Hello guys,
While downloading a program, I got infected by this trojan Bearfoos.A!ml.
It keeps running scripts to get more malwares so the CPU is busy.
How can I remove it?
Thank you,
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Hello guys,
While downloading a program, I got infected by this trojan Bearfoos.A!ml.
It keeps running scripts to get more malwares so the CPU is busy.
How can I remove it?
Thank you,
It seems that the virus is gone. But still every time I open chrome an extension is installed. Therefore I think the bad guys are still there.
I am sending the new FRST files in case something changed.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05.2019
Ran by orges (administrator) on DESKTOP-GT66B45 (LENOVO 81CU) (30-05-2019 01:52:42)
Running from C:\Users\orges\Downloads\Programs
Loaded Profiles: orges (Available Profiles: orges)
Platform: Windows 10 Home Version 1809 17763.503 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.1000_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.29.22003.0_x64__8wekyb3d8bbwe\GameBar.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.29.22003.0_x64__8wekyb3d8bbwe\GameBarFT.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7be3d75c5adc8917\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7be3d75c5adc8917\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7be3d75c5adc8917\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7be3d75c5adc8917\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_11139e42ea3f60f6\RstMwService.exe
(Intel® Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel® Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel® Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel® Trust Services -> Intel® Corporation) C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe
(Lenovo (Beijing) Co., Ltd. -> Lenovo) C:\Windows\System32\YMC.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\orges\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.52.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LITSSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.1000_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11904.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Tonec Inc. -> Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ec7e2e39054ef080\WTabletServiceISD.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ec7e2e39054ef080\WTabletServiceISD.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18387808 2018-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503592 2018-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503592 2018-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [318920 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2622520 2019-05-19] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35254672 2019-03-22] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\Run: [BitTorrent] => C:\Users\orges\AppData\Roaming\BitTorrent\BitTorrent.exe [1744064 2019-03-10] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\orges\AppData\Local\Microsoft\Teams\Update.exe [1802480 2019-04-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2019-01-10] (Tonec Inc. -> Tonec Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-30] (Google LLC -> Google Inc.)
Startup: C:\Users\orges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2018-11-06] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {000B02EE-0A7F-457E-BC03-33D663064EE7} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {1D71BD8A-A477-40BE-AB49-B848570B8A78} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {21976AB1-BBD5-4FD2-B161-908BA9A54BD0} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-orgesballa13199011@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {34A3AE5C-F576-4668-AEDE-08F012C425D9} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {37AD2438-9B72-4A8F-8A91-41DC92880744} - System32\Tasks\Lenovo\Lenovo ITS PnP Task => C:\WINDOWS\System32\LITSSvc.exe [930312 2018-09-12] (Lenovo -> Lenovo.)
Task: {37BAE7C0-C5C3-463D-812C-FE1A6EA128D3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {39A43215-9D9E-473C-A081-24EB9C58C2F7} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {3A4105EF-DAD0-4CA7-912D-6D23CC840EDD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {405C9589-80C6-4D19-A6DF-E4F4F2062F7C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CD91E50-0EAD-4369-B3D4-7DEF75C42C4D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DFB937B-8FAA-449D-A189-034A214A78E2} - System32\Tasks\MATLAB R2018b Startup Accelerator => C:\Program Files\MATLAB\R2018b\bin\win64\MATLABStartupAccelerator.exe [57344 2018-07-11] () [File not signed]
Task: {542976AB-0615-48CA-B8CD-44948B708069} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {56041A39-E7C7-419C-94A0-F459B741C8F7} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-721970688-1069457685-3330566907-1001 => C:\Users\orges\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [116520 2019-05-14] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {6566A715-AE4B-493A-A06F-395DA5E95E02} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {69F9E07D-B68B-4508-B0F3-35318E3550E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-30] (Google Inc -> Google LLC)
Task: {7A6B44CB-D939-407F-86B4-36D3ABA87EFC} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8c3bb163-34e7-4af4-8371-7ca91ef19de8 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {83AB4479-7140-41C8-B842-30A763701D18} - System32\Tasks\Lenovo\Lenovo YMC Uninstall Task => C:\WINDOWS\System32\YMC.exe [231984 2018-05-01] (Lenovo (Beijing) Co., Ltd. -> Lenovo)
Task: {862FE50D-E1E9-481F-9F9A-653C5B77277E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {882BA856-736F-4173-A3DA-06BCCEA13428} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8B144119-0FAC-4E29-8CFA-E2121004954E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D657247-8C6A-4987-9C51-3BD71E0D077B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\fc0f1c78-58e1-4d28-843e-bb56177e9da3 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {9230DE21-8784-4EDC-9418-83A97BC05519} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\260273fb-889b-4d31-ae27-4d80c02858ef => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {93D4753D-3ACF-4C07-A745-659856641693} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {9E5A6679-4674-4A01-8D51-400A36C00D86} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758536 2018-03-26] (Lenovo -> )
Task: {A3B0B88E-3D47-4EA1-9CCF-767C5583D675} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {B9A3F82A-C0EF-4D3F-AF7A-39A92613150C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {BCF9F8C2-FC41-46A9-95D2-2158DA6FAF9A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {C4128A01-3EB5-435F-9CC8-3937AFF2034E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149440 2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5CDC2B7-4C3A-4610-A42E-F164018A09CB} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [1697848 2018-06-12] (McAfee, Inc. -> McAfee, Inc.)
Task: {C8B1439A-5F46-4D80-93C1-73EAAA6D8499} - System32\Tasks\RTFTrack => C:\WINDOWS\RTFTrack.exe [5463008 2017-10-29] (Realtek Semiconductor Corp. -> Realtek semiconductor)
Task: {CB01184D-49BD-4C89-9319-E8C808497E11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16494464 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E10EED46-81AB-402F-9484-185E3E11CDE2} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [225248 2017-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
Task: {EAF177E1-0530-432D-8C00-DA1F303818E1} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {EC80862A-7D37-4916-B8A5-C006C4A2EF09} - System32\Tasks\update-S-1-5-21-721970688-1069457685-3330566907-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {EE9540CA-25D0-41D2-9D24-2721D6FF3BF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-30] (Google Inc -> Google LLC)
Task: {F21D6568-CB16-4D45-8B2C-902B1460C759} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758536 2018-03-26] (Lenovo -> )
Task: {F34AE52D-4DEC-4981-BB11-29F0D1B566E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {F609F336-4703-4FFB-9905-085E5A222CE8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149440 2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\MATLAB R2018b Startup Accelerator.job => C:\Program Files\MATLAB\R2018b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-721970688-1069457685-3330566907-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{dba16106-463c-47dd-b551-1ad634c1c666}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-721970688-1069457685-3330566907-1001 -> {220A8DD4-1525-450F-BF4A-186DCC81ECD1} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-08-28] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-05-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-08-28] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-10-25] [Legacy]
FF HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\orges\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\orges\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\orges\AppData\Roaming\IDM\idmmzcc5 [2019-05-30] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-05-19] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-05-19] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.facebook.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default [2019-05-30]
CHR Extension: (Slides) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-30]
CHR Extension: (Docs) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-30]
CHR Extension: (Google Drive) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-30]
CHR Extension: (DuckDuckGo) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2019-05-30]
CHR Extension: (YouTube) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-30]
CHR Extension: (Sheets) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-30]
CHR Extension: (EditThisCookie) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2019-05-30]
CHR Extension: (Google Docs Offline) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-30]
CHR Extension: (AdBlock) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-30]
CHR Extension: (Clear Cache Shortcut) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnajhcakejgchhbjlchkfmdidgjefleg [2019-05-30]
CHR Extension: (Grammarly for Chrome) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-05-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-30]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2019-05-30]
CHR Extension: (Gmail) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\orges\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-30]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-28]
CHR HKLM-x32\...\Chrome\Extension: [hjdkfkdkokphfploiiddakjokndinfgb] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-05-19] (Adobe Inc. -> Adobe Inc.)
R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-11-28] (Intel® Software Development Products -> Intel Corporation)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-02-14] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11147336 2019-05-15] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-09-19] (Dolby Laboratories, Inc. -> )
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [26472 2019-05-02] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [72552 2019-05-02] (IDSA Production signing key -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2018-10-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1855976 2018-07-07] (Intel Corporation -> Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel® Software Development Products -> )
S4 HfcDisableService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_11139e42ea3f60f6\HfcDisableService.exe [1709936 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2832240 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16840 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
R3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [775904 2018-09-14] (Intel® Trust Services -> Intel® Corporation)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [705760 2018-09-14] (Intel® Trust Services -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [218176 2018-11-16] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LITSSVC; C:\WINDOWS\System32\LITSSvc.exe [930312 2018-09-12] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_11139e42ea3f60f6\RstMwService.exe [1968496 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [266080 2018-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [687552 2018-06-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [195832 2018-12-19] (Intel® Software Development Products -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11791704 2019-03-18] (TeamViewer GmbH -> TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel® Software Development Products -> )
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [690424 2019-01-14] (Oracle Corporation -> Oracle Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WTabletServiceISD; C:\WINDOWS\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ec7e2e39054ef080\WTabletServiceISD.exe [2992064 2018-02-23] (Wacom Technology Corporation -> Wacom Technology, Corp.)
R2 YMC; C:\WINDOWS\System32\YMC.exe [231984 2018-05-01] (Lenovo (Beijing) Co., Ltd. -> Lenovo)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [78680 2018-05-01] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [71000 2018-05-01] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [402264 2018-05-01] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 H2OFFT; C:\WINDOWS\System32\drivers\H2OFFT64.sys [71424 2018-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software)
S3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2018-09-05] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98864 2018-06-11] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094000 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [72560 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTKVHD64.sys [6323552 2018-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-05-30] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-05-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-05-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-05-30] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [758216 2018-06-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3236320 2017-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [9353552 2018-08-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-12-19] (Intel Corporation -> )
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [235832 2019-01-14] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [247216 2019-01-14] (Oracle Corporation -> Oracle Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [37920 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R3 WacHIDRouterISD; C:\WINDOWS\System32\drivers\WacHIDRouterISD.sys [79296 2018-02-23] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-30 01:48 - 2019-05-30 01:48 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-05-30 01:48 - 2019-05-30 01:48 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-05-30 01:48 - 2019-05-30 01:48 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-05-30 01:48 - 2019-05-30 01:48 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-05-30 01:42 - 2019-05-30 01:42 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-30 01:42 - 2019-05-30 01:42 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-30 01:40 - 2019-05-30 01:40 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-30 01:40 - 2019-05-30 01:40 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-30 01:34 - 2019-05-30 01:36 - 000000000 ____D C:\AdwCleaner
2019-05-30 01:34 - 2019-05-30 01:34 - 007025360 _____ (Malwarebytes) C:\Users\orges\Downloads\AdwCleaner.exe
2019-05-30 01:16 - 2019-05-30 01:16 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-05-30 01:04 - 2019-05-30 01:52 - 000000000 ____D C:\FRST
2019-05-30 01:02 - 2019-05-30 01:15 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-05-30 00:36 - 2019-05-30 00:36 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-30 00:36 - 2019-05-30 00:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-30 00:36 - 2019-05-30 00:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-30 00:36 - 2019-05-30 00:36 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-30 00:36 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-30 00:36 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-30 00:33 - 2019-05-30 00:34 - 063182216 _____ (Malwarebytes ) C:\Users\orges\Downloads\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
2019-05-30 00:19 - 2019-05-30 00:19 - 000000000 ____D C:\Users\orges\AppData\Roaming\Mozilla
2019-05-30 00:18 - 2019-05-30 00:18 - 000126464 _____ C:\Users\orges\AppData\Local\lobby.dat
2019-05-30 00:18 - 2019-05-30 00:18 - 000054272 _____ C:\Users\orges\AppData\Local\ApplicationHosting.dat
2019-05-30 00:17 - 2019-05-30 00:17 - 000722944 _____ C:\Users\orges\AppData\Local\sha.db
2019-05-30 00:17 - 2019-05-30 00:17 - 000140800 _____ C:\Users\orges\AppData\Local\installer.dat
2019-05-29 00:14 - 2019-05-29 00:14 - 005430604 _____ C:\Users\orges\Downloads\WhatsApp Video 2019-05-29 at 12.12.36 AM.mp4
2019-05-29 00:08 - 2019-05-29 00:08 - 007579240 _____ C:\Users\orges\Downloads\WhatsApp Video 2019-05-29 at 12.05.57 AM.mp4
2019-05-29 00:01 - 2019-05-29 00:01 - 004819261 _____ C:\Users\orges\Downloads\WhatsApp Video 2019-05-28 at 7.33.44 PM.mp4
2019-05-28 12:34 - 2019-05-28 12:34 - 000076383 _____ C:\Users\orges\Downloads\robot.zip
2019-05-28 12:33 - 2019-05-28 12:33 - 000154844 _____ C:\Users\orges\Downloads\Matlab Tutorial 7.pdf
2019-05-28 12:33 - 2019-05-28 12:33 - 000154844 _____ C:\Users\orges\Downloads\Matlab Tutorial 7 (1).pdf
2019-05-27 22:06 - 2019-05-27 22:07 - 000000000 ____D C:\Users\orges\Downloads\Game.of.Thrones.S08E00.WEBRip.x264-ION10
2019-05-27 22:05 - 2019-05-27 22:05 - 000011580 _____ C:\Users\orges\Downloads\Game.of.Thrones.S08E00.WEBRip.x264-ION10-[rarbg.to].torrent
2019-05-27 21:35 - 2019-05-30 00:11 - 000000000 ___RD C:\Users\orges\OneDrive - AMD shpk
2019-05-27 21:12 - 2019-05-27 21:13 - 049530768 _____ (Lenovo ) C:\Users\orges\Downloads\lma15116.exe
2019-05-27 21:12 - 2019-05-27 21:12 - 000682143 _____ C:\Users\orges\Downloads\Matlab Tutorial 5.pdf
2019-05-27 21:08 - 2019-05-27 21:08 - 006427104 _____ (Lenovo Group Limited ) C:\Users\orges\Downloads\j3yb03af086l.exe
2019-05-27 21:06 - 2019-05-27 21:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\TVT
2019-05-27 21:06 - 2019-05-27 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
2019-05-27 21:05 - 2019-05-27 21:07 - 000000000 ____D C:\Users\orges\Downloads\PARTD
2019-05-27 21:05 - 2019-05-27 21:05 - 000075337 _____ C:\Users\orges\Downloads\PARTD.zip
2019-05-27 21:01 - 2018-07-31 13:39 - 000071424 _____ (Insyde Software) C:\WINDOWS\system32\Drivers\H2OFFT64.sys
2019-05-27 20:47 - 2019-05-27 20:47 - 000075301 _____ C:\Users\orges\Downloads\LAB.zip
2019-05-27 20:38 - 2019-05-27 21:07 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-05-27 20:31 - 2019-05-27 20:31 - 002718120 _____ (Lenovo ) C:\Users\orges\Downloads\LSBSetup.exe
2019-05-27 13:51 - 2019-05-27 13:51 - 000010405 _____ C:\Users\orges\Downloads\Arduino-PID-Library-master.zip
2019-05-27 13:35 - 2019-05-27 13:35 - 000000000 ____D C:\Users\orges\.jssc
2019-05-27 13:06 - 2019-05-27 13:06 - 000000000 ____D C:\Users\orges\Downloads\FP6ODYEISCB499Y (2)
2019-05-26 16:16 - 2019-05-26 16:16 - 004022551 _____ C:\Users\orges\Downloads\CoolAdmin-master.zip
2019-05-26 09:20 - 2019-05-26 14:05 - 000000000 ____D C:\Users\orges\Desktop\casia
2019-05-26 09:19 - 2019-05-26 09:19 - 008026585 _____ C:\Users\orges\Downloads\casia.7z
2019-05-24 12:35 - 2019-05-24 12:35 - 000000000 ____D C:\Users\orges\.conda
2019-05-24 12:28 - 2019-05-24 12:28 - 000000000 ____D C:\Users\orges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2019-05-24 12:26 - 2019-05-24 12:35 - 000000000 ____D C:\Users\orges\Miniconda3
2019-05-24 12:23 - 2019-05-24 12:26 - 061209368 _____ (Anaconda, Inc.) C:\Users\orges\Downloads\Miniconda3-latest-Windows-x86_64.exe
2019-05-24 12:16 - 2019-05-24 12:16 - 000000000 ____D C:\Users\orges\.keras
2019-05-24 12:08 - 2019-05-26 20:33 - 000000000 ____D C:\Users\orges\Desktop\iris
2019-05-24 12:06 - 2019-01-20 18:35 - 000001203 ____N C:\Users\orges\Desktop\.gitignore
2019-05-24 12:05 - 2019-05-24 12:06 - 015115312 _____ C:\Users\orges\Downloads\IrisRecognition-master.zip
2019-05-24 11:14 - 2019-05-24 11:14 - 027660308 _____ C:\Users\orges\Downloads\Deep_Learning_for_Computer_Vision_with_Python_Dr_Adrian_Rosebrock_2017_PDF_ENG.pdf
2019-05-24 10:29 - 2019-05-24 10:29 - 025920229 _____ C:\Users\orges\Downloads\Meetly_Code-master (1).zip
2019-05-24 09:54 - 2019-05-24 09:55 - 000000000 ___HD C:\adobeTemp
2019-05-22 13:04 - 2019-05-22 13:04 - 000002254 _____ C:\Users\orges\Desktop\Renato Muho - Exercise 2.c
2019-05-22 13:01 - 2019-05-22 13:01 - 000002339 _____ C:\Users\orges\Downloads\deadlock3(1) (1).c
2019-05-22 12:54 - 2019-05-22 12:54 - 000002339 _____ C:\Users\orges\Downloads\Renato Muho - Exercise 2.c
2019-05-21 21:43 - 2019-05-21 21:43 - 000002434 _____ C:\Users\orges\Downloads\deadlock2.c
2019-05-21 21:43 - 2019-05-21 21:43 - 000002335 _____ C:\Users\orges\Downloads\deadlock3.c
2019-05-21 21:43 - 2019-05-21 21:43 - 000002251 _____ C:\Users\orges\Downloads\deadlock.c
2019-05-21 10:29 - 2019-05-21 10:29 - 000657842 _____ C:\Users\orges\Downloads\Quiz 2.pdf
2019-05-19 19:10 - 2019-05-19 19:10 - 000059285 _____ C:\Users\orges\Downloads\WhatsApp Image 2019-05-19 at 6.21.12 PM.jpeg
2019-05-19 19:10 - 2019-05-19 19:10 - 000052535 _____ C:\Users\orges\Downloads\WhatsApp Image 2019-05-19 at 6.21.11 PM.jpeg
2019-05-19 19:10 - 2019-05-19 19:10 - 000047259 _____ C:\Users\orges\Downloads\WhatsApp Image 2019-05-19 at 6.21.13 PM (1).jpeg
2019-05-19 19:10 - 2019-05-19 19:10 - 000041669 _____ C:\Users\orges\Downloads\WhatsApp Image 2019-05-19 at 6.21.12 PM (1).jpeg
2019-05-19 19:10 - 2019-05-19 19:10 - 000040986 _____ C:\Users\orges\Downloads\WhatsApp Image 2019-05-19 at 6.21.13 PM.jpeg
2019-05-19 17:44 - 2019-05-19 17:44 - 000829343 _____ C:\Users\orges\Downloads\More Frequency Response.pptx
2019-05-19 15:55 - 2019-05-30 00:21 - 000000000 ____D C:\Users\orges\AppData\LocalLow\BitTorrent
2019-05-19 15:55 - 2019-05-19 16:11 - 000000000 ____D C:\Users\orges\Downloads\DeathNote Complete Episodes - DualAudio - EngSubs - DVD H264 AC3 2.0- LaXuS
2019-05-19 12:00 - 2019-05-19 12:00 - 000007388 _____ C:\Users\orges\Downloads\genetic.js
2019-05-18 21:17 - 2019-05-18 21:18 - 000000000 ____D C:\Users\orges\Desktop\flapai-master
2019-05-18 21:17 - 2019-05-18 21:17 - 003389607 _____ C:\Users\orges\Downloads\flapai-master.zip
2019-05-18 14:49 - 2019-05-18 15:06 - 000000000 ____D C:\Users\orges\Desktop\deni
2019-05-17 20:35 - 2019-05-18 17:44 - 000000000 ____D C:\Users\orges\Desktop\neuroevolution
2019-05-17 13:42 - 2019-05-17 13:42 - 007551093 _____ C:\Users\orges\Downloads\Hands On Machine Learning with Scikit Learn and TensorFlow.pdf
2019-05-17 01:26 - 2019-05-17 01:27 - 000000000 ____D C:\Users\orges\Desktop\pybrain
2019-05-17 01:24 - 2019-05-17 01:24 - 000000000 ____D C:\Users\orges\pybrain
2019-05-17 00:49 - 2019-05-17 00:49 - 000768076 _____ C:\Users\orges\Downloads\flappybird-qlearning-bot-master.zip
2019-05-17 00:49 - 2019-05-17 00:49 - 000000000 ____D C:\Users\orges\Downloads\flappybird-qlearning-bot-master
2019-05-17 00:32 - 2019-05-17 00:43 - 000000000 ____D C:\Users\orges\Downloads\flappybird-nn-master
2019-05-17 00:32 - 2019-05-17 00:32 - 000005110 _____ C:\Users\orges\Downloads\flappybird-nn-master.zip
2019-05-17 00:04 - 2019-05-17 00:04 - 000026265 _____ C:\Users\orges\Downloads\mlrose-1.2.0-py3-none-any.whl
2019-05-15 21:56 - 2019-05-15 21:56 - 026807808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 023438848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 019022336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 005498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-15 21:56 - 2019-05-15 21:56 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-15 21:56 - 2019-05-15 21:56 - 002780000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-15 21:56 - 2019-05-15 21:56 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001699496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-15 21:56 - 2019-05-15 21:56 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001342608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-15 21:56 - 2019-05-15 21:56 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000586280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-05-15 21:56 - 2019-05-15 21:56 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 21:56 - 2019-05-15 21:56 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-15 21:56 - 2019-05-15 21:56 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-15 21:56 - 2019-05-15 21:56 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-15 21:56 - 2019-05-15 21:56 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-15 21:56 - 2019-05-15 21:56 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-15 21:56 - 2019-05-15 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-05-15 21:56 - 2019-05-15 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-05-15 21:56 - 2019-05-15 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-05-15 21:56 - 2019-05-15 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-05-15 21:56 - 2019-05-15 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-05-15 21:56 - 2019-05-15 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-05-15 21:56 - 2019-05-15 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-05-15 21:56 - 2019-05-15 21:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-05-15 21:55 - 2019-05-15 21:55 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-15 21:55 - 2019-05-15 21:55 - 002708480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-15 21:55 - 2019-05-15 21:55 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-15 21:55 - 2019-05-15 21:55 - 001225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-15 21:55 - 2019-05-15 21:55 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-15 21:55 - 2019-05-15 21:55 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-15 21:55 - 2019-05-15 21:55 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-15 21:55 - 2019-05-15 21:55 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-15 21:55 - 2019-05-15 21:55 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-15 21:55 - 2019-05-15 21:55 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-15 21:55 - 2019-05-15 21:55 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-15 21:55 - 2019-05-15 21:55 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-05-15 21:55 - 2019-05-15 21:55 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-15 21:55 - 2019-05-15 21:55 - 000080184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-15 21:55 - 2019-05-15 21:55 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-15 21:55 - 2019-05-15 21:55 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-15 21:51 - 2019-05-24 12:43 - 000000000 ____D C:\Users\orges\.matplotlib
2019-05-15 21:50 - 2019-05-17 00:28 - 000000000 ____D C:\Users\orges\.jupyter
2019-05-15 21:50 - 2019-05-15 21:50 - 000000000 ____D C:\Users\orges\.ipython
2019-05-15 21:36 - 2019-05-15 21:36 - 000000000 ____D C:\Users\orges\Documents\Enthought
2019-05-15 21:34 - 2019-05-24 12:43 - 000000184 _____ C:\Users\orges\.canopy_runtimes.json
2019-05-15 21:33 - 2019-05-15 21:51 - 000000000 ____D C:\Users\orges\Canopy
2019-05-15 21:33 - 2019-05-15 21:33 - 000002126 _____ C:\Users\orges\Desktop\Enthought Canopy (64-bit).lnk
2019-05-15 21:33 - 2019-05-15 21:33 - 000000000 ____D C:\Users\orges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)
2019-05-15 21:33 - 2019-05-15 21:33 - 000000000 ____D C:\Users\orges\AppData\Roaming\Enthought
2019-05-15 21:31 - 2019-05-15 21:31 - 000000000 ____D C:\Users\orges\AppData\Local\Enthought
2019-05-15 21:11 - 2019-05-15 21:25 - 476663808 _____ C:\Users\orges\Downloads\canopy-2.1.9.win-x86_64-cp35.msi
2019-05-15 12:51 - 2019-05-15 12:53 - 000000000 ____D C:\Users\orges\Desktop\flappybird-nn
2019-05-14 19:43 - 2019-05-14 19:43 - 000144693 _____ C:\Users\orges\Documents\test kl V vjetor.pdf
2019-05-14 13:45 - 2019-05-14 13:45 - 000231080 _____ C:\Users\orges\Downloads\66-Article Text-103-1-10-20140518.pdf
2019-05-14 13:17 - 2019-05-14 13:17 - 000003067 _____ C:\Users\orges\Downloads\FP6ODYEISCB499Y (1).ino
2019-05-14 13:15 - 2019-05-29 11:45 - 000000000 ____D C:\Users\orges\Documents\ArduinoData
2019-05-14 13:15 - 2019-05-27 13:47 - 000000000 ____D C:\Users\orges\Documents\Arduino
2019-05-14 13:15 - 2019-05-14 13:15 - 000000000 ____D C:\Users\orges\Downloads\FP6ODYEISCB499Y (1)
2019-05-14 13:15 - 2019-05-14 13:15 - 000000000 ____D C:\Users\orges\Downloads\BallBeamArduinoCode
2019-05-14 10:18 - 2019-05-14 10:18 - 002331938 _____ C:\Users\orges\Downloads\SPS requirements 2nd draft (1).pdf
2019-05-14 10:16 - 2019-05-14 10:16 - 000004709 _____ C:\Users\orges\Downloads\Complete Use Case Diagram.xml
2019-05-14 09:55 - 2019-05-14 09:55 - 000004215 _____ C:\Users\orges\Downloads\GeneralUseCaseDiagram.xml.xml
2019-05-12 22:03 - 2019-05-12 22:03 - 002331938 _____ C:\Users\orges\Downloads\SPS requirements 2nd draft.pdf
2019-05-12 20:49 - 2019-05-12 20:49 - 000145895 _____ C:\Users\orges\Downloads\TF45325165.dotx
2019-05-12 19:53 - 2019-05-12 19:53 - 000004542 _____ C:\Users\orges\Downloads\Data Flow Diagram - Level 2.xml
2019-05-12 15:53 - 2019-05-12 19:50 - 000003774 _____ C:\Users\orges\Downloads\Data Flow Diagram - Level 1.xml
2019-05-12 15:20 - 2019-05-12 15:20 - 000000000 ____D C:\Users\orges\Downloads\fotoo
2019-05-10 20:23 - 2019-05-10 20:23 - 000087481 _____ C:\Users\orges\Downloads\2013-58-AeS-MA-Informatik-FINAL-21-05-13.pdf
2019-05-10 20:22 - 2019-05-10 20:22 - 000113935 _____ C:\Users\orges\Downloads\2018-73-FPSO-MA-Informatik-15-10-2018.pdf
2019-05-10 20:21 - 2019-05-10 20:21 - 000201736 _____ C:\Users\orges\Downloads\2016-49-3-AeS-MasterINTeilzeit-FINAL-02-09-2016.pdf
2019-05-10 20:16 - 2019-05-10 20:16 - 000234720 _____ C:\Users\orges\Downloads\APSO-Okt2013-E.pdf
2019-05-10 19:36 - 2019-05-10 19:36 - 000018701 _____ C:\Users\orges\Downloads\iriscode.zip
2019-05-10 19:32 - 2019-05-10 19:32 - 000000000 ____D C:\Users\orges\Downloads\Matlab-Iris-Recognition-master
2019-05-10 19:30 - 2019-05-10 19:31 - 016184139 _____ C:\Users\orges\Downloads\Matlab-Iris-Recognition-master.zip
2019-05-10 18:13 - 2019-05-10 18:13 - 000001091 _____ C:\Users\orges\.viminfo
2019-05-10 15:00 - 2019-04-24 09:06 - 000205992 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
2019-05-10 15:00 - 2019-04-24 09:06 - 000130728 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
2019-05-10 15:00 - 2019-04-24 09:06 - 000097448 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
2019-05-10 15:00 - 2019-04-24 09:06 - 000043688 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
2019-05-09 20:23 - 2019-05-09 20:23 - 000002698 _____ C:\Users\orges\Downloads\Chief_Inspector_Sequence_Diagram (1).xml
2019-05-09 19:36 - 2019-05-09 19:36 - 000002938 _____ C:\Users\orges\Downloads\Chief_Inspector_Sequence_Diagram.xml
2019-05-09 19:19 - 2019-05-09 19:19 - 000002906 _____ C:\Users\orges\Downloads\Web_Client_Component_Diagram.xml
2019-05-09 14:33 - 2019-05-09 14:33 - 000003606 _____ C:\Users\orges\Downloads\player_std.py
2019-05-06 06:58 - 2019-05-06 06:58 - 1978188026 _____ C:\Users\orges\Downloads\Game.of.Thrones.S08E04.720p.AMZN.WEB-DL.DDP5.1.H.264-GoT.mkv
2019-05-04 23:00 - 2019-05-04 23:00 - 000004134 _____ C:\Users\orges\Downloads\draw.io
2019-05-04 23:00 - 2019-05-04 23:00 - 000002502 _____ C:\Users\orges\Downloads\Object Diagram.xml
2019-05-04 23:00 - 2019-05-04 23:00 - 000002502 _____ C:\Users\orges\Downloads\Object Diagram (1).xml
2019-05-04 19:58 - 2019-05-04 19:58 - 000001501 _____ C:\Users\orges\Downloads\Internal Affairs Officer Use Case 1.xml
2019-05-04 19:58 - 2019-05-04 19:58 - 000001462 _____ C:\Users\orges\Downloads\Internal Affairs Officer Use Case 1 (1).xml
2019-05-04 18:59 - 2019-05-04 18:59 - 000006178 _____ C:\Users\orges\Downloads\sps.sql
2019-05-04 18:12 - 2019-05-04 18:12 - 000002222 _____ C:\Users\orges\Downloads\Use Case 1 (1).xml
2019-05-04 17:54 - 2019-05-04 17:54 - 000001822 _____ C:\Users\orges\Downloads\Use Case 1.xml
2019-05-04 17:53 - 2019-05-04 17:53 - 000001822 _____ C:\Users\orges\Downloads\Untitled Diagram (1).drawio
2019-05-04 15:09 - 2019-05-04 15:09 - 000000756 _____ C:\Users\orges\Downloads\Untitled Diagram.drawio
2019-05-04 12:00 - 2019-05-04 12:00 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-04 12:00 - 2019-05-04 12:00 - 000806600 _____ C:\WINDOWS\system32\locale.nls
2019-05-04 12:00 - 2019-05-04 12:00 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-05-04 12:00 - 2019-05-04 12:00 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-05-04 12:00 - 2019-05-04 12:00 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-05-04 12:00 - 2019-05-04 12:00 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-05-04 12:00 - 2019-05-04 12:00 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-05-04 12:00 - 2019-05-04 12:00 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-05-04 12:00 - 2019-05-04 12:00 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-04 12:00 - 2019-05-04 12:00 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2019-05-04 12:00 - 2019-05-04 12:00 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-05-04 12:00 - 2019-05-04 12:00 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2019-05-04 12:00 - 2019-05-04 12:00 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2019-05-04 12:00 - 2019-05-04 12:00 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2019-05-04 12:00 - 2019-05-04 12:00 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-05-04 12:00 - 2019-05-04 12:00 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-05-04 12:00 - 2019-05-04 12:00 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-05-04 12:00 - 2019-05-04 12:00 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2019-05-04 11:46 - 2019-05-04 11:46 - 000002716 _____ C:\Users\orges\Downloads\randomSearch_V.py
2019-05-03 21:39 - 2019-05-03 21:39 - 000002179 _____ C:\Users\orges\Downloads\randomSearch_noV.py
2019-05-03 18:22 - 2019-05-03 18:22 - 003349328 _____ C:\Users\orges\Downloads\2nd_draft_requirements_specification.pdf
2019-05-02 15:15 - 2019-05-02 15:15 - 000000908 _____ C:\Users\orges\Documents\module2.py
2019-05-02 15:15 - 2019-05-02 15:15 - 000000493 _____ C:\Users\orges\Documents\module1.py
2019-05-02 14:09 - 2019-05-02 14:09 - 010530846 _____ C:\Users\orges\Downloads\PyScripter-3.6.0-x86.zip
2019-05-02 14:07 - 2019-05-02 14:08 - 000000000 ____D C:\Users\orges\AppData\Roaming\PyScripter
2019-05-02 14:07 - 2019-05-02 14:07 - 009871437 _____ (PyScripter ) C:\Users\orges\Downloads\PyScripter-3.6.0-x64-Setup.exe
2019-05-02 14:07 - 2019-05-02 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PyScripter-x64
2019-05-02 14:07 - 2019-05-02 14:07 - 000000000 ____D C:\Program Files\PyScripter
2019-05-01 20:59 - 2019-05-01 21:01 - 080131280 _____ C:\Users\orges\Downloads\ace-stream-3-1-1-multi-win.exe
2019-04-30 19:31 - 2019-04-30 19:31 - 000870052 _____ C:\Users\orges\Downloads\2.DesignandImplementationofBallandBeam1.pdf
2019-04-30 19:29 - 2019-04-30 19:29 - 000003067 _____ C:\Users\orges\Downloads\FP6ODYEISCB499Y.ino
2019-04-30 19:17 - 2019-04-30 19:17 - 002191131 _____ C:\Users\orges\Downloads\JEI-160917_online.pdf
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-30 01:52 - 2019-01-08 20:23 - 000842664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-30 01:52 - 2018-09-15 09:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-30 01:49 - 2018-10-04 22:43 - 000000000 __SHD C:\Users\orges\IntelGraphicsProfiles
2019-05-30 01:48 - 2019-01-08 20:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-30 01:48 - 2019-01-08 20:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2019-05-30 01:48 - 2018-10-09 05:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-05-30 01:48 - 2018-09-15 08:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-30 01:42 - 2019-03-26 09:22 - 000000000 ____D C:\Users\orges\AppData\Local\CrashDumps
2019-05-30 01:42 - 2019-01-10 20:06 - 000000000 ____D C:\Users\orges\AppData\Roaming\IDM
2019-05-30 01:42 - 2018-10-23 18:26 - 000000000 ____D C:\Users\orges\AppData\Roaming\BitTorrent
2019-05-30 01:42 - 2018-10-04 22:47 - 000000000 ____D C:\Users\orges\AppData\Local\Google
2019-05-30 01:36 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-05-30 01:35 - 2018-10-04 22:43 - 000000000 ____D C:\Users\orges\AppData\Local\Packages
2019-05-30 01:35 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-30 01:35 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\tracing
2019-05-30 01:35 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-30 01:29 - 2019-01-10 20:06 - 000000000 ____D C:\Users\orges\AppData\Roaming\DMCache
2019-05-30 00:45 - 2019-01-25 18:41 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1ACCBCF1-C33E-4584-8626-3FABEC9448C1}
2019-05-30 00:36 - 2018-09-15 09:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-30 00:18 - 2019-04-08 11:23 - 000000258 __RSH C:\Users\orges\ntuser.pol
2019-05-30 00:18 - 2019-01-08 20:20 - 000000000 ____D C:\Users\orges
2019-05-30 00:18 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-05-29 21:59 - 2019-01-08 20:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-29 20:49 - 2019-01-10 16:21 - 000000000 ____D C:\Users\orges\Desktop\ob
2019-05-29 20:42 - 2018-10-04 22:54 - 000000000 ____D C:\ProgramData\Packages
2019-05-29 12:11 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-29 00:33 - 2019-02-19 20:43 - 000000000 ____D C:\Users\orges\PycharmProjects
2019-05-29 00:14 - 2018-10-04 22:45 - 000000000 ____D C:\Users\orges\AppData\Local\PlaceholderTileLogoFolder
2019-05-28 10:28 - 2019-01-08 20:23 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-27 21:33 - 2018-10-09 05:44 - 000000000 ____D C:\Users\orges\AppData\Roaming\TeamViewer
2019-05-27 21:06 - 2018-09-12 21:39 - 000000000 ____D C:\ProgramData\Lenovo
2019-05-27 21:06 - 2018-09-12 21:39 - 000000000 ____D C:\Program Files (x86)\Lenovo
2019-05-27 21:05 - 2019-01-31 10:00 - 000000000 ____D C:\Users\orges\AppData\Local\LenovoServiceBridge
2019-05-27 21:02 - 2019-04-08 21:56 - 000000000 ___RD C:\Users\orges\Creative Cloud Files
2019-05-27 21:02 - 2018-10-25 18:37 - 000000000 ____D C:\Users\orges\AppData\Local\Adobe
2019-05-27 21:01 - 2019-01-31 09:54 - 000000000 ____D C:\BIOS
2019-05-27 20:31 - 2019-01-31 09:59 - 000000000 ____D C:\Users\orges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2019-05-26 14:35 - 2019-01-31 23:00 - 000007599 _____ C:\Users\orges\AppData\Local\Resmon.ResmonCfg
2019-05-26 13:34 - 2018-10-14 00:04 - 000000000 ____D C:\Program Files\Microsoft Office
2019-05-25 19:08 - 2019-01-10 20:06 - 000000000 ____D C:\Users\orges\Downloads\Compressed
2019-05-25 18:04 - 2019-03-12 20:44 - 000000000 ____D C:\Users\orges\AppData\Roaming\GitHub Desktop
2019-05-25 14:04 - 2019-03-03 16:27 - 000002380 _____ C:\Users\orges\.bash_history
2019-05-25 13:03 - 2019-03-12 20:44 - 000002426 _____ C:\Users\orges\Desktop\GitHub Desktop.lnk
2019-05-25 13:03 - 2019-03-12 20:44 - 000000000 ____D C:\Users\orges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2019-05-25 13:03 - 2019-03-12 20:44 - 000000000 ____D C:\Users\orges\AppData\Local\GitHubDesktop
2019-05-25 13:03 - 2018-10-21 11:46 - 000000000 ____D C:\Users\orges\AppData\Local\SquirrelTemp
2019-05-24 09:54 - 2019-04-08 21:51 - 000001417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2019-05-24 09:54 - 2019-04-08 21:51 - 000001405 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2019-05-24 09:54 - 2018-10-25 18:36 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-05-22 21:00 - 2019-01-08 20:23 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-721970688-1069457685-3330566907-1001
2019-05-22 21:00 - 2019-01-08 20:20 - 000002374 _____ C:\Users\orges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-22 21:00 - 2018-10-04 22:45 - 000000000 ___RD C:\Users\orges\OneDrive
2019-05-21 22:11 - 2019-01-21 22:17 - 000000000 ____D C:\Users\orges\.VirtualBox
2019-05-21 20:49 - 2019-01-21 22:17 - 000000000 ____D C:\ProgramData\VirtualBox
2019-05-18 17:12 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-05-16 13:43 - 2019-01-08 20:19 - 005130112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-15 22:00 - 2018-09-15 09:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-15 22:00 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-15 21:57 - 2018-09-15 09:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-14 20:47 - 2019-03-12 20:49 - 000000000 ____D C:\Users\orges\Documents\GitHub
2019-05-14 20:23 - 2018-10-07 04:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 20:06 - 2018-10-07 04:31 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-13 23:23 - 2018-09-15 09:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-13 23:23 - 2018-09-15 09:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-12 18:13 - 2018-10-09 05:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-05-12 18:13 - 2018-10-09 05:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-05-12 18:13 - 2018-10-09 05:47 - 000000000 ____D C:\Program Files\Java
2019-05-12 18:12 - 2018-10-09 05:47 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2019-05-05 12:00 - 2019-04-14 21:33 - 000000000 ____D C:\Program Files (x86)\HMA! Pro VPN
2019-05-04 23:50 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-04 23:50 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-04 17:03 - 2019-03-21 20:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-05-04 17:03 - 2018-09-12 21:45 - 000000000 ____D C:\Program Files (x86)\Intel
2019-05-04 17:03 - 2018-09-12 21:39 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-01 19:38 - 2018-11-02 19:49 - 000000000 ____D C:\Users\orges\PhpstormProjects
==================== Files in the root of some directories =======
2019-01-30 23:03 - 2019-01-30 23:05 - 000000132 _____ () C:\Users\orges\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-11-05 19:07 - 2018-11-05 19:40 - 000000096 _____ () C:\Users\orges\AppData\Roaming\Camdata.ini
2018-11-05 19:07 - 2018-11-05 19:40 - 000000408 _____ () C:\Users\orges\AppData\Roaming\CamLayout.ini
2018-11-05 19:07 - 2018-11-05 19:40 - 000000408 _____ () C:\Users\orges\AppData\Roaming\CamShapes.ini
2018-11-05 19:06 - 2018-11-05 19:40 - 000004536 _____ () C:\Users\orges\AppData\Roaming\CamStudio.cfg
2018-11-05 19:01 - 2018-11-05 19:20 - 000000096 _____ () C:\Users\orges\AppData\Roaming\version2.xml
2019-05-30 00:18 - 2019-05-30 00:18 - 000054272 _____ () C:\Users\orges\AppData\Local\ApplicationHosting.dat
2018-12-07 10:34 - 2018-12-07 10:34 - 000001536 _____ () C:\Users\orges\AppData\Local\GfxMetrics.cfg
2019-05-30 00:17 - 2019-05-30 00:17 - 000140800 _____ () C:\Users\orges\AppData\Local\installer.dat
2019-05-30 00:18 - 2019-05-30 00:18 - 000126464 _____ () C:\Users\orges\AppData\Local\lobby.dat
2018-10-28 19:32 - 2018-10-28 19:32 - 000000000 _____ () C:\Users\orges\AppData\Local\oobelibMkey.log
2019-01-31 23:00 - 2019-05-26 14:35 - 000007599 _____ () C:\Users\orges\AppData\Local\Resmon.ResmonCfg
2019-05-30 00:17 - 2019-05-30 00:17 - 000722944 _____ () C:\Users\orges\AppData\Local\sha.db
2018-10-14 15:15 - 2018-10-14 15:15 - 000000003 _____ () C:\Users\orges\AppData\Local\updater.log
2018-10-14 15:15 - 2018-10-14 15:15 - 000000425 _____ () C:\Users\orges\AppData\Local\UserProducts.xml
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05.2019
Ran by orges (30-05-2019 01:53:33)
Running from C:\Users\orges\Downloads\Programs
Windows 10 Home Version 1809 17763.503 (X64) (2019-01-08 18:23:43)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-721970688-1069457685-3330566907-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-721970688-1069457685-3330566907-503 - Limited - Disabled)
Guest (S-1-5-21-721970688-1069457685-3330566907-501 - Limited - Disabled)
orges (S-1-5-21-721970688-1069457685-3330566907-1001 - Administrator - Enabled) => C:\Users\orges
WDAGUtilityAccount (S-1-5-21-721970688-1069457685-3330566907-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.2.476 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
BitTorrent (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\BitTorrent) (Version: 7.10.5.44995 - BitTorrent Inc.)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Cisco Packet Tracer 7.2 64Bit (HKLM\...\Cisco Packet Tracer 7.2 64Bit_is1) (Version: - Cisco Systems, Inc.)
CodeBlocks (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
Dolby Atmos Windows API SDK (HKLM\...\{139C7F29-696B-4EEA-B4AF-2990C2ECF7AD}) (Version: 1.1.7.32 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{D539F055-FFE0-422D-8D57-0D9427E6ABA9}) (Version: 1.1.8.23 - Dolby Laboratories, Inc.)
Enthought Canopy (64-bit) (HKLM\...\{75E89CC4-4EFF-403B-9B7A-A2FDF377C1AA}) (Version: 2.1.9.3717 - Enthought, Inc.)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Git version 2.21.0 (HKLM\...\Git_is1) (Version: 2.21.0 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\GitHubDesktop) (Version: 1.6.6 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{1C86244D-6CBD-4067-BD27-1C263B7D5B35}) (Version: 19.4.18.9 - Intel) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6344 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.2.1002 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{cdfa55ef-79fd-483d-9278-fb714b90b601}) (Version: 19.4.18.9 - Intel)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{040D9BA0-B5C7-4382-9412-5A0197927A65}) (Version: 16.8.2.1002 - Intel Corporation)
IntelliJ IDEA 2018.2.5 (HKLM-x32\...\IntelliJ IDEA 2018.2.5) (Version: 182.4892.20 - JetBrains s.r.o.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Java SE Development Kit 8 Update 181 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180181}) (Version: 8.0.1810.13 - Oracle Corporation)
JetBrains PhpStorm 2018.3.3 (HKLM-x32\...\PhpStorm 2018.3.3) (Version: 183.5153.36 - JetBrains s.r.o.)
JetBrains PyCharm 2018.3.2 (HKLM-x32\...\PyCharm 2018.3.2) (Version: 183.4886.43 - JetBrains s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.5.1.21 - Wacom Technology Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.9 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0072 - Lenovo)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MATLAB R2018b (HKLM\...\Matlab R2018b) (Version: 9.5 - MathWorks)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11601.20230 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\Teams) (Version: 1.2.00.8864 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Miniconda3 4.6.14 (Python 3.7.3 64-bit) (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\Miniconda3 4.6.14 (Python 3.7.3 64-bit)) (Version: 4.6.14 - Anaconda, Inc.)
MySQL Workbench 8.0 CE (HKLM\...\{3B1F62A9-98B7-4F2A-8D3E-54FCF192EEAB}) (Version: 8.0.13 - Oracle Corporation)
Node.js (HKLM\...\{9A1DA61D-112C-46CE-AB8F-AD31985866F5}) (Version: 10.13.0 - Node.js Foundation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 6.0.2 (HKLM\...\{55905447-3228-417B-9F9D-6F8AC4D1A15C}) (Version: 6.0.2 - Oracle Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PyScripter 3.6.0 (x64) (HKLM\...\PyScripter_is1) (Version: 3.6.0 - PyScripter)
Python 3.7.2 (32-bit) (HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\{0f40e78b-67e1-4e0c-a2fd-e9325d9dfc82}) (Version: 3.7.2150.0 - Python Software Foundation)
Python 3.7.2 Add to Path (32-bit) (HKLM-x32\...\{A0253733-D4C4-4964-AB97-C5C80FCD580F}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Core Interpreter (32-bit) (HKLM-x32\...\{3A09B849-4D48-41AA-9461-112E6CEC405D}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Development Libraries (32-bit) (HKLM-x32\...\{A14E7090-5888-460B-9003-1C3DA5AD3D35}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Documentation (32-bit) (HKLM-x32\...\{D2FA452F-4742-4805-BEB1-AC81ED48F4A8}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Executables (32-bit) (HKLM-x32\...\{D6FF50CC-E41E-4FFB-B7B9-72D71BF00C55}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 pip Bootstrap (32-bit) (HKLM-x32\...\{0D2B3674-3B1E-4281-B5FD-37D700602129}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Standard Library (32-bit) (HKLM-x32\...\{667226B8-23CA-47C1-A070-D3B85E8C9292}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{34AD493A-01AA-4D6A-9229-BF0406F22D14}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Test Suite (32-bit) (HKLM-x32\...\{F0B6A6E9-C7E1-4730-A29D-71C02B800028}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python 3.7.2 Utility Scripts (32-bit) (HKLM-x32\...\{06CE3F8B-A658-462C-AD3D-FA7142297E97}) (Version: 3.7.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FA2A3867-8965-4CF7-83E2-C8960652F5AD}) (Version: 3.7.6565.0 - Python Software Foundation)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Symfony version 1.1.4 (HKLM\...\Symfony_is1) (Version: 1.1.4 - Symfony)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.2558 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 7.2.11-0 - Bitnami)
Packages:
=========
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_18.0.12.9_x64__adky2gkssdxte [2019-04-08] (Adobe Systems Incorporated)
Arduino IDE -> C:\Program Files\WindowsApps\ArduinoLLC.ArduinoIDE_1.8.21.0_x86__mdqgnx93n4wtt [2019-05-14] (Arduino LLC)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-03-11] (Dolby Laboratories)
Earth Day -> C:\Program Files\WindowsApps\Microsoft.EarthDay_2.0.0.0_neutral__8wekyb3d8bbwe [2019-04-13] (Microsoft Corporation)
FortiClient -> C:\Program Files\WindowsApps\FortinetInc.FortiClient_1.0.1037.0_x64__sq9g7krz3c65j [2019-01-31] (FORTINET TECHNOLOGIES CANADA INC.)
HeidiSQL -> C:\Program Files\WindowsApps\2691AnsgarBeckerSoftwareD.19284136982C_10.1.0.0_x86__peg9cky9b9hfj [2019-03-29] (Ansgar Becker)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa [2019-05-29] (Apple Inc.)
Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_7.6.38.0_x64__ss941bf8mfs8a [2019-04-18] (Wacom Technology Corp.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-26] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.52.0_x64__5grkq8ppsgwt4 [2019-04-16] (LENOVO INC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-10-04] (LinkedIn)
Microsoft To-Do -> C:\Program Files\WindowsApps\Microsoft.Todos_1.57.21415.0_x64__8wekyb3d8bbwe [2019-05-27] (Microsoft Corporation)
Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x64__8wekyb3d8bbwe [2019-05-29] (Microsoft Platform Extensions)
Microsoft Visual C++ 2013 Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Universal_12.0.30501.0_x86__8wekyb3d8bbwe [2019-05-29] (Microsoft Platform Extensions)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2018-10-13] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-20] (Netflix, Inc.)
Ubuntu 18.04 LTS -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu18.04onWindows_1804.2019.522.0_x64__79rhkp1fndgsc [2019-05-25] (Canonical Group Limited)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{04271989-C4D2-E7DA-05E2-BEADE33D9F6D} -> [OneDrive - AMD shpk] => C:\Users\orges\OneDrive - AMD shpk [2019-05-27 21:35]
CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3893B5025A66} -> [Creative Cloud Files] => C:\Users\orges\Creative Cloud Files [2019-04-08 21:56]
CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\orges\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19071.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\orges\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19071.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-721970688-1069457685-3330566907-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-27] () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-27] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7be3d75c5adc8917\igfxDTCM.dll [2018-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\orges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\orges\Miniconda3\Scripts\activate.bat C:\Users\orges\Miniconda3
==================== Loaded Modules (Whitelisted) ==============
2010-01-02 16:42 - 2010-01-02 16:42 - 000098304 _____ () [File not signed] C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2019-03-26 06:33 - 2019-03-26 06:35 - 035952640 _____ () [File not signed] C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8\Lenovo.Discovery.dll
2019-03-26 06:33 - 2019-03-26 06:35 - 000024064 _____ () [File not signed] C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
2019-04-30 18:15 - 2018-12-18 03:20 - 001006080 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2019-02-27 15:29 - 2019-02-27 15:29 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2019-03-15 23:10 - 2018-08-12 21:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2018-10-14 15:15 - 2017-05-23 20:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-10-14 15:15 - 2017-05-23 20:59 - 000478208 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
2018-10-14 15:15 - 2017-05-23 20:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2018-12-19 20:01 - 2018-12-19 20:01 - 001878528 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2015-08-28 14:36 - 2019-01-10 20:04 - 003907152 ____R (Tonec Inc. -> Tonec Inc.) [File not signed] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\sharepoint.com -> hxxps://amdshpk-files.sharepoint.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-12 01:38 - 2019-05-30 01:35 - 000000907 _____ C:\WINDOWS\system32\drivers\etc\hosts
192.168.1.5 web1.google.com
192.168.1.5 w3.facebook.com
192.168.1.5 www.emri.al
2018-10-31 15:30 - 2018-10-31 15:34 - 000000513 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\nodejs\;C:\Program Files\MATLAB\R2018b\runtime\win64;C:\Program Files\MATLAB\R2018b\bin;C:\Program Files\Symfony;C:\Program Files\Git\cmd;C:\xampp\php;C:\ProgramData\ComposerSetup\bin;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\orges\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\StartupFolder: => "ZenMate.bat"
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-721970688-1069457685-3330566907-1001\...\StartupApproved\Run: => "AceStream"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{7DFCA12E-2A3A-4BD6-BE0C-DFC11E822D21}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{F85469F1-182A-462E-84DF-3EB7FC53F574}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{3CA4D138-BC73-4990-8C33-0CF05CFC65DC}C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe] => (Block) C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [TCP Query User{7634E13A-8AD1-499F-A5BB-B0C60A8574A1}C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe] => (Block) C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{E311F2D2-DBFE-40CE-9A5F-F9597B1406C7}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{EC1B8BFD-6985-46F2-8D54-B35ED936393E}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{916B6FC2-5786-42BD-AD2A-AF694FB880B8}C:\program files\java\jdk1.8.0_181\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_181\bin\java.exe
FirewallRules: [TCP Query User{603FFE7A-E307-4CB3-900C-6AC0735E9E3D}C:\program files\java\jdk1.8.0_181\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_181\bin\java.exe
FirewallRules: [UDP Query User{DE25F9AE-93F8-4771-8004-E2E8F439686E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{4E44C440-41F2-4B93-84F5-FF86979AF5B2}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{0D81EC6B-8C9E-493F-9B5D-2159B5715DFF}C:\program files\java\jdk1.8.0_181\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_181\bin\java.exe
FirewallRules: [TCP Query User{7DADCA95-DB69-42A0-8922-59AE1D6A67D8}C:\program files\java\jdk1.8.0_181\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_181\bin\java.exe
FirewallRules: [UDP Query User{2F397FFB-3A37-4A4D-AA11-C961268EB543}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [TCP Query User{87163544-F767-411D-B487-1CC407472D7D}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{93F8E61C-C420-414F-9974-304344895A21}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B9A972C7-F476-47E1-8C3B-38D803F2D102}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{0C7F5EEB-DA6A-49E0-9F2F-28275BBAA02A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0E03D152-6C32-4010-B326-C1152B573F7D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [UDP Query User{5F578606-C3E7-4580-8E38-411E2E588903}C:\users\orges\eclipse\java-2018-09\eclipse\eclipse.exe] => (Block) C:\users\orges\eclipse\java-2018-09\eclipse\eclipse.exe () [File not signed]
FirewallRules: [TCP Query User{0419B993-15E1-4205-9D27-ADF47D5D9218}C:\users\orges\eclipse\java-2018-09\eclipse\eclipse.exe] => (Block) C:\users\orges\eclipse\java-2018-09\eclipse\eclipse.exe () [File not signed]
FirewallRules: [UDP Query User{1C1CF22A-D666-47B3-B985-45C8FD9A2834}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{88D030C5-7FFC-4F42-AEC8-3C35D3A9C28E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [{70CDB6E8-49D6-4765-9065-86B5647D5E51}] => (Allow) C:\Users\orges\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{086E525E-338D-4379-AD42-5C256B9E8249}] => (Allow) C:\Users\orges\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F5D21E85-290B-4E29-B038-E2867B6BDCD2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4FF87FC7-4453-439C-B0DA-00979FB30D06}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20150.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A474EB0-83B7-4B2A-96EC-7EC5FF7E34B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EE206DF2-8DD5-4A2F-9E95-448EF4CDDD25}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{5A1CC2F3-F28B-41C2-89E5-F90B6795D003}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{CEC1CC21-D849-49B1-BD2D-137DC4F7B833}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{47A8BDC3-D3A8-4C6A-8AFE-753762843D24}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{5F08ACF4-F53D-4377-A3D6-9B85FAB2DE05}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{5196893D-0E39-490E-AF72-D851C4DE0D8C}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{FA88D58F-A2BB-4ECC-AB2E-95AE89FC3069}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{2E032932-5445-4BA7-84C0-1BE95C3A89BD}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{E025AF22-5D13-4FAE-A007-A4F3B4337A57}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [TCP Query User{525A4969-21E1-417E-B0A1-A4A5F5B9B057}C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [UDP Query User{D1E4547C-EB47-463B-AE4D-BDC3EF540998}C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{F6891D8E-5D0C-4C0C-AF4D-9D7CDE8B1A9E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0410E43E-D520-475A-BA78-BE1D566BD82E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{0EE0FFEB-08EC-40A5-A4BD-564F0816D1E8}C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [UDP Query User{13EAC773-9DD9-4462-A8E8-3705FCF2346F}C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.2\bin\packettracer7.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [TCP Query User{75A5C39F-2C00-4884-A147-44BA1517732E}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) [File not signed]
FirewallRules: [UDP Query User{2D21CE2F-278E-4B1D-A06C-F3124346EAD0}C:\xampp\filezillaftp\filezillaserver.exe] => (Block) C:\xampp\filezillaftp\filezillaserver.exe (FileZilla Project) [File not signed]
FirewallRules: [TCP Query User{42E83B58-1D90-43B4-9E81-D880CE204F57}C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{A3CD1B93-E814-43BF-8A7C-48E18C1A9813}C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [TCP Query User{7B77D4F1-4E9B-4DC6-A0F5-5B6FEE95E956}C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{21F2F13A-17DB-4E8F-803B-DD5104561C8F}C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm 2018.3.2\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [TCP Query User{7E552667-565F-4C8D-868B-4DC74B19FF1A}C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe] => (Allow) C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{7B9C71E0-5F65-4A14-9112-E1178EAD2914}C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe] => (Allow) C:\program files\jetbrains\intellij idea 2018.2.5\bin\idea64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [TCP Query User{8CBB5785-B34F-446E-9342-84D2EC474CF5}C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{53F89281-AB24-4446-BD57-FFA84E700D73}C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [{8F8652CE-C1F8-43D3-9710-5676AC1FE36A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EAB4012A-AB4B-43E8-B37F-2B3FA06589FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{9023A1A2-4C87-4844-B60D-2BEF3399ACAE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{CB3A0B98-7A4D-439F-9497-F086435B895B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [TCP Query User{7C0D7B3B-AB17-4EBF-A41B-A87268318CBA}C:\users\orges\desktop\orges balla\godot game\godot_v2.1.3-stable_win32.exe] => (Allow) C:\users\orges\desktop\orges balla\godot game\godot_v2.1.3-stable_win32.exe (Godot Engine) [File not signed]
FirewallRules: [UDP Query User{A58E6CB2-B465-4DEE-912B-376F64FBB2E1}C:\users\orges\desktop\orges balla\godot game\godot_v2.1.3-stable_win32.exe] => (Allow) C:\users\orges\desktop\orges balla\godot game\godot_v2.1.3-stable_win32.exe (Godot Engine) [File not signed]
FirewallRules: [TCP Query User{034C0B9A-00FE-4B7B-A667-B53FE966C57F}C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe
FirewallRules: [UDP Query User{16432141-7E89-4443-9611-29F752DFC6C9}C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe
FirewallRules: [TCP Query User{BA3CC4FF-D189-4914-9E5A-0BF4E371406F}C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{AE2D511A-D8B2-43DE-8C62-2C2CB28D89D3}C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\bin\phpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)
FirewallRules: [TCP Query User{54CE52DB-18EA-4913-AB66-A8799C0DCD6A}C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe
FirewallRules: [UDP Query User{C2AEA904-8667-4C88-90B1-C7008A0EBB15}C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe] => (Allow) C:\program files\jetbrains\phpstorm 2018.3.3\jre64\bin\java.exe
FirewallRules: [TCP Query User{B67E9301-7A99-4994-913F-98025CC03E46}C:\users\orges\appdata\local\programs\python\python37-32\python.exe] => (Allow) C:\users\orges\appdata\local\programs\python\python37-32\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [UDP Query User{FB44E108-DF55-4986-B3B5-20476343CE9B}C:\users\orges\appdata\local\programs\python\python37-32\python.exe] => (Allow) C:\users\orges\appdata\local\programs\python\python37-32\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [TCP Query User{7F894D5C-1FDE-4E47-A1B2-9A8569FACCD3}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [UDP Query User{5538AA71-FFE2-4220-B90B-0E29429C1F63}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [TCP Query User{B21BA900-0DBF-42ED-AC89-F4DC0624FC32}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [UDP Query User{2EE81EDD-9580-49ED-A511-4DF64A3EF97B}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [{CF7E678D-5DC7-474E-9FD3-593E9F235EDF}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{86480A39-EB03-4BA1-9D68-EF98D7BAC7E3}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{C55D5B51-C87D-4C8C-9477-5CD8364741EE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B8C77008-2D70-411D-83A4-69225E9A6962}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9385D944-E3A0-419A-8076-1FA50E3B69F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{175494E6-6229-465A-AE84-C98C287D3A76}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3F9BDE81-892B-4F8F-A26D-362DDB3EAF92}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CA11984F-0F1B-416B-9469-7FD2FF6E8991}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4BA30F31-0059-46A3-8675-EDE8A535E3C7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6DEE6C77-4086-4E94-B48D-914864B4AA45}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{54FFFBFC-20B3-4B67-8D5E-423F38C81FE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
15-05-2019 21:30:25 Installed Enthought Canopy (64-bit)
26-05-2019 12:36:40 Scheduled Checkpoint
30-05-2019 01:34:51 Removed FortiClient
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/30/2019 01:54:21 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (05/30/2019 01:53:12 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (05/30/2019 01:48:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17763.348, time stamp: 0xa0a39b52
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1a1c
Faulting application start time: 0x01d5167908b1a421
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: unknown
Report Id: 5ecd0142-f9f0-43f7-9851-ab22210ef3c0
Faulting package full name:
Faulting package-relative application ID:
Error: (05/30/2019 01:43:13 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (05/30/2019 01:42:03 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (05/30/2019 01:36:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17763.348, time stamp: 0xa0a39b52
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x169c
Faulting application start time: 0x01d5167764691cab
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: unknown
Report Id: e64df7fd-8f00-4105-ba6f-7f4742c4a47d
Faulting package full name:
Faulting package-relative application ID:
Error: (05/30/2019 01:30:52 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (05/30/2019 01:29:42 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
System errors:
=============
Error: (05/30/2019 01:50:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/30/2019 01:50:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/30/2019 01:50:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/30/2019 01:49:32 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GT66B45)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-GT66B45\orges SID (S-1-5-21-721970688-1069457685-3330566907-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/30/2019 01:48:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® System Usage Report Service SystemUsageReportSvc_QUEENCREEK service terminated unexpectedly. It has done this 1 time(s).
Error: (05/30/2019 01:48:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly. It has done this 1 time(s).
Error: (05/30/2019 01:48:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (05/30/2019 01:48:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Update service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
===================================
Date: 2019-05-30 01:15:10.515
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E535F369-0EFF-445C-A575-89CE0CF176E9}
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2019-05-30 00:30:43.040
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9ACC4FBC-3DD4-48C8-A24D-088D15516DC3}
Scan Type: Antimalware
Scan Parameters: Custom Scan
Date: 2019-05-30 00:23:22.331
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...06&enterprise=0
Name: Trojan:Win32/Conteban.A!ml
ID: 2147735506
Severity: Severe
Category: Trojan
Path: file:_C:\ProgramData\Logic Cramble\set.exe; process:_pid:16956,ProcessStart:132036419360931633
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\ProgramData\Logic Cramble\set.exe
Signature Version: AV: 1.293.2508.0, AS: 1.293.2508.0, NIS: 1.293.2508.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-05-30 00:23:04.044
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...06&enterprise=0
Name: Trojan:Win32/Conteban.A!ml
ID: 2147735506
Severity: Severe
Category: Trojan
Path: file:_C:\ProgramData\Logic Cramble\set.exe; process:_pid:16956,ProcessStart:132036419360931633
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\ProgramData\Logic Cramble\set.exe
Signature Version: AV: 1.293.2508.0, AS: 1.293.2508.0, NIS: 1.293.2508.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-05-30 00:22:43.080
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...06&enterprise=0
Name: Trojan:Win32/Conteban.A!ml
ID: 2147735506
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\ProgramData\Logic Cramble\set.exe; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore->(UTF-16LE); file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA->(UTF-16LE); process:_pid:16956,ProcessStart:132036419360931633; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57AA4BE5-A220-46E0-A599-2BDC0E4DB9EC}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFF0C59B-7745-4FA8-9508-BA8DB298DF53}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA; service:_backlh; service:_gupdate; service:_gupdatem; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: C:\ProgramData\Logic Cramble\set.exe
Signature Version: AV: 1.293.2508.0, AS: 1.293.2508.0, NIS: 1.293.2508.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-05-30 01:15:56.957
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-05-30 00:19:20.947
Description:
Windows Defender Antivirus has encountered an error trying to upload a suspicious file for further analysis.
Filename: C:\Users\orges\AppData\Local\Temp\PHqul0l3olZkuU0A\e4504dbfd68f03505569157841e10fa5.exe
Sha256:
Current Signature Version: AV: 1.293.2508.0, AS: 1.293.2508.0
Current Engine Version: 1.1.15900.4
Error code: 0x80508016
Date: 2019-05-30 00:19:20.924
Description:
Windows Defender Antivirus has encountered an error trying to upload a suspicious file for further analysis.
Filename: C:\Users\orges\AppData\Local\Temp\ULkQMl7Og1tcKjjM\c9982f3c5cba25e37e3ef8ff91edc2f1.exe
Sha256:
Current Signature Version: AV: 1.293.2508.0, AS: 1.293.2508.0
Current Engine Version: 1.1.15900.4
Error code: 0x80508016
Date: 2019-05-29 11:55:10.540
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2434.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-05-27 13:56:04.883
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2345.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2019-05-30 00:42:45.719
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-05-30 00:42:45.710
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-05-30 00:42:45.704
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-05-30 00:42:45.697
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-05-30 00:42:45.681
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-05-30 00:42:45.674
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-05-30 00:42:45.669
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-05-30 00:42:45.518
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
==================== Memory info ===========================
BIOS: LENOVO 7KCN28WW(V1.09) 11/21/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 65%
Total physical RAM: 8007.89 MB
Available physical RAM: 2800.32 MB
Total Virtual: 14151.89 MB
Available Virtual: 8128.05 MB
==================== Drives ================================
Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:58.36 GB) NTFS
\\?\Volume{54055fb3-7e89-4123-84a8-7e407377b846}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{0a1cc5a2-de35-4c46-b106-1cad45fe655f}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 8FC42C0F)
Partition: GPT.
==================== End of Addition.txt ============================
Security →
Virus, Spyware, Malware Removal →
Trojan Backdoor activity 578Started by spotted jaguar , 15 Oct 2022 trojan, backdoor, 578 |
|
|
||
|
Security →
Virus, Spyware, Malware Removal →
Is My PC Infected? [Solved]Started by siroynthe , 09 Apr 2021 infection, virus, trojan, rat and 1 more... |
|
|
|
trojan
Security →
Virus, Spyware, Malware Removal →
Trojan.kotver!batStarted by cstolarik , 05 Aug 2020 trojan |
|
|
||
Security →
Virus, Spyware, Malware Removal →
Win64:TrojanX-gen and other things....Started by Matias Cooke , 04 Aug 2020 #virus, #trojan, #slow |
|
|
||
Security →
Virus, Spyware, Malware Removal →
This Virus Got Me Good! I NEED HELP!Started by joe_rockstar , 17 Jun 2020 TROJAN, REGEDIT WONT OPEN and 3 more... |
|
|
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.