Hi
My Coda notebook is acting up, always showing that there is low disk space, even sometimes when I just want to open a webpage. I looked into it and most of my space is taken by necessary files, so I just think this notebook has very little disk space. I even had trouble downloading the program to do the pre-work. Also, very frequently I get a message that says 'free up space to continue, some features might not work until you clear data that other sites have stored on your device'. So, I want to know if there something wrong or there are too many files or if it 's just that this notebook has low disk space to begin with. Here its the first step of the pre-work, thank you.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-01-2021
Ran by user (administrator) on DESKTOP-S6NI0CQ (CODA SPIRIT) (19-01-2021 14:07:26)
Running from C:\Users\user\Downloads
Loaded Profiles: user
Platform: Windows 10 Home Version 20H2 19042.630 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSProtectedService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_29d727269a34edf5\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_75184acc275b8a99\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_75184acc275b8a99\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2012.16655.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2009.30067.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20368.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe <2>
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\user\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-15] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-14] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {13F42425-08D5-4574-8A8C-9C1CB2544105} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {28DCF423-5B12-44C7-9342-BEF1EA0F4B10} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {36BB6E77-0462-449A-85EF-51C392349863} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {55D52EF7-13DA-42DE-AB8C-8875F205E726} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {660C255C-F82F-473E-9CA1-E43B877F02DC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {67AE4A53-A008-4391-8B29-061F9428A1C9} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3071043404-2767738021-2425313209-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-10-19] (Microsoft Windows -> )
Task: {6FD0ABE7-328C-49DD-8C18-02CA62840F79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-28] (Google LLC -> Google LLC)
Task: {771E9E35-EED7-475F-8DE5-FBD9E0266CF8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [434176 2020-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {8B2AD90A-020E-409A-B5E0-5E0E67792A33} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {8E4EFC6F-CB3B-4811-9051-2F9666E867D2} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [434176 2020-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {9635817A-7F43-492C-A36F-2422F87EEEA4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {ABDABD9A-F610-4960-8D76-BC244E9932B4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {AC4342C2-C6DC-4460-A453-0EC75B2FB4CA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {BAD1C139-4456-49FB-920A-8F9E53450F91} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {EACC1974-A1B1-48E7-9B52-FAE660CD61E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-28] (Google LLC -> Google LLC)
Task: {F110F8B8-16F2-4A31-981B-62C4B1E087E2} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8b5ef72c-a119-457b-9b74-bd98eacdb1ae}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Notifications: HKU\S-1-5-21-3071043404-2767738021-2425313209-1001 -> hxxps://www.facebook.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-19]
Edge Notifications: Default -> hxxps://mail.yahoo.com; hxxps://pchelpforum.net; hxxps://www.facebook.com; hxxps://www.oddsmonkey.com
Edge HomePage: Default -> hxxps://www.youtube.com/watch?v=voXmVoCY6Ow
Edge Extension: (Outlook) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-20]
Edge Extension: (Whisk) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gfoijmnbedaipllfimaogeepohalbgka [2020-12-21]
Edge Extension: (Word) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-20]
Edge Extension: (Amazon Assistant) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2020-12-27]
Edge Extension: (Total AV Safe Site) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ldphndknlndfnhcakekghibnbgjlknli [2020-07-08]
Edge Extension: (Excel) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-20]
Edge Extension: (Copy me that!) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lgjinjcobiflbbnhenlfkcjpeeacklfl [2020-11-14]
Edge Extension: (PowerPoint) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-20]
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-01-19]
CHR Notifications: Default -> hxxps://20cogs.co.uk; hxxps://advisor.sky.com; hxxps://casino.netbet.co.uk; hxxps://community.oddsmonkey.com; hxxps://mail.google.com; hxxps://mail.yahoo.com; hxxps://pchelpforum.net; hxxps://sport.netbet.co.uk; hxxps://sportnation.webpu.sh; hxxps://teams.microsoft.com; hxxps://uk.mail.yahoo.com; hxxps://www.888sport.com; hxxps://www.bet365.com; hxxps://www.cashbackearners.co.uk; hxxps://www.emaileasyaccess.com; hxxps://www.facebook.com; hxxps://www.fashionnova.com; hxxps://www.jdsports.co.uk; hxxps://www.lottogo.com; hxxps://www.oddsmonkey.com; hxxps://www.sportpesa.uk
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/",""
CHR NewTab: Default -> Not-active:"chrome-extension://oaabclcgeeifmbgknfalnbeamfcbmaoh/newtabhtml/newtabpage.html"
CHR DefaultSearchKeyword: Default -> google.co.uk_
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-28]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-28]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (BeFunky Photo Editor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2020-06-28]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-01-14]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-28]
CHR Extension: (MySearchFinder) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcidhmbdkndbihbdadlnoadmpiomhlnd [2020-08-28]
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2020-12-23]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-28]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-12]
CHR Extension: (Pixlr Express) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2020-06-28]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2021-01-08]
CHR Extension: (Blue/Green Cubes) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iipbjjaibkibpabddphfcgbngfhhfkml [2020-06-28]
CHR Extension: (Hide My History) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmknlinjedpcccephokgboefomnajkal [2020-08-28]
CHR Extension: (Until AM Web App) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2020-06-28]
CHR Extension: (Webcam Toy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2020-06-28]
CHR Extension: (Sketchpad) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2020-06-28]
CHR Extension: (3D Solar System Web) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2020-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-28]
CHR Extension: (EmailSimpleAccess) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaabclcgeeifmbgknfalnbeamfcbmaoh [2020-07-25]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]
CHR Extension: (Writer) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2020-06-28]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-15]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AMSProtectedService; C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe [639304 2019-12-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) <==== ATTENTION
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [5435336 2020-06-03] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
R2 SecurityServiceMonitor; C:\Program Files (x86)\TotalAV\SecurityService.exe [5435336 2020-06-03] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-17] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 AMSElamDriver; C:\WINDOWS\System32\drivers\amselam.sys [21976 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [208176 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [197176 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 iaisp; C:\WINDOWS\System32\drivers\iaisp64.sys [37280 2016-12-07] (Intel Corporation -> Intel(R) Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-01-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-01-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-17] (Microsoft Windows -> Microsoft Corporation)
R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [96264 2020-05-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-19 14:07 - 2021-01-19 14:08 - 000018664 _____ C:\Users\user\Downloads\FRST.txt
2021-01-19 14:07 - 2021-01-19 14:07 - 000000000 ____D C:\FRST
2021-01-19 14:06 - 2021-01-19 14:06 - 002295808 _____ (Farbar) C:\Users\user\Downloads\Unconfirmed 183893.crdownload
2021-01-19 14:04 - 2021-01-19 14:05 - 002295808 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2021-01-19 12:27 - 2021-01-19 12:27 - 000000000 ____D C:\WINDOWS\Panther
2021-01-19 12:25 - 2021-01-19 12:25 - 001373649 _____ C:\Users\user\Downloads\Unconfirmed 833091.crdownload
2021-01-19 12:25 - 2021-01-19 12:25 - 000000000 _____ C:\Users\user\Downloads\Unconfirmed 573136.crdownload
2021-01-18 10:52 - 2021-01-18 10:52 - 000666953 _____ C:\Users\user\Downloads\Attempts Defences handout 2021 Year 12.pdf
2021-01-16 14:20 - 2021-01-16 14:20 - 000117496 _____ C:\Users\user\Downloads\StarlingCertifiedStatement_01-01-2021_16-01-2021.pdf
2021-01-14 10:54 - 2021-01-14 11:06 - 000000000 ____D C:\SUPERDelete
2021-01-13 01:41 - 2019-08-15 20:44 - 003169832 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_h265ve_64.dll
2021-01-13 01:41 - 2019-08-15 20:44 - 003162008 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_vp9ve_64.dll
2021-01-13 01:41 - 2019-08-15 20:44 - 003148848 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_h264ve_64.dll
2021-01-13 01:41 - 2019-08-15 20:44 - 002576368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_h265ve_32.dll
2021-01-13 01:41 - 2019-08-15 20:44 - 002571168 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_vp9ve_32.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 021068656 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 019980368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 002951928 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_encrypt_64.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 002563200 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_h264ve_32.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 002410672 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_encrypt_32.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 000204704 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 000176552 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 025092440 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 011930456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 002991960 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_mjpgvd_64.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 002433880 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_mjpgvd_32.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 001015424 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 001015424 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000878728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000878728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000291200 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-13 01:41 - 2019-08-15 20:42 - 000291200 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-13 01:41 - 2019-08-15 20:42 - 000265088 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-13 01:41 - 2019-08-15 20:42 - 000265088 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-13 01:41 - 2019-08-15 20:42 - 000161112 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000147288 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000125784 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000121176 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000121176 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000108376 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000108376 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2021-01-13 01:41 - 2019-08-15 19:27 - 000071124 _____ C:\WINDOWS\SysWOW64\vp9e_32.vp
2021-01-13 01:41 - 2019-08-15 19:27 - 000065209 _____ C:\WINDOWS\SysWOW64\mj_32.vp
2021-01-13 01:41 - 2019-08-15 19:27 - 000013856 _____ C:\WINDOWS\system32\vp9e_64.vp
2021-01-13 01:41 - 2019-08-15 19:27 - 000013185 _____ C:\WINDOWS\system32\mj_64.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000071477 _____ C:\WINDOWS\SysWOW64\h265e_32.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000069933 _____ C:\WINDOWS\SysWOW64\he_32.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000057143 _____ C:\WINDOWS\SysWOW64\dev_32.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000056359 _____ C:\WINDOWS\system32\dev_64.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000014005 _____ C:\WINDOWS\system32\h265e_64.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000013417 _____ C:\WINDOWS\system32\he_64.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000001125 _____ C:\WINDOWS\SysWOW64\cpa_32.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000001125 _____ C:\WINDOWS\system32\cpa_64.vp
2021-01-04 02:03 - 2021-01-04 02:03 - 000000000 ____D C:\Users\user\AppData\Roaming\com.zynga.f2desktop
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-19 14:07 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-19 14:01 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-19 13:47 - 2020-07-27 11:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-19 12:36 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-19 12:27 - 2020-07-27 11:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-19 12:27 - 2020-07-27 11:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-19 12:27 - 2020-06-28 00:06 - 000000000 ____D C:\Program Files (x86)\TotalAV
2021-01-19 12:27 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-19 12:26 - 2019-12-07 09:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-19 12:24 - 2020-03-10 14:24 - 000000000 ____D C:\Users\user\AppData\Local\Packages
2021-01-19 08:41 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-18 15:15 - 2020-03-10 17:52 - 000000000 ____C C:\WINDOWS\system32\MRT.exe
2021-01-17 15:04 - 2020-03-10 11:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-01-17 14:40 - 2020-07-27 11:35 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-16 14:54 - 2020-03-10 17:36 - 000000000 ____D C:\Users\user\AppData\Local\PlaceholderTileLogoFolder
2021-01-15 10:03 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-14 23:29 - 2020-06-28 01:13 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-14 23:29 - 2020-06-28 01:13 - 000002286 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-14 23:29 - 2020-06-28 01:13 - 000002286 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-14 12:46 - 2020-06-28 21:14 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-14 12:46 - 2020-06-28 21:14 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-14 12:46 - 2020-06-28 21:14 - 000002270 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-13 12:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-13 01:27 - 2020-03-10 17:41 - 000000000 __SHD C:\Users\user\IntelGraphicsProfiles
2021-01-07 02:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-04 23:45 - 2020-03-10 14:24 - 000000000 ____D C:\Users\user\AppData\Local\ConnectedDevicesPlatform
2021-01-02 19:27 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\servicing
2020-12-25 16:42 - 2020-07-26 12:47 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2020-12-22 13:46 - 2020-06-30 21:47 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\WINDOWS\system32\MRT.exe [2021-01-18] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2021
Ran by user (19-01-2021 14:10:43)
Running from C:\Users\user\Downloads
Windows 10 Home Version 20H2 19042.630 (X64) (2020-07-27 11:48:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3071043404-2767738021-2425313209-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3071043404-2767738021-2425313209-503 - Limited - Disabled)
Guest (S-1-5-21-3071043404-2767738021-2425313209-501 - Limited - Disabled)
user (S-1-5-21-3071043404-2767738021-2425313209-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-3071043404-2767738021-2425313209-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Total AV (Enabled - Up to date) {B185458D-38B3-A010-10F7-3D378DAA6032}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Documentation Manager (HKLM\...\{1C8E0D25-2AD1-4A5B-885E-03256A0ED8B6}) (Version: 21.70.0.6 - Intel Corporation) Hidden
Excel (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel® Software Installer (HKLM-x32\...\{9be285a1-83bf-4416-853d-015017626f25}) (Version: 21.70.0.6 - Intel Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Outlook (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1204 - SUPERAntiSpyware.com)
TotalAV (HKLM-x32\...\TotalAV) (Version: 5.7.26 - TotalAV) <==== ATTENTION
Word (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2021-01-07] (Dolby Laboratories)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-03-10] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-10] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3071043404-2767738021-2425313209-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3071043404-2767738021-2425313209-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/
==================== Loaded Modules (Whitelisted) =============
2020-06-28 00:06 - 2020-05-29 08:15 - 002650112 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\libcrypto-1_1.dll
2020-06-28 00:06 - 2020-05-29 08:15 - 000641024 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\libssl-1_1.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 04:49 - 2019-03-19 04:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{7BDB352B-05EA-4DC7-B442-C10E140452F5}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{ED0ACDD0-BEB0-4FA0-9C54-F349ED32FCBD}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13DC5404-C25D-414C-AAB1-CA1A1889948A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A742728D-6B76-434C-8A25-6021D28D2951}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{98B6E500-1D99-4971-9867-552AAC61EC8C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4508CA74-A163-43C7-9625-4FFD65FC466B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0BBFDFD9-6A11-4F88-B310-83B8C97C1BFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:27.81 GB) (Free:1.43 GB) (5%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/19/2021 10:07:17 AM) (Source: ESENT) (EventID: 482) (User: )
Description: DllHost (7716,D,20) Microsoft.Windows.Search_cw5n1h2txyewy_NOEDP_LEGACY_IDB: An attempt to write to the file "C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 2883584 (0x00000000002c0000) for 131072 (0x00020000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Error: (01/19/2021 08:40:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2120-12-26T08:40:13Z. Error Code: 0x80070070.
Error: (01/19/2021 12:20:00 AM) (Source: ESENT) (EventID: 428) (User: )
Description: svchost (3468,D,0) SRUJet: The database engine is rejecting update operations due to low free disk space on the log disk.
Error: (01/19/2021 12:19:02 AM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (3468,D,11) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Error: (01/19/2021 12:19:02 AM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (3468,D,11) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.004 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Error: (01/19/2021 12:19:02 AM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (3468,D,11) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Error: (01/19/2021 12:19:02 AM) (Source: ESENT) (EventID: 428) (User: )
Description: svchost (3468,D,0) SRUJet: The database engine is rejecting update operations due to low free disk space on the log disk.
Error: (01/18/2021 09:27:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Teams.exe, version: 1.3.0.30866, time stamp: 0x5e9f0152
Faulting module name: Teams.exe, version: 1.3.0.30866, time stamp: 0x5e9f0152
Exception code: 0xc0000005
Fault offset: 0x000000000103f64e
Faulting process ID: 0x1d64
Faulting application start time: 0x01d6ed3730703107
Faulting application path: C:\Users\user\AppData\Local\Microsoft\Teams\current\Teams.exe
Faulting module path: C:\Users\user\AppData\Local\Microsoft\Teams\current\Teams.exe
Report ID: 75b73c0e-ea5c-43d2-a7c7-02e06056d9a9
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (01/19/2021 08:41:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2021-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB4598242).
Error: (01/18/2021 08:47:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2021-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB4598242).
Error: (01/18/2021 05:37:35 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-AAD/Operational.
Error: (01/18/2021 03:15:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Windows Malicious Software Removal Tool x64 - v5.85 (KB890830).
Error: (01/18/2021 03:14:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2021-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB4598242).
Error: (01/18/2021 08:27:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2021-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB4598242).
Error: (01/18/2021 01:45:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2021-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB4598242).
Error: (01/18/2021 01:13:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PC Security Management Service service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
===================================
Date: 2020-10-20 08:57:22.4160000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B55A9484-CC87-41FC-A056-193B1760C447}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-08-15 11:49:49.2200000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C564DB24-4A11-498B-B866-3BE4EDC71344}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-17 15:11:47.8730000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.974.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2020-10-31 16:56:51.0080000Z
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80070057
Error description: The parameter is incorrect.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2020-10-04 08:34:03.9360000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.2016.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2020-10-04 08:34:03.9330000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.2016.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2020-10-04 08:34:03.9320000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.2016.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee2
Error description: The operation timed out
CodeIntegrity:
===================================
Date: 2021-01-18 09:57:19.6890000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-01-18 09:57:19.5480000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-01-18 08:48:42.5500000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-01-18 08:48:42.2060000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-01-18 00:57:31.6620000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSAgent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-18 00:57:31.2020000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSAgent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-17 22:05:12.8330000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-01-17 22:05:12.7730000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: American Megatrends Inc. LC-13-IA318-007-E 03/27/2019
Motherboard: CODA IA318-272B
Processor: Intel(R) Celeron(R) CPU N3350 @ 1.10GHz
Percentage of memory in use: 82%
Total physical RAM: 3928.82 MB
Available physical RAM: 694.79 MB
Total Virtual: 5162.66 MB
Available Virtual: 784.27 MB
==================== Drives ================================
Drive c: (Local Disk) (Fixed) (Total:27.81 GB) (Free:1.43 GB) NTFS
\\?\Volume{ef2bbf13-1950-49c3-94bc-7a2b14cc6fed}\ (Recovery) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{33527251-4291-4108-8985-37e6412b05de}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 28.9 GB) (Disk ID: EAAD450C)
Partition: GPT.
==================== End of Addition.txt =======================
My Coda notebook is acting up, always showing that there is low disk space, even sometimes when I just want to open a webpage. I looked into it and most of my space is taken by necessary files, so I just think this notebook has very little disk space. I even had trouble downloading the program to do the pre-work. Also, very frequently I get a message that says 'free up space to continue, some features might not work until you clear data that other sites have stored on your device'. So, I want to know if there something wrong or there are too many files or if it 's just that this notebook has low disk space to begin with. Here its the first step of the pre-work, thank you.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-01-2021
Ran by user (administrator) on DESKTOP-S6NI0CQ (CODA SPIRIT) (19-01-2021 14:07:26)
Running from C:\Users\user\Downloads
Loaded Profiles: user
Platform: Windows 10 Home Version 20H2 19042.630 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSProtectedService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_29d727269a34edf5\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_75184acc275b8a99\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_75184acc275b8a99\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2012.16655.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2009.30067.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20368.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe <2>
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\user\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-15] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-14] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {13F42425-08D5-4574-8A8C-9C1CB2544105} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {28DCF423-5B12-44C7-9342-BEF1EA0F4B10} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {36BB6E77-0462-449A-85EF-51C392349863} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {55D52EF7-13DA-42DE-AB8C-8875F205E726} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {660C255C-F82F-473E-9CA1-E43B877F02DC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {67AE4A53-A008-4391-8B29-061F9428A1C9} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3071043404-2767738021-2425313209-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-10-19] (Microsoft Windows -> )
Task: {6FD0ABE7-328C-49DD-8C18-02CA62840F79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-28] (Google LLC -> Google LLC)
Task: {771E9E35-EED7-475F-8DE5-FBD9E0266CF8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [434176 2020-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {8B2AD90A-020E-409A-B5E0-5E0E67792A33} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {8E4EFC6F-CB3B-4811-9051-2F9666E867D2} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [434176 2020-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {9635817A-7F43-492C-A36F-2422F87EEEA4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {ABDABD9A-F610-4960-8D76-BC244E9932B4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {AC4342C2-C6DC-4460-A453-0EC75B2FB4CA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {BAD1C139-4456-49FB-920A-8F9E53450F91} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
Task: {EACC1974-A1B1-48E7-9B52-FAE660CD61E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-28] (Google LLC -> Google LLC)
Task: {F110F8B8-16F2-4A31-981B-62C4B1E087E2} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\454D944C-B085-46D8-AFDC-DA4AA1404FF5\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [459776 2020-08-15] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8b5ef72c-a119-457b-9b74-bd98eacdb1ae}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Notifications: HKU\S-1-5-21-3071043404-2767738021-2425313209-1001 -> hxxps://www.facebook.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-19]
Edge Notifications: Default -> hxxps://mail.yahoo.com; hxxps://pchelpforum.net; hxxps://www.facebook.com; hxxps://www.oddsmonkey.com
Edge HomePage: Default -> hxxps://www.youtube.com/watch?v=voXmVoCY6Ow
Edge Extension: (Outlook) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-20]
Edge Extension: (Whisk) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gfoijmnbedaipllfimaogeepohalbgka [2020-12-21]
Edge Extension: (Word) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-20]
Edge Extension: (Amazon Assistant) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2020-12-27]
Edge Extension: (Total AV Safe Site) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ldphndknlndfnhcakekghibnbgjlknli [2020-07-08]
Edge Extension: (Excel) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-20]
Edge Extension: (Copy me that!) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lgjinjcobiflbbnhenlfkcjpeeacklfl [2020-11-14]
Edge Extension: (PowerPoint) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-20]
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-01-19]
CHR Notifications: Default -> hxxps://20cogs.co.uk; hxxps://advisor.sky.com; hxxps://casino.netbet.co.uk; hxxps://community.oddsmonkey.com; hxxps://mail.google.com; hxxps://mail.yahoo.com; hxxps://pchelpforum.net; hxxps://sport.netbet.co.uk; hxxps://sportnation.webpu.sh; hxxps://teams.microsoft.com; hxxps://uk.mail.yahoo.com; hxxps://www.888sport.com; hxxps://www.bet365.com; hxxps://www.cashbackearners.co.uk; hxxps://www.emaileasyaccess.com; hxxps://www.facebook.com; hxxps://www.fashionnova.com; hxxps://www.jdsports.co.uk; hxxps://www.lottogo.com; hxxps://www.oddsmonkey.com; hxxps://www.sportpesa.uk
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/",""
CHR NewTab: Default -> Not-active:"chrome-extension://oaabclcgeeifmbgknfalnbeamfcbmaoh/newtabhtml/newtabpage.html"
CHR DefaultSearchKeyword: Default -> google.co.uk_
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-28]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-28]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (BeFunky Photo Editor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2020-06-28]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-01-14]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-28]
CHR Extension: (MySearchFinder) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcidhmbdkndbihbdadlnoadmpiomhlnd [2020-08-28]
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2020-12-23]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-28]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-12]
CHR Extension: (Pixlr Express) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2020-06-28]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2021-01-08]
CHR Extension: (Blue/Green Cubes) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iipbjjaibkibpabddphfcgbngfhhfkml [2020-06-28]
CHR Extension: (Hide My History) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmknlinjedpcccephokgboefomnajkal [2020-08-28]
CHR Extension: (Until AM Web App) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2020-06-28]
CHR Extension: (Webcam Toy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2020-06-28]
CHR Extension: (Sketchpad) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2020-06-28]
CHR Extension: (3D Solar System Web) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd [2020-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-28]
CHR Extension: (EmailSimpleAccess) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaabclcgeeifmbgknfalnbeamfcbmaoh [2020-07-25]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]
CHR Extension: (Writer) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2020-06-28]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-15]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AMSProtectedService; C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe [639304 2019-12-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) <==== ATTENTION
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [5435336 2020-06-03] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
R2 SecurityServiceMonitor; C:\Program Files (x86)\TotalAV\SecurityService.exe [5435336 2020-06-03] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-17] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 AMSElamDriver; C:\WINDOWS\System32\drivers\amselam.sys [21976 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [208176 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [197176 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 iaisp; C:\WINDOWS\System32\drivers\iaisp64.sys [37280 2016-12-07] (Intel Corporation -> Intel(R) Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-01-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-01-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-17] (Microsoft Windows -> Microsoft Corporation)
R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [96264 2020-05-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-19 14:07 - 2021-01-19 14:08 - 000018664 _____ C:\Users\user\Downloads\FRST.txt
2021-01-19 14:07 - 2021-01-19 14:07 - 000000000 ____D C:\FRST
2021-01-19 14:06 - 2021-01-19 14:06 - 002295808 _____ (Farbar) C:\Users\user\Downloads\Unconfirmed 183893.crdownload
2021-01-19 14:04 - 2021-01-19 14:05 - 002295808 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2021-01-19 12:27 - 2021-01-19 12:27 - 000000000 ____D C:\WINDOWS\Panther
2021-01-19 12:25 - 2021-01-19 12:25 - 001373649 _____ C:\Users\user\Downloads\Unconfirmed 833091.crdownload
2021-01-19 12:25 - 2021-01-19 12:25 - 000000000 _____ C:\Users\user\Downloads\Unconfirmed 573136.crdownload
2021-01-18 10:52 - 2021-01-18 10:52 - 000666953 _____ C:\Users\user\Downloads\Attempts Defences handout 2021 Year 12.pdf
2021-01-16 14:20 - 2021-01-16 14:20 - 000117496 _____ C:\Users\user\Downloads\StarlingCertifiedStatement_01-01-2021_16-01-2021.pdf
2021-01-14 10:54 - 2021-01-14 11:06 - 000000000 ____D C:\SUPERDelete
2021-01-13 01:41 - 2019-08-15 20:44 - 003169832 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_h265ve_64.dll
2021-01-13 01:41 - 2019-08-15 20:44 - 003162008 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_vp9ve_64.dll
2021-01-13 01:41 - 2019-08-15 20:44 - 003148848 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_h264ve_64.dll
2021-01-13 01:41 - 2019-08-15 20:44 - 002576368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_h265ve_32.dll
2021-01-13 01:41 - 2019-08-15 20:44 - 002571168 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_vp9ve_32.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 021068656 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 019980368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 002951928 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_encrypt_64.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 002563200 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_h264ve_32.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 002410672 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_encrypt_32.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 000204704 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2021-01-13 01:41 - 2019-08-15 20:43 - 000176552 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 025092440 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 011930456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 002991960 _____ (Intel Corporation) C:\WINDOWS\system32\mfx_mft_mjpgvd_64.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 002433880 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfx_mft_mjpgvd_32.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 001015424 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 001015424 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000878728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000878728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000291200 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-13 01:41 - 2019-08-15 20:42 - 000291200 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-13 01:41 - 2019-08-15 20:42 - 000265088 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-13 01:41 - 2019-08-15 20:42 - 000265088 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-13 01:41 - 2019-08-15 20:42 - 000161112 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000147288 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000125784 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000121176 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000121176 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000108376 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-13 01:41 - 2019-08-15 20:42 - 000108376 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2021-01-13 01:41 - 2019-08-15 19:27 - 000071124 _____ C:\WINDOWS\SysWOW64\vp9e_32.vp
2021-01-13 01:41 - 2019-08-15 19:27 - 000065209 _____ C:\WINDOWS\SysWOW64\mj_32.vp
2021-01-13 01:41 - 2019-08-15 19:27 - 000013856 _____ C:\WINDOWS\system32\vp9e_64.vp
2021-01-13 01:41 - 2019-08-15 19:27 - 000013185 _____ C:\WINDOWS\system32\mj_64.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000071477 _____ C:\WINDOWS\SysWOW64\h265e_32.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000069933 _____ C:\WINDOWS\SysWOW64\he_32.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000057143 _____ C:\WINDOWS\SysWOW64\dev_32.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000056359 _____ C:\WINDOWS\system32\dev_64.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000014005 _____ C:\WINDOWS\system32\h265e_64.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000013417 _____ C:\WINDOWS\system32\he_64.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000001125 _____ C:\WINDOWS\SysWOW64\cpa_32.vp
2021-01-13 01:40 - 2019-08-15 19:26 - 000001125 _____ C:\WINDOWS\system32\cpa_64.vp
2021-01-04 02:03 - 2021-01-04 02:03 - 000000000 ____D C:\Users\user\AppData\Roaming\com.zynga.f2desktop
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-19 14:07 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-19 14:01 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-19 13:47 - 2020-07-27 11:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-19 12:36 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-19 12:27 - 2020-07-27 11:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-19 12:27 - 2020-07-27 11:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-19 12:27 - 2020-06-28 00:06 - 000000000 ____D C:\Program Files (x86)\TotalAV
2021-01-19 12:27 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-19 12:26 - 2019-12-07 09:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-19 12:24 - 2020-03-10 14:24 - 000000000 ____D C:\Users\user\AppData\Local\Packages
2021-01-19 08:41 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-18 15:15 - 2020-03-10 17:52 - 000000000 ____C C:\WINDOWS\system32\MRT.exe
2021-01-17 15:04 - 2020-03-10 11:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-01-17 14:40 - 2020-07-27 11:35 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-16 14:54 - 2020-03-10 17:36 - 000000000 ____D C:\Users\user\AppData\Local\PlaceholderTileLogoFolder
2021-01-15 10:03 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-14 23:29 - 2020-06-28 01:13 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-14 23:29 - 2020-06-28 01:13 - 000002286 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-14 23:29 - 2020-06-28 01:13 - 000002286 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-14 12:46 - 2020-06-28 21:14 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-14 12:46 - 2020-06-28 21:14 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-14 12:46 - 2020-06-28 21:14 - 000002270 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-13 12:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-13 01:27 - 2020-03-10 17:41 - 000000000 __SHD C:\Users\user\IntelGraphicsProfiles
2021-01-07 02:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-04 23:45 - 2020-03-10 14:24 - 000000000 ____D C:\Users\user\AppData\Local\ConnectedDevicesPlatform
2021-01-02 19:27 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\servicing
2020-12-25 16:42 - 2020-07-26 12:47 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2020-12-22 13:46 - 2020-06-30 21:47 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\WINDOWS\system32\MRT.exe [2021-01-18] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2021
Ran by user (19-01-2021 14:10:43)
Running from C:\Users\user\Downloads
Windows 10 Home Version 20H2 19042.630 (X64) (2020-07-27 11:48:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3071043404-2767738021-2425313209-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3071043404-2767738021-2425313209-503 - Limited - Disabled)
Guest (S-1-5-21-3071043404-2767738021-2425313209-501 - Limited - Disabled)
user (S-1-5-21-3071043404-2767738021-2425313209-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-3071043404-2767738021-2425313209-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Total AV (Enabled - Up to date) {B185458D-38B3-A010-10F7-3D378DAA6032}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Documentation Manager (HKLM\...\{1C8E0D25-2AD1-4A5B-885E-03256A0ED8B6}) (Version: 21.70.0.6 - Intel Corporation) Hidden
Excel (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel® Software Installer (HKLM-x32\...\{9be285a1-83bf-4416-853d-015017626f25}) (Version: 21.70.0.6 - Intel Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Outlook (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1204 - SUPERAntiSpyware.com)
TotalAV (HKLM-x32\...\TotalAV) (Version: 5.7.26 - TotalAV) <==== ATTENTION
Word (HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2021-01-07] (Dolby Laboratories)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-03-10] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-10] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3071043404-2767738021-2425313209-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3071043404-2767738021-2425313209-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/
==================== Loaded Modules (Whitelisted) =============
2020-06-28 00:06 - 2020-05-29 08:15 - 002650112 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\libcrypto-1_1.dll
2020-06-28 00:06 - 2020-05-29 08:15 - 000641024 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\libssl-1_1.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 04:49 - 2019-03-19 04:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3071043404-2767738021-2425313209-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{7BDB352B-05EA-4DC7-B442-C10E140452F5}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{ED0ACDD0-BEB0-4FA0-9C54-F349ED32FCBD}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13DC5404-C25D-414C-AAB1-CA1A1889948A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A742728D-6B76-434C-8A25-6021D28D2951}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{98B6E500-1D99-4971-9867-552AAC61EC8C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4508CA74-A163-43C7-9625-4FFD65FC466B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0BBFDFD9-6A11-4F88-B310-83B8C97C1BFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:27.81 GB) (Free:1.43 GB) (5%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/19/2021 10:07:17 AM) (Source: ESENT) (EventID: 482) (User: )
Description: DllHost (7716,D,20) Microsoft.Windows.Search_cw5n1h2txyewy_NOEDP_LEGACY_IDB: An attempt to write to the file "C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 2883584 (0x00000000002c0000) for 131072 (0x00020000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Error: (01/19/2021 08:40:14 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2120-12-26T08:40:13Z. Error Code: 0x80070070.
Error: (01/19/2021 12:20:00 AM) (Source: ESENT) (EventID: 428) (User: )
Description: svchost (3468,D,0) SRUJet: The database engine is rejecting update operations due to low free disk space on the log disk.
Error: (01/19/2021 12:19:02 AM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (3468,D,11) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Error: (01/19/2021 12:19:02 AM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (3468,D,11) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.004 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Error: (01/19/2021 12:19:02 AM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (3468,D,11) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Error: (01/19/2021 12:19:02 AM) (Source: ESENT) (EventID: 428) (User: )
Description: svchost (3468,D,0) SRUJet: The database engine is rejecting update operations due to low free disk space on the log disk.
Error: (01/18/2021 09:27:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Teams.exe, version: 1.3.0.30866, time stamp: 0x5e9f0152
Faulting module name: Teams.exe, version: 1.3.0.30866, time stamp: 0x5e9f0152
Exception code: 0xc0000005
Fault offset: 0x000000000103f64e
Faulting process ID: 0x1d64
Faulting application start time: 0x01d6ed3730703107
Faulting application path: C:\Users\user\AppData\Local\Microsoft\Teams\current\Teams.exe
Faulting module path: C:\Users\user\AppData\Local\Microsoft\Teams\current\Teams.exe
Report ID: 75b73c0e-ea5c-43d2-a7c7-02e06056d9a9
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (01/19/2021 08:41:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2021-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB4598242).
Error: (01/18/2021 08:47:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2021-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB4598242).
Error: (01/18/2021 05:37:35 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-AAD/Operational.
Error: (01/18/2021 03:15:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Windows Malicious Software Removal Tool x64 - v5.85 (KB890830).
Error: (01/18/2021 03:14:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2021-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB4598242).
Error: (01/18/2021 08:27:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2021-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB4598242).
Error: (01/18/2021 01:45:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2021-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB4598242).
Error: (01/18/2021 01:13:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PC Security Management Service service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
===================================
Date: 2020-10-20 08:57:22.4160000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {B55A9484-CC87-41FC-A056-193B1760C447}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-08-15 11:49:49.2200000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {C564DB24-4A11-498B-B866-3BE4EDC71344}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-17 15:11:47.8730000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.974.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2020-10-31 16:56:51.0080000Z
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80070057
Error description: The parameter is incorrect.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2020-10-04 08:34:03.9360000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.2016.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2020-10-04 08:34:03.9330000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.2016.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2020-10-04 08:34:03.9320000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.2016.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee2
Error description: The operation timed out
CodeIntegrity:
===================================
Date: 2021-01-18 09:57:19.6890000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-01-18 09:57:19.5480000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-01-18 08:48:42.5500000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-01-18 08:48:42.2060000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-01-18 00:57:31.6620000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSAgent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-18 00:57:31.2020000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSAgent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-17 22:05:12.8330000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-01-17 22:05:12.7730000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: American Megatrends Inc. LC-13-IA318-007-E 03/27/2019
Motherboard: CODA IA318-272B
Processor: Intel(R) Celeron(R) CPU N3350 @ 1.10GHz
Percentage of memory in use: 82%
Total physical RAM: 3928.82 MB
Available physical RAM: 694.79 MB
Total Virtual: 5162.66 MB
Available Virtual: 784.27 MB
==================== Drives ================================
Drive c: (Local Disk) (Fixed) (Total:27.81 GB) (Free:1.43 GB) NTFS
\\?\Volume{ef2bbf13-1950-49c3-94bc-7a2b14cc6fed}\ (Recovery) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{33527251-4291-4108-8985-37e6412b05de}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 28.9 GB) (Disk ID: EAAD450C)
Partition: GPT.
==================== End of Addition.txt =======================