026\Downloads
Edge Notifications: HKU\S-1-5-21-4056018188-887826847-156463569-1001 -> hxxps://www.cnet.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\17026\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-23]
Edge HomePage: Default -> hxxp://start.toshiba.com/g/
Edge DefaultSearchURL: Default -> hxxps://manageyoursearch.com/?q={searchTerms}
Edge DefaultSuggestURL: Default -> hxxps://manageyoursearch.com/suggest?q={searchTerms}
Edge Extension: (Search Manager) - C:\Users\17026\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-04-12]
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @real.com/nppl3260;version=18.1.20.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.20.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2020-10-08] (RealNetworks, Inc. -> RealPlayer)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default [2020-11-23]
CHR Notifications: Default -> hxxps://mail.yahoo.com; hxxps://offerup.com; hxxps://www.allrecipes.com; hxxps://www.bettymills.com; hxxps://www.cnet.com; hxxps://www.dmv.com; hxxps://www.facebook.com; hxxps://www.inspireuplift.com; hxxps://www.newchic.com; hxxps://www.offthegridnews.com; hxxps://www.reddit.com; hxxps://www.thermophore.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://start.toshiba.com/g/
CHR DefaultSearchKeyword: Default -> google.com___
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-29]
CHR Extension: (Docs) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-29]
CHR Extension: (Google Drive) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-08]
CHR Extension: (Honey) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-11-17]
CHR Extension: (YouTube Music) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2020-10-08]
CHR Extension: (Smarty) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\edjkecefjhobekadlkdkopkggdefpgfp [2020-11-17]
CHR Extension: (Reason Web Security) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkgkjcdnnfpnnmgfeopbmajnbhjmnpp [2020-05-30]
CHR Extension: (Dashlane - Password Manager) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-11-18]
CHR Extension: (Sheets) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Avast Online Security) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-07-30]
CHR Extension: (letgo-web) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkfhekkfmipomaepmpocikpjpgffkop [2020-03-08]
CHR Extension: (Classifieds List App) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdneenbmjjjbjogomjjdahcoofmhpdme [2020-11-17]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-11-23]
CHR Extension: (Free Package Tracker Plus) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc [2020-11-17]
CHR Extension: (Capital One Shopping: Save in seconds) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-29]
CHR Extension: (Gmail) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-19]
CHR Extension: (Privacy Badger) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2020-10-11]
CHR Profile: C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-11-05]
CHR Extension: (Slides) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-08]
CHR Extension: (Docs) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-08]
CHR Extension: (Google Drive) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-05-08]
CHR Extension: (YouTube) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-08]
CHR Extension: (Sheets) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-08]
CHR Extension: (Google Docs Offline) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-08]
CHR Extension: (Gmail) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-08]
CHR Profile: C:\Users\17026\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-05]
CHR HKLM\...\Chrome\Extension: [egkgkjcdnnfpnnmgfeopbmajnbhjmnpp]
CHR HKLM-x32\...\Chrome\Extension: [egkgkjcdnnfpnnmgfeopbmajnbhjmnpp]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [38024 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [990856 2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\System32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [101872 2017-04-11] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2014-06-27] (ZTE CORPORATION -> HandSet Incorporated)
R1 rsKernelEngine; C:\WINDOWS\System32\DRIVERS\rsKernelEngine.sys [56832 2020-05-30] (Reason Software Company Inc. -> Windows ® Win 7 DDK provider)
S3 viahsets; C:\WINDOWS\System32\drivers\viahsets.sys [32136 2014-06-27] (ZTE CORPORATION -> Via Telecom, Inc.)
S3 viahsser; C:\WINDOWS\System32\drivers\viahsser.sys [62728 2014-06-27] (ZTE CORPORATION -> VIA Telecom)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-11-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429288 2020-11-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-18] (Microsoft Windows -> Microsoft Corporation)
S3 zghsser; C:\WINDOWS\System32\drivers\zghsser.sys [133960 2014-06-27] (ZTE CORPORATION -> ZTE Corporation)
S3 cpuz149; \??\C:\Users\17026\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-23 13:14 - 2020-11-23 13:16 - 000020789 _____ C:\Users\17026\Desktop\FRST.txt
2020-11-23 13:11 - 2020-11-23 13:11 - 002295808 _____ (Farbar) C:\Users\17026\Desktop\FRST64.exe
2020-11-23 12:27 - 2020-11-23 12:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-11-23 04:24 - 2020-11-23 04:24 - 000000000 _____ C:\Users\17026\Desktop\sfcdetails.txt
2020-11-21 00:55 - 2020-11-21 00:55 - 000002232 _____ C:\Users\17026\Desktop\Free Games.lnk
2020-11-21 00:55 - 2020-11-21 00:55 - 000002223 _____ C:\Users\17026\Desktop\New games.lnk
2020-11-21 00:55 - 2020-11-21 00:55 - 000001274 _____ C:\Users\17026\Desktop\Heroes Of Hellas.lnk
2020-11-21 00:55 - 2020-11-21 00:55 - 000000000 ____D C:\Users\17026\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atarata Games
2020-11-21 00:55 - 2020-11-21 00:55 - 000000000 ____D C:\Users\17026\AppData\Local\game
2020-11-21 00:55 - 2020-11-21 00:55 - 000000000 ____D C:\ProgramData\AlawarWrapper
2020-11-21 00:54 - 2020-11-21 00:54 - 000000000 ____D C:\Program Files (x86)\Atarata Games
2020-11-21 00:53 - 2020-11-21 00:54 - 037316064 _____ C:\Users\17026\Desktop\AtarataHeroesOfHellasFree_92.exe
2020-11-19 22:46 - 2020-11-19 22:46 - 000000000 ____D C:\Users\17026\AppData\Roaming\JaiboGames
2020-11-19 18:01 - 2020-11-19 18:02 - 000000000 ____D C:\Users\17026\Desktop\New folder
2020-11-19 08:37 - 2020-11-19 08:38 - 000000000 ____D C:\$Windows.~BT
2020-11-19 08:33 - 2020-11-19 08:38 - 000000000 ___HD C:\$SysReset
2020-11-18 03:42 - 2020-11-18 03:42 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2020-11-18 03:42 - 2020-11-18 03:42 - 000002201 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2020-11-18 03:42 - 2020-11-18 03:42 - 000002201 _____ C:\ProgramData\Desktop\Belarc Advisor.lnk
2020-11-18 03:42 - 2020-11-18 03:42 - 000000000 ____D C:\Program Files (x86)\Belarc
2020-11-18 03:41 - 2020-11-18 03:41 - 003857816 _____ C:\Users\17026\Desktop\advisorinstaller.exe
2020-11-18 03:27 - 2020-11-18 03:27 - 000001294 _____ C:\Users\17026\Desktop\Island Tribe 2.lnk
2020-11-18 03:27 - 2020-11-18 03:27 - 000001275 _____ C:\Users\17026\Desktop\Free Farm Games.lnk
2020-11-18 03:27 - 2020-11-18 03:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2020-11-18 03:27 - 2020-11-18 03:27 - 000000000 ____D C:\Program Files (x86)\GameTop.com
2020-11-18 03:26 - 2020-11-18 03:26 - 112540888 _____ (GameTop Pte. Ltd. ) C:\Users\17026\Desktop\Island-Tribe-2.exe
2020-11-17 14:02 - 2020-11-17 14:02 - 000001962 _____ C:\Users\17026\Desktop\Dashlane.lnk
2020-11-11 17:15 - 2020-11-11 17:15 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-10-30 18:22 - 2020-10-30 18:22 - 000000000 ____D C:\ProgramData\Awem
2020-10-30 18:18 - 2020-10-30 18:18 - 000000000 ____D C:\Users\17026\Documents\My Games
2020-10-30 18:17 - 2020-11-21 00:49 - 000000000 ____D C:\ProgramData\TEMP
2020-10-30 14:05 - 2020-10-30 14:05 - 000003802 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series
2020-10-30 14:05 - 2020-10-30 14:05 - 000002381 _____ C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2020-10-30 14:05 - 000002381 _____ C:\ProgramData\Desktop\HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2020-10-30 14:05 - 000001926 _____ C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2020-10-30 14:05 - 000001926 _____ C:\ProgramData\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2012-10-17 03:31 - 000741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPMa011.dll
2020-10-30 14:00 - 2015-09-17 21:15 - 057375888 _____ C:\Users\17026\Desktop\DJ3050A_J611_1315-1.exe
2020-10-29 15:29 - 2020-10-29 15:29 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4056018188-887826847-156463569-1001
2020-10-29 15:29 - 2020-10-29 15:29 - 000002363 _____ C:\Users\17026\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-23 13:15 - 2020-05-31 06:38 - 000000000 ____D C:\FRST
2020-11-23 13:14 - 2020-03-08 17:05 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-23 13:08 - 2020-03-08 16:55 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-23 12:32 - 2020-03-08 17:03 - 000000000 ____D C:\WINDOWS\INF
2020-11-23 12:32 - 2020-03-08 16:45 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-11-23 12:30 - 2020-06-29 20:32 - 000000000 ____D C:\Program Files\CCleaner
2020-11-23 12:28 - 2020-03-08 17:12 - 000000000 ___RD C:\Users\17026\OneDrive
2020-11-23 12:27 - 2020-03-08 17:07 - 000000000 __SHD C:\Users\17026\IntelGraphicsProfiles
2020-11-23 12:27 - 2020-03-08 16:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-11-23 12:26 - 2020-03-08 16:51 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-11-23 11:25 - 2020-03-08 16:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-11-23 09:15 - 2020-04-17 10:28 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3B2ECF9C-20E9-46EA-92FA-0E06AFA91793}
2020-11-23 06:44 - 2020-04-20 01:39 - 000000000 ____D C:\WINDOWS\Minidump
2020-11-23 02:39 - 2020-03-08 16:51 - 000000000 ____D C:\Users\17026
2020-11-23 00:01 - 2020-03-08 17:05 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-23 00:01 - 2020-03-08 17:05 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-11-20 14:56 - 2020-09-29 22:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-19 18:58 - 2020-03-19 09:07 - 000000000 ____D C:\Users\17026\Desktop\Personal
2020-11-18 22:30 - 2020-07-31 04:09 - 000000000 ____D C:\Users\17026\AppData\Local\CrashDumps
2020-11-18 22:30 - 2020-03-08 16:51 - 000000000 ____D C:\WINDOWS\Panther
2020-11-18 22:00 - 2020-07-31 17:36 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-18 22:00 - 2020-07-31 17:36 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-18 22:00 - 2020-07-31 17:36 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-18 05:55 - 2020-03-08 17:05 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-11-18 05:55 - 2020-03-08 16:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-11-18 03:57 - 2020-03-26 05:13 - 000000000 ____D C:\Users\17026\AppData\Local\ElevatedDiagnostics
2020-11-17 14:03 - 2020-04-18 21:08 - 000000000 ____D C:\Users\17026\AppData\Roaming\Dashlane
2020-11-12 11:00 - 2020-09-29 22:43 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-09-29 22:43 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-11-11 02:32 - 2020-03-08 23:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-11 02:08 - 2020-03-08 23:27 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-10-30 19:14 - 2020-03-08 17:10 - 000000000 ____D C:\Users\17026\AppData\Local\PlaceholderTileLogoFolder
2020-10-30 18:24 - 2020-03-19 03:28 - 000000000 ____D C:\Users\17026\AppData\Local\D3DSCache
2020-10-30 14:05 - 2020-04-06 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2020-10-30 14:05 - 2020-03-19 09:04 - 000000000 ____D C:\ProgramData\HP
2020-10-30 08:39 - 2020-03-08 16:57 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2020 01
Ran by 17026 (23-11-2020 13:17:16)
Running from C:\Users\17026\Desktop
Windows 10 Home Version 1909 18363.657 (X64) (2020-03-09 00:42:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
17026 (S-1-5-21-4056018188-887826847-156463569-1001 - Administrator - Enabled) => C:\Users\17026
Administrator (S-1-5-21-4056018188-887826847-156463569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4056018188-887826847-156463569-503 - Limited - Disabled)
Guest (S-1-5-21-4056018188-887826847-156463569-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4056018188-887826847-156463569-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Belarc Advisor 9.7 (HKLM-x32\...\Belarc Advisor) (Version: 9.7.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.74 - Piriform)
Dashlane (HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Dashlane) (Version: 6.2044.0.40862 - Dashlane, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.66 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Heroes Of Hellas (HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Heroes Of Hellas) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.18.312 - SurfRight B.V.)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5107 - Intel Corporation)
Island Tribe 2 (HKLM-x32\...\Island Tribe 2_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Javelin (HKLM-x32\...\Javelin PDF reader 1.021_is1) (Version: - )
Microsoft OneDrive (HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
RealDownloader (HKLM-x32\...\{F1FFBA3D-C08F-41E4-98B2-07144A4928A9}) (Version: 18.1.20.206 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.20 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.1.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.5 - VS Revo Group, Ltd.)
Show Me Excel 2007 and 2003 (HKLM-x32\...\{1372A74C-58C7-49BC-8AD2-649A30FA64CE}) (Version: 1.00 - GSPNA)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.45.4.0_x86__kgqvnymyfvs32 [2020-10-24] (king.com)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.4.9.0_x86__xcg28tkrsnqww [2020-09-24] (Cool File Viewer)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.48.4.0_x86__kgqvnymyfvs32 [2020-11-05] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-05] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-22] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-30] (Microsoft Corporation)
Your Phone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20101.99.0_x64__8wekyb3d8bbwe [2020-11-13] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4056018188-887826847-156463569-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-06-22] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpcontextmenu.dll [2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-06-22] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\17026\Desktop\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\17026\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0A5BA9A0 [113]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2020-03-04] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2020-03-04] (RealNetworks, Inc. -> RealDownloader)
IE Session Restore: HKU\S-1-5-21-4056018188-887826847-156463569-1001 -> is enabled.
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2020-10-15] (Belarc, Inc. -> Belarc, Inc.)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2020-03-08 17:05 - 2020-03-08 17:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\Control Panel\Desktop\\Wallpaper -> E:\ASUS\Pictures\bathseba rock.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{068BBBB8-64D3-4501-9CB9-016420382EDB}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [TCP Query User{CFD26A5E-4EED-4DBA-99C9-B264CB976EE8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{72BB79BC-753F-4B79-82D7-8DFC0B0758AB}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{046C8040-E392-435D-9FEB-C71DB7FEF749}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{FCCE743B-60F5-4123-A7B5-0719DC612F3F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5A95778B-00D5-43C6-9CE9-E1179C3B1631}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C03772ED-FD9D-47F1-8EA7-C3C14ECD1888}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EA52908-3E5F-4B31-A627-B16C45038C29}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E54B758-2EB0-4855-A8E8-20E687955D07}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{65CAC0B5-DC9F-4D58-B637-5526E2EB19BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{58539562-FAA8-4786-B01C-9124D19E2124}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3961371B-8C93-4340-BC5A-69BE67A21D40}] => (Allow) C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.exe (Alawar Entertainment Inc -> )
FirewallRules: [{4799E682-199E-4A68-9232-0DB769EBFE9D}] => (Allow) C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe () [File not signed]
FirewallRules: [{3F6571D8-4219-41A0-AECE-0402C93CAAA5}] => (Allow) C:\Program Files (x86)\Atarata Games\HeroesOfHellas\F2PHttpDaemon.exe => No File
==================== Restore Points =========================
20-11-2020 14:55:54 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/23/2020 01:06:59 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2391408 ms
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message: Error returned from ESIF services interface function call
Participant: TCPU [0]
Domain: PKG [0]
ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance: 0
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
ParticipantIndex = 0; DomainIndex = 0
Policy: ConfigTDP Policy [0]
Error: (11/23/2020 01:06:59 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2391407 ms
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message: Error returned from ESIF services interface function call
Participant: TCPU [0]
Domain: PKG [0]
ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance: 0
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
ParticipantIndex = 0; DomainIndex = 0
Policy: ConfigTDP Policy [0]
Error: (11/23/2020 01:06:59 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2391405 ms
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message: Error returned from ESIF services interface function call
Participant: TCPU [0]
Domain: PKG [0]
ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance: 0
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
ParticipantIndex = 0; DomainIndex = 0
Policy: ConfigTDP Policy [0]
Error: (11/23/2020 01:04:31 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2243212 ms
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message: Error returned from ESIF services interface function call
Participant: TCPU [0]
Domain: PKG [0]
ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance: 0
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
ParticipantIndex = 0; DomainIndex = 0
Policy: ConfigTDP Policy [0]
Error: (11/23/2020 01:04:31 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2243208 ms
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message: Error returned from ESIF services interface function call
Participant: TCPU [0]
Domain: PKG [0]
ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance: 0
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
ParticipantIndex = 0; DomainIndex = 0
Policy: ConfigTDP Policy [0]
Error: (11/23/2020 01:04:31 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2243202 ms
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message: Error returned from ESIF services interface function call
Participant: TCPU [0]
Domain: PKG [0]
ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance: 0
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
ParticipantIndex = 0; DomainIndex = 0
Policy: ConfigTDP Policy [0]
Error: (11/23/2020 01:04:10 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2222175 ms
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message: Error returned from ESIF services interface function call
Participant: TCPU [0]
Domain: PKG [0]
ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance: 0
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
ParticipantIndex = 0; DomainIndex = 0
Policy: ConfigTDP Policy [0]
Error: (11/23/2020 01:04:10 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2222170 ms
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:
DPTF Build Version: 8.7.10200.12510
DPTF Build Date: Nov 5 2019 18:36:19
Source File: c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message: Error returned from ESIF services interface function call
Participant: TCPU [0]
Domain: PKG [0]
ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance: 0
ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
ParticipantIndex = 0; DomainIndex = 0
Policy: ConfigTDP Policy [0]
System errors:
=============
Error: (11/23/2020 06:36:17 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xffffd503d499c028, 0x00000000be000000, 0x000000000100110b). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: c2cc75de-5043-40d5-b702-93b0494ab828.
Error: (11/23/2020 06:35:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:34:11 AM on 11/23/2020 was unexpected.
Error: (11/23/2020 05:23:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:21:23 AM on 11/23/2020 was unexpected.
Error: (11/23/2020 04:45:21 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (11/23/2020 02:39:23 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:12:19 AM on 11/23/2020 was unexpected.
Error: (11/21/2020 11:40:48 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.
Error: (11/21/2020 03:23:46 AM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.
Error: (11/20/2020 04:05:29 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.
Windows Defender:
===================================
Date: 2020-11-23 05:31:25.623
Description:
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-23T13:31:25.623Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1401.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
Date: 2020-11-23 05:14:37.487
Description:
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-23T13:14:37.486Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1401.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
Date: 2020-11-22 23:33:49.508
Description:
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-23T07:33:49.508Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1388.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
Date: 2020-11-22 23:12:58.648
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F20C3697-B42D-48F1-AF09-FFE246690609}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-11-21 00:56:03.806
Description:
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-21T08:56:03.805Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1257.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
Date: 2020-11-22 20:48:39.879
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.1388.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2020-11-22 20:48:39.855
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.1388.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2020-11-22 20:48:39.070
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.1388.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2020-11-22 20:43:53.906
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.1257.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2020-10-30 10:08:18.673
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.
CodeIntegrity:
===================================
Date: 2020-11-18 02:28:50.770
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2020-11-17 13:46:13.609
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2020-11-13 02:29:25.662
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2020-11-12 02:28:23.829
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2020-11-11 02:28:38.705
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2020-11-10 07:23:29.085
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2020-11-08 21:12:45.625
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2020-11-07 02:27:43.229
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
==================== Memory info ===========================
BIOS: American Megatrends Inc. X555LAB.503 08/04/2015
Motherboard: ASUSTeK COMPUTER INC. X555LAB
Processor: Intel® Core i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 82%
Total physical RAM: 3998.71 MB
Available physical RAM: 711.82 MB
Total Virtual: 5982.71 MB
Available Virtual: 1558.75 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:464.44 GB) (Free:424.03 GB) NTFS
\\?\Volume{31f7de28-42ea-4aae-bf3f-5de2b8703daa}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.03 GB) NTFS
\\?\Volume{996bbe23-17fe-48b0-916c-7a5162ce6751}\ () (Fixed) (Total:0.8 GB) (Free:0.31 GB) NTFS
\\?\Volume{a44abeaa-4b3a-4529-8ccf-9725d57ab459}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 35848839)
Partition: GPT.
==================== End of Addition.txt =======================