Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05.2019 Ran by orges (30-05-2019 01:53:33) Running from C:\Users\orges\Downloads\Programs Windows 10 Home Version 1809 17763.503 (X64) (2019-01-08 18:23:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-721970688-1069457685-3330566907-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-721970688-1069457685-3330566907-503 - Limited - Disabled) Guest (S-1-5-21-721970688-1069457685-3330566907-501 - Limited - Disabled) orges (S-1-5-21-721970688-1069457685-3330566907-1001 - Administrator - Enabled) => C:\Users\orges WDAGUtilityAccount (S-1-5-21-721970688-1069457685-3330566907-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.2.476 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) BitTorrent (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\BitTorrent) (Version: 7.10.5.44995 - BitTorrent Inc.) CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source) CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform) Cisco Packet Tracer 7.2 64Bit (HKLM\...\Cisco Packet Tracer 7.2 64Bit_is1) (Version: - Cisco Systems, Inc.) CodeBlocks (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team) Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org) CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.) Dolby Atmos Windows API SDK (HKLM\...\{139C7F29-696B-4EEA-B4AF-2990C2ECF7AD}) (Version: 1.1.7.32 - Dolby Laboratories, Inc.) Dolby Atmos Windows APP (HKLM\...\{D539F055-FFE0-422D-8D57-0D9427E6ABA9}) (Version: 1.1.8.23 - Dolby Laboratories, Inc.) Enthought Canopy (64-bit) (HKLM\...\{75E89CC4-4EFF-403B-9B7A-A2FDF377C1AA}) (Version: 2.1.9.3717 - Enthought, Inc.) Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse) Git version 2.21.0 (HKLM\...\Git_is1) (Version: 2.21.0 - The Git Development Community) GitHub Desktop (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\GitHubDesktop) (Version: 1.6.6 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Intel Driver && Support Assistant (HKLM-x32\...\{1C86244D-6CBD-4067-BD27-1C263B7D5B35}) (Version: 19.4.18.9 - Intel) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden Intel(R) Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6344 - Intel Corporation) Hidden Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.2.1002 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden Intel® Driver & Support Assistant (HKLM-x32\...\{cdfa55ef-79fd-483d-9278-fb714b90b601}) (Version: 19.4.18.9 - Intel) Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{040D9BA0-B5C7-4382-9412-5A0197927A65}) (Version: 16.8.2.1002 - Intel Corporation) IntelliJ IDEA 2018.2.5 (HKLM-x32\...\IntelliJ IDEA 2018.2.5) (Version: 182.4892.20 - JetBrains s.r.o.) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation) Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation) JetBrains PhpStorm 2018.3.3 (HKLM-x32\...\PhpStorm 2018.3.3) (Version: 183.5153.36 - JetBrains s.r.o.) JetBrains PyCharm 2018.3.2 (HKLM-x32\...\PyCharm 2018.3.2) (Version: 183.4886.43 - JetBrains s.r.o.) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.5.1.21 - Wacom Technology Corp.) Lenovo Service Bridge (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.9 - Lenovo) Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0072 - Lenovo) Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) MATLAB R2018b (HKLM\...\Matlab R2018b) (Version: 9.5 - MathWorks) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11601.20230 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\Teams) (Version: 1.2.00.8864 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Miniconda3 4.6.14 (Python 3.7.3 64-bit) (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\Miniconda3 4.6.14 (Python 3.7.3 64-bit)) (Version: 4.6.14 - Anaconda, Inc.) MySQL Workbench 8.0 CE (HKLM\...\{3B1F62A9-98B7-4F2A-8D3E-54FCF192EEAB}) (Version: 8.0.13 - Oracle Corporation) Node.js (HKLM\...\{9A1DA61D-112C-46CE-AB8F-AD31985866F5}) (Version: 10.13.0 - Node.js Foundation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden Oracle VM VirtualBox 6.0.2 (HKLM\...\{55905447-3228-417B-9F9D-6F8AC4D1A15C}) (Version: 6.0.2 - Oracle Corporation) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden PyScripter 3.6.0 (x64) (HKLM\...\PyScripter_is1) (Version: 3.6.0 - PyScripter) Python 3.7.2 (32-bit) (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\{0f40e78b-67e1-4e0c-a2fd-e9325d9dfc82}) (Version: 3.7.2150.0 - Python Software Foundation) Python 3.7.2 Add to Path (32-bit) (HKLM-x32\...\{A0253733-D4C4-4964-AB97-C5C80FCD580F}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Core Interpreter (32-bit) (HKLM-x32\...\{3A09B849-4D48-41AA-9461-112E6CEC405D}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Development Libraries (32-bit) (HKLM-x32\...\{A14E7090-5888-460B-9003-1C3DA5AD3D35}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Documentation (32-bit) (HKLM-x32\...\{D2FA452F-4742-4805-BEB1-AC81ED48F4A8}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Executables (32-bit) (HKLM-x32\...\{D6FF50CC-E41E-4FFB-B7B9-72D71BF00C55}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 pip Bootstrap (32-bit) (HKLM-x32\...\{0D2B3674-3B1E-4281-B5FD-37D700602129}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Standard Library (32-bit) (HKLM-x32\...\{667226B8-23CA-47C1-A070-D3B85E8C9292}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{34AD493A-01AA-4D6A-9229-BF0406F22D14}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Test Suite (32-bit) (HKLM-x32\...\{F0B6A6E9-C7E1-4730-A29D-71C02B800028}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python 3.7.2 Utility Scripts (32-bit) (HKLM-x32\...\{06CE3F8B-A658-462C-AD3D-FA7142297E97}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{FA2A3867-8965-4CF7-83E2-C8960652F5AD}) (Version: 3.7.6565.0 - Python Software Foundation) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - ) Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) Symfony version 1.1.4 (HKLM\...\Symfony_is1) (Version: 1.1.4 - Symfony) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.2558 - TeamViewer) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) XAMPP (HKLM-x32\...\xampp) (Version: 7.2.11-0 - Bitnami) Packages: ========= Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_18.0.12.9_x64__adky2gkssdxte [2019-04-08] (Adobe Systems Incorporated) Arduino IDE -> C:\Program Files\WindowsApps\ArduinoLLC.ArduinoIDE_1.8.21.0_x86__mdqgnx93n4wtt [2019-05-14] (Arduino LLC) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-03-11] (Dolby Laboratories) Earth Day -> C:\Program Files\WindowsApps\Microsoft.EarthDay_2.0.0.0_neutral__8wekyb3d8bbwe [2019-04-13] (Microsoft Corporation) FortiClient -> C:\Program Files\WindowsApps\FortinetInc.FortiClient_1.0.1037.0_x64__sq9g7krz3c65j [2019-01-31] (FORTINET TECHNOLOGIES CANADA INC.) HeidiSQL -> C:\Program Files\WindowsApps\2691AnsgarBeckerSoftwareD.19284136982C_10.1.0.0_x86__peg9cky9b9hfj [2019-03-29] (Ansgar Becker) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa [2019-05-29] (Apple Inc.) Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_7.6.38.0_x64__ss941bf8mfs8a [2019-04-18] (Wacom Technology Corp.) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-26] (LENOVO INC.) LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.52.0_x64__5grkq8ppsgwt4 [2019-04-16] (LENOVO INC) LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-10-04] (LinkedIn) Microsoft To-Do -> C:\Program Files\WindowsApps\Microsoft.Todos_1.57.21415.0_x64__8wekyb3d8bbwe [2019-05-27] (Microsoft Corporation) Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x64__8wekyb3d8bbwe [2019-05-29] (Microsoft Platform Extensions) Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x86__8wekyb3d8bbwe [2019-05-29] (Microsoft Platform Extensions) MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2018-10-13] (Microsoft Corporation) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-20] (Netflix, Inc.) Ubuntu 18.04 LTS -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu18.04onWindows_1804.2019.522.0_x64__79rhkp1fndgsc [2019-05-25] (Canonical Group Limited) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0 CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{04271989-C4D2-E7DA-05E2-BEADE33D9F6D} -> [OneDrive - AMD shpk] => C:\Users\orges\OneDrive - AMD shpk [2019-05-27 21:35] CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3893B5025A66} -> [Creative Cloud Files] => C:\Users\orges\Creative Cloud Files [2019-04-08 21:56] CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\orges\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19071.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel) CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\orges\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19071.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc. -> Tonec Inc.) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-27] () [File not signed] ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-27] () [File not signed] ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7be3d75c5adc8917\igfxDTCM.dll [2018-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\orges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\orges\Miniconda3\Scripts\activate.bat C:\Users\orges\Miniconda3 ==================== Loaded Modules (Whitelisted) ============== 2010-01-02 16:42 - 2010-01-02 16:42 - 000098304 _____ () [File not signed] C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2019-03-26 06:33 - 2019-03-26 06:35 - 035952640 _____ () [File not signed] C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8\Lenovo.Discovery.dll 2019-03-26 06:33 - 2019-03-26 06:35 - 000024064 _____ () [File not signed] C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe 2019-04-30 18:15 - 2018-12-18 03:20 - 001006080 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll 2019-02-27 15:29 - 2019-02-27 15:29 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll 2019-03-15 23:10 - 2018-08-12 21:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll 2018-10-14 15:15 - 2017-05-23 20:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll 2018-10-14 15:15 - 2017-05-23 20:59 - 000478208 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe 2018-10-14 15:15 - 2017-05-23 20:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll 2018-12-19 20:01 - 2018-12-19 20:01 - 001878528 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll 2015-08-28 14:36 - 2019-01-10 20:04 - 003907152 ____R (Tonec Inc. -> Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\sharepoint.com -> hxxps://amdshpk-files.sharepoint.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-12 01:38 - 2019-05-30 01:35 - 000000907 _____ C:\WINDOWS\system32\drivers\etc\hosts 192.168.1.5 web1.google.com 192.168.1.5 w3.facebook.com 192.168.1.5 www.emri.al 2018-10-31 15:30 - 2018-10-31 15:34 - 000000513 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\nodejs\;C:\Program Files\MATLAB\R2018b\runtime\win64;C:\Program Files\MATLAB\R2018b\bin;C:\Program Files\Symfony;C:\Program Files\Git\cmd;C:\xampp\php;C:\ProgramData\ComposerSetup\bin;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL HKU\S-1-5-21-721970688-1069457685-3330566907-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\orges\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "Redirector" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\StartupFolder: => "ZenMate.bat" HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "AceStream" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{7DFCA12E-2A3A-4BD6-BE0C-DFC11E822D21}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> ) FirewallRules: [TCP Query User{F85469F1-182A-462E-84DF-3EB7FC53F574}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> ) FirewallRules: [UDP Query User{3CA4D138-BC73-4990-8C33-0CF05CFC65DC}C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe] => (Block) C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [TCP Query User{7634E13A-8AD1-499F-A5BB-B0C60A8574A1}C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe] => (Block) C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [UDP Query User{E311F2D2-DBFE-40CE-9A5F-F9597B1406C7}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> ) FirewallRules: [TCP Query User{EC1B8BFD-6985-46F2-8D54-B35ED936393E}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> ) FirewallRules: [UDP Query User{916B6FC2-5786-42BD-AD2A-AF694FB880B8}C:\program files\java\jdk1.8.0_181\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_181\bin\java.exe FirewallRules: [TCP Query User{603FFE7A-E307-4CB3-900C-6AC0735E9E3D}C:\program files\java\jdk1.8.0_181\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_181\bin\java.exe FirewallRules: [UDP Query User{DE25F9AE-93F8-4771-8004-E2E8F439686E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [TCP Query User{4E44C440-41F2-4B93-84F5-FF86979AF5B2}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [UDP Query User{0D81EC6B-8C9E-493F-9B5D-2159B5715DFF}C:\program files\java\jdk1.8.0_181\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_181\bin\java.exe FirewallRules: [TCP Query User{7DADCA95-DB69-42A0-8922-59AE1D6A67D8}C:\program files\java\jdk1.8.0_181\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_181\bin\java.exe FirewallRules: [UDP Query User{2F397FFB-3A37-4A4D-AA11-C961268EB543}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [TCP Query User{87163544-F767-411D-B487-1CC407472D7D}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [UDP Query User{93F8E61C-C420-414F-9974-304344895A21}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{B9A972C7-F476-47E1-8C3B-38D803F2D102}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{0C7F5EEB-DA6A-49E0-9F2F-28275BBAA02A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{0E03D152-6C32-4010-B326-C1152B573F7D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [UDP Query User{5F578606-C3E7-4580-8E38-411E2E588903}C:\users\orges\eclipse\java-2018-09\eclipse\eclipse.exe] => (Block) C:\users\orges\eclipse\java-2018-09\eclipse\eclipse.exe () [File not signed] FirewallRules: [TCP Query User{0419B993-15E1-4205-9D27-ADF47D5D9218}C:\users\orges\eclipse\java-2018-09\eclipse\eclipse.exe] => (Block) C:\users\orges\eclipse\java-2018-09\eclipse\eclipse.exe () [File not signed] FirewallRules: [UDP Query User{1C1CF22A-D666-47B3-B985-45C8FD9A2834}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [TCP Query User{88D030C5-7FFC-4F42-AEC8-3C35D3A9C28E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [{70CDB6E8-49D6-4765-9065-86B5647D5E51}] => (Allow) C:\Users\orges\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{086E525E-338D-4379-AD42-5C256B9E8249}] => (Allow) C:\Users\orges\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F5D21E85-290B-4E29-B038-E2867B6BDCD2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4FF87FC7-4453-439C-B0DA-00979FB30D06}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20150.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8A474EB0-83B7-4B2A-96EC-7EC5FF7E34B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{EE206DF2-8DD5-4A2F-9E95-448EF4CDDD25}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{5A1CC2F3-F28B-41C2-89E5-F90B6795D003}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{CEC1CC21-D849-49B1-BD2D-137DC4F7B833}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [UDP Query User{47A8BDC3-D3A8-4C6A-8AFE-753762843D24}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{5F08ACF4-F53D-4377-A3D6-9B85FAB2DE05}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{5196893D-0E39-490E-AF72-D851C4DE0D8C}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{FA88D58F-A2BB-4ECC-AB2E-95AE89FC3069}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{2E032932-5445-4BA7-84C0-1BE95C3A89BD}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{E025AF22-5D13-4FAE-A007-A4F3B4337A57}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [TCP Query User{525A4969-21E1-417E-B0A1-A4A5F5B9B057}C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc) FirewallRules: [UDP Query User{D1E4547C-EB47-463B-AE4D-BDC3EF540998}C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc) FirewallRules: [{F6891D8E-5D0C-4C0C-AF4D-9D7CDE8B1A9E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{0410E43E-D520-475A-BA78-BE1D566BD82E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [TCP Query User{0EE0FFEB-08EC-40A5-A4BD-564F0816D1E8}C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc) FirewallRules: [UDP Query User{13EAC773-9DD9-4462-A8E8-3705FCF2346F}C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc) FirewallRules: [TCP Query User{75A5C39F-2C00-4884-A147-44BA1517732E}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) [File not signed] FirewallRules: [UDP Query User{2D21CE2F-278E-4B1D-A06C-F3124346EAD0}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) [File not signed] FirewallRules: [TCP Query User{42E83B58-1D90-43B4-9E81-D880CE204F57}C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [UDP Query User{A3CD1B93-E814-43BF-8A7C-48E18C1A9813}C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [TCP Query User{7B77D4F1-4E9B-4DC6-A0F5-5B6FEE95E956}C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [UDP Query User{21F2F13A-17DB-4E8F-803B-DD5104561C8F}C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [TCP Query User{7E552667-565F-4C8D-868B-4DC74B19FF1A}C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe] => (Allow) C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [UDP Query User{7B9C71E0-5F65-4A14-9112-E1178EAD2914}C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe] => (Allow) C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [TCP Query User{8CBB5785-B34F-446E-9342-84D2EC474CF5}C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [UDP Query User{53F89281-AB24-4446-BD57-FFA84E700D73}C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [{8F8652CE-C1F8-43D3-9710-5676AC1FE36A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{EAB4012A-AB4B-43E8-B37F-2B3FA06589FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{9023A1A2-4C87-4844-B60D-2BEF3399ACAE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{CB3A0B98-7A4D-439F-9497-F086435B895B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [TCP Query User{7C0D7B3B-AB17-4EBF-A41B-A87268318CBA}C:\users\orges\desktop\orges balla\godot game\godot_v2.1.3-stable_win32.exe] => (Allow) C:\users\orges\desktop\orges balla\godot game\godot_v2.1.3-stable_win32.exe (Godot Engine) [File not signed] FirewallRules: [UDP Query User{A58E6CB2-B465-4DEE-912B-376F64FBB2E1}C:\users\orges\desktop\orges balla\godot game\godot_v2.1.3-stable_win32.exe] => (Allow) C:\users\orges\desktop\orges balla\godot game\godot_v2.1.3-stable_win32.exe (Godot Engine) [File not signed] FirewallRules: [TCP Query User{034C0B9A-00FE-4B7B-A667-B53FE966C57F}C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe FirewallRules: [UDP Query User{16432141-7E89-4443-9611-29F752DFC6C9}C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe FirewallRules: [TCP Query User{BA3CC4FF-D189-4914-9E5A-0BF4E371406F}C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [UDP Query User{AE2D511A-D8B2-43DE-8C62-2C2CB28D89D3}C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [TCP Query User{54CE52DB-18EA-4913-AB66-A8799C0DCD6A}C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe FirewallRules: [UDP Query User{C2AEA904-8667-4C88-90B1-C7008A0EBB15}C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe FirewallRules: [TCP Query User{B67E9301-7A99-4994-913F-98025CC03E46}C:\users\orges\appdata\local\programs\python\python37-32\python.exe] => (Allow) C:\users\orges\appdata\local\programs\python\python37-32\python.exe (Python Software Foundation -> Python Software Foundation) FirewallRules: [UDP Query User{FB44E108-DF55-4986-B3B5-20476343CE9B}C:\users\orges\appdata\local\programs\python\python37-32\python.exe] => (Allow) C:\users\orges\appdata\local\programs\python\python37-32\python.exe (Python Software Foundation -> Python Software Foundation) FirewallRules: [TCP Query User{7F894D5C-1FDE-4E47-A1B2-9A8569FACCD3}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe FirewallRules: [UDP Query User{5538AA71-FFE2-4220-B90B-0E29429C1F63}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe FirewallRules: [TCP Query User{B21BA900-0DBF-42ED-AC89-F4DC0624FC32}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe FirewallRules: [UDP Query User{2EE81EDD-9580-49ED-A511-4DF64A3EF97B}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe FirewallRules: [{CF7E678D-5DC7-474E-9FD3-593E9F235EDF}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{86480A39-EB03-4BA1-9D68-EF98D7BAC7E3}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{C55D5B51-C87D-4C8C-9477-5CD8364741EE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B8C77008-2D70-411D-83A4-69225E9A6962}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{9385D944-E3A0-419A-8076-1FA50E3B69F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{175494E6-6229-465A-AE84-C98C287D3A76}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3F9BDE81-892B-4F8F-A26D-362DDB3EAF92}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{CA11984F-0F1B-416B-9469-7FD2FF6E8991}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4BA30F31-0059-46A3-8675-EDE8A535E3C7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6DEE6C77-4086-4E94-B48D-914864B4AA45}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{54FFFBFC-20B3-4B67-8D5E-423F38C81FE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) ==================== Restore Points ========================= 15-05-2019 21:30:25 Installed Enthought Canopy (64-bit) 26-05-2019 12:36:40 Scheduled Checkpoint 30-05-2019 01:34:51 Removed FortiClient ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/30/2019 01:54:21 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (05/30/2019 01:53:12 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (05/30/2019 01:48:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.17763.348, time stamp: 0xa0a39b52 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x1a1c Faulting application start time: 0x01d5167908b1a421 Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE Faulting module path: unknown Report Id: 5ecd0142-f9f0-43f7-9851-ab22210ef3c0 Faulting package full name: Faulting package-relative application ID: Error: (05/30/2019 01:43:13 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (05/30/2019 01:42:03 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (05/30/2019 01:36:52 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.17763.348, time stamp: 0xa0a39b52 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x169c Faulting application start time: 0x01d5167764691cab Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE Faulting module path: unknown Report Id: e64df7fd-8f00-4105-ba6f-7f4742c4a47d Faulting package full name: Faulting package-relative application ID: Error: (05/30/2019 01:30:52 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (05/30/2019 01:29:42 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. System errors: ============= Error: (05/30/2019 01:50:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/30/2019 01:50:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/30/2019 01:50:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/30/2019 01:49:32 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GT66B45) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-GT66B45\orges SID (S-1-5-21-721970688-1069457685-3330566907-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/30/2019 01:48:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK service terminated unexpectedly. It has done this 1 time(s). Error: (05/30/2019 01:48:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Energy Server Service queencreek service terminated unexpectedly. It has done this 1 time(s). Error: (05/30/2019 01:48:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (05/30/2019 01:48:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The System Update service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2019-05-30 01:15:10.515 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {E535F369-0EFF-445C-A575-89CE0CF176E9} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2019-05-30 00:30:43.040 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {9ACC4FBC-3DD4-48C8-A24D-088D15516DC3} Scan Type: Antimalware Scan Parameters: Custom Scan Date: 2019-05-30 00:23:22.331 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.A!ml&threatid=2147735506&enterprise=0 Name: Trojan:Win32/Conteban.A!ml ID: 2147735506 Severity: Severe Category: Trojan Path: file:_C:\ProgramData\Logic Cramble\set.exe; process:_pid:16956,ProcessStart:132036419360931633 Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: C:\ProgramData\Logic Cramble\set.exe Signature Version: AV: 1.293.2508.0, AS: 1.293.2508.0, NIS: 1.293.2508.0 Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4 Date: 2019-05-30 00:23:04.044 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.A!ml&threatid=2147735506&enterprise=0 Name: Trojan:Win32/Conteban.A!ml ID: 2147735506 Severity: Severe Category: Trojan Path: file:_C:\ProgramData\Logic Cramble\set.exe; process:_pid:16956,ProcessStart:132036419360931633 Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: C:\ProgramData\Logic Cramble\set.exe Signature Version: AV: 1.293.2508.0, AS: 1.293.2508.0, NIS: 1.293.2508.0 Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4 Date: 2019-05-30 00:22:43.080 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.A!ml&threatid=2147735506&enterprise=0 Name: Trojan:Win32/Conteban.A!ml ID: 2147735506 Severity: Severe Category: Trojan Path: file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\ProgramData\Logic Cramble\set.exe; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore->(UTF-16LE); file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA->(UTF-16LE); process:_pid:16956,ProcessStart:132036419360931633; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57AA4BE5-A220-46E0-A599-2BDC0E4DB9EC}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFF0C59B-7745-4FA8-9508-BA8DB298DF53}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA; service:_backlh; service:_gupdate; service:_gupdatem; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA Detection Origin: Local machine Detection Type: FastPath Detection Source: User Process Name: C:\ProgramData\Logic Cramble\set.exe Signature Version: AV: 1.293.2508.0, AS: 1.293.2508.0, NIS: 1.293.2508.0 Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4 Date: 2019-05-30 01:15:56.957 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2019-05-30 00:19:20.947 Description: Windows Defender Antivirus has encountered an error trying to upload a suspicious file for further analysis. Filename: C:\Users\orges\AppData\Local\Temp\PHqul0l3olZkuU0A\e4504dbfd68f03505569157841e10fa5.exe Sha256: Current Signature Version: AV: 1.293.2508.0, AS: 1.293.2508.0 Current Engine Version: 1.1.15900.4 Error code: 0x80508016 Date: 2019-05-30 00:19:20.924 Description: Windows Defender Antivirus has encountered an error trying to upload a suspicious file for further analysis. Filename: C:\Users\orges\AppData\Local\Temp\ULkQMl7Og1tcKjjM\c9982f3c5cba25e37e3ef8ff91edc2f1.exe Sha256: Current Signature Version: AV: 1.293.2508.0, AS: 1.293.2508.0 Current Engine Version: 1.1.15900.4 Error code: 0x80508016 Date: 2019-05-29 11:55:10.540 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.293.2434.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15900.4 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-05-27 13:56:04.883 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.293.2345.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15900.4 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-05-30 00:42:45.719 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-05-30 00:42:45.710 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-05-30 00:42:45.704 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-05-30 00:42:45.697 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-05-30 00:42:45.681 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-05-30 00:42:45.674 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-05-30 00:42:45.669 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-05-30 00:42:45.518 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. ==================== Memory info =========================== BIOS: LENOVO 7KCN28WW(V1.09) 11/21/2018 Motherboard: LENOVO LNVNB161216 Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz Percentage of memory in use: 65% Total physical RAM: 8007.89 MB Available physical RAM: 2800.32 MB Total Virtual: 14151.89 MB Available Virtual: 8128.05 MB ==================== Drives ================================ Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:58.36 GB) NTFS \\?\Volume{54055fb3-7e89-4123-84a8-7e407377b846}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS \\?\Volume{0a1cc5a2-de35-4c46-b106-1cad45fe655f}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 8FC42C0F) Partition: GPT. ==================== End of Addition.txt ============================