Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2023 Ran by Y (10-08-2023 20:50:02) Running from C:\Users\Y\Downloads Microsoft Windows 10 IoT Enterprise LTSC Version 21H2 19044.3324 (X64) (2023-04-30 10:25:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3892982326-4222054075-3637702396-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3892982326-4222054075-3637702396-503 - Limited - Disabled) Guest (S-1-5-21-3892982326-4222054075-3637702396-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3892982326-4222054075-3637702396-504 - Limited - Disabled) Y (S-1-5-21-3892982326-4222054075-3637702396-1001 - Administrator - Enabled) => C:\Users\Y ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated) Adobe Illustrator 2023 (HKLM-x32\...\ILST_27_2) (Version: 27.2 - Adobe Inc.) Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_5) (Version: 23.5.0.669 - Adobe Inc.) Aplikacje Microsoft 365 dla przedsiębiorstw - pl-pl (HKLM\...\O365ProPlusRetail - pl-pl) (Version: 16.0.16626.20134 - Microsoft Corporation) Aplikacje Microsoft 365 dla przedsiębiorstw - pl-pl.proof (HKLM\...\O365ProPlusRetail - pl-pl.proof) (Version: 16.0.16626.20134 - Microsoft Corporation) Bitwarden (HKU\S-1-5-21-3892982326-4222054075-3637702396-1001\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2023.7.1 - Bitwarden Inc.) Cyberduck (HKLM\...\{5CC20ECB-265A-4D61-8A6D-12DBE179B2FC}) (Version: 8.6.0.39818 - iterate GmbH) Hidden Cyberduck (HKLM-x32\...\{09db73b4-2eca-4a71-963b-56a179f5dc3a}) (Version: 8.6.0.39818 - iterate GmbH) Discord (HKU\S-1-5-21-3892982326-4222054075-3637702396-1001\...\Discord) (Version: 1.0.9012 - Discord Inc.) Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2.1 - ) f.lux (HKU\S-1-5-21-3892982326-4222054075-3637702396-1001\...\Flux) (Version: 4.124 - f.lux Software LLC) Foundry Virtual Tabletop (HKLM\...\72df71b0-38d8-50bb-b11e-88d67d69f577) (Version: 10.303.0 - Foundry Gaming LLC) Microsoft .NET Host - 6.0.16 (x64) (HKLM\...\{1D0AC7F1-2B34-44AF-91F6-88757D768DA7}) (Version: 48.67.58427 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.16 (x64) (HKLM\...\{B8537ACA-B210-4DF5-B928-E41CEB76723D}) (Version: 48.67.58427 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.16 (x64) (HKLM\...\{C71E93D2-B8B4-4858-B2A1-4C967DBC1C5F}) (Version: 48.67.58427 - Microsoft Corporation) Hidden Microsoft 365 Apps for Enterprise - de-de.proof (HKLM\...\O365ProPlusRetail - de-de.proof) (Version: 16.0.16626.20134 - Microsoft Corporation) Microsoft 365 Apps for enterprise - en-gb (HKLM\...\O365ProPlusRetail - en-gb) (Version: 16.0.16626.20134 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.200 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.200 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3892982326-4222054075-3637702396-1001\...\Teams) (Version: 1.6.00.16372 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.16 (x64) (HKLM\...\{805626FF-2BC9-4567-A71E-A76A470D000A}) (Version: 48.67.58484 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.16 (x64) (HKLM-x32\...\{8d173101-98c1-4e92-97c6-47c6840745a7}) (Version: 6.0.16.32327 - Microsoft Corporation) Mozilla Firefox (x64 pl) (HKLM\...\Mozilla Firefox 116.0.1 (x64 pl)) (Version: 116.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 116.0 - Mozilla) Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 115.1.0 (x64 en-US)) (Version: 115.1.0 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden paint.net (HKLM\...\{7F556477-50F2-4BCC-AFA7-2A3C09B57149}) (Version: 5.0.7 - dotPDN LLC) qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.2 - The qBittorrent project) SDL Trados Studio 2021 (HKLM-x32\...\{DEC64514-356B-418B-B6CD-3496BB8EFD55}) (Version: 16.0.3343 - SDL) Hidden SDL Trados Studio 2021 (HKLM-x32\...\Studio16) (Version: 16.0.2.3343 - SDL) Signal 6.28.0 (HKU\S-1-5-21-3892982326-4222054075-3637702396-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.28.0 - Signal Messenger, LLC) United States - Custom (HKLM\...\{63EDEE9B-B865-4774-9C67-5537888C270A}) (Version: 1.0.3.40 - Kamil) UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc) ZeroTier One Virtual Network Port (HKLM\...\{272B1192-65BE-4BDE-894B-6D3AD8BF7FD2}) (Version: 1.0.1 - ZeroTier) Hidden Packages: ========= Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-03] (INTEL CORP) [Startup Task] Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1920.8.125.0_x64__8xx8rvfyw5nnt [2023-08-06] (Meta) [Startup Task] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2023-07-12] (Netflix, Inc.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2023-05-05] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0 [2023-08-06] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3892982326-4222054075-3637702396-1001_Classes\CLSID\{0821271d-75b4-1841-49bf-14ce67e5341d}\localserver32 -> "C:\Users\Y\Desktop\HandBrake\HandBrake.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3892982326-4222054075-3637702396-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Y\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23125.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3892982326-4222054075-3637702396-1001_Classes\CLSID\{9914FC2A-D49E-4e44-A607-5D697693120B}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx => No File CustomCLSID: HKU\S-1-5-21-3892982326-4222054075-3637702396-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Y\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3892982326-4222054075-3637702396-1001_Classes\CLSID\{e27cfb97-3abb-4a62-8a4c-f89240b71831}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => No File ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-11-30] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-11-30] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-11-30] (Adobe Inc. -> ) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-11-30] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-09-12] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File ContextMenuHandlers1-x32: [TranslationStudioShlExt2011] -> {F6C08E19-DCE1-45B5-A225-E94FADB585DD} => C:\Program Files (x86)\SDL\SDL Trados Studio\Studio16\TranslationStudioExt.dll [2020-10-07] (SDL) [File not signed] ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-11-30] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-09-12] (Adobe Inc. -> Adobe Systems Inc.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-06-10 13:21 - 2019-06-10 13:21 - 000668160 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll 2017-07-08 12:52 - 2017-07-08 12:52 - 002983917 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll 2015-11-22 22:05 - 2015-11-22 22:05 - 001530880 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll 2013-04-10 15:59 - 2013-04-10 15:59 - 000219136 _____ (Google Inc) [File not signed] C:\Program Files\WebP Codec\WebpWICCodec.dll 2023-04-30 16:29 - 2023-04-30 16:29 - 000007168 _____ (Kamil) [File not signed] C:\Windows\system32\DEPL.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc:09E7CB2F48 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk:1FA7E99ECA [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator.lnk:D06911DC6B [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop.lnk:296DA4FF52 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk:10A24662C8 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk:BC429E7DFC [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk:0AE1577119 [3442] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3892982326-4222054075-3637702396-1001\...\sharepoint.com -> hxxps://uam-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 11:14 - 2023-05-21 23:57 - 000003372 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 cc-api-data.adobe.io 127.0.0.1 ic.adobe.io 0.0.0.0 ic.adobe.io 0.0.0.0 52.6.155.20 0.0.0.0 52.10.49.85 0.0.0.0 23.22.30.141 0.0.0.0 34.215.42.13 0.0.0.0 52.84.156.37 0.0.0.0 65.8.207.109 0.0.0.0 3.220.11.113 0.0.0.0 3.221.72.231 0.0.0.0 3.216.32.253 0.0.0.0 3.208.248.199 0.0.0.0 3.219.243.226 0.0.0.0 13.227.103.57 0.0.0.0 34.192.151.90 0.0.0.0 34.237.241.83 0.0.0.0 44.240.189.42 0.0.0.0 52.20.222.155 0.0.0.0 52.208.86.132 0.0.0.0 54.208.86.132 0.0.0.0 63.140.38.120 0.0.0.0 63.140.38.160 0.0.0.0 63.140.38.169 0.0.0.0 63.140.38.219 0.0.0.0 wip.adobe.com 0.0.0.0 adobeereg.com 0.0.0.0 18.228.243.121 0.0.0.0 18.230.164.221 0.0.0.0 54.156.135.114 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3892982326-4222054075-3637702396-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Y\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 31.11.173.2 - 89.228.4.126 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{99C64200-0F98-4281-80A7-87514D2BDF67}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B41ED7EE-0B45-40BC-BA3F-74C79A806D64}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [{151C9E33-BE58-43F6-AD43-ACA2D534915C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed] FirewallRules: [TCP Query User{2939C086-98F4-4E49-9B2E-FF2B813D5FA2}C:\users\y\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\y\appdata\roaming\spotify\spotify.exe => No File FirewallRules: [UDP Query User{4AE636A2-9999-43A5-AA8C-25234A10A309}C:\users\y\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\y\appdata\roaming\spotify\spotify.exe => No File FirewallRules: [TCP Query User{42718D0B-F984-448E-84AE-17FCA06108C5}C:\users\y\appdata\local\programs\signal-desktop\signal.exe] => (Allow) C:\users\y\appdata\local\programs\signal-desktop\signal.exe (Signal Messenger, LLC -> Signal Messenger, LLC) FirewallRules: [UDP Query User{38397C57-CA4F-49DF-9A82-23ABCAA32A49}C:\users\y\appdata\local\programs\signal-desktop\signal.exe] => (Allow) C:\users\y\appdata\local\programs\signal-desktop\signal.exe (Signal Messenger, LLC -> Signal Messenger, LLC) FirewallRules: [{BF87F6E3-E3E0-4B74-BBDD-330730FC463E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File FirewallRules: [{4EA5F2A2-9179-4127-9A79-7771377D84AC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File FirewallRules: [{B68C52AE-B1A1-491E-A54B-F6802F1B8924}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{A7559B8D-673B-437B-A8B8-57950A6989EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [TCP Query User{3BBA47CD-5B9D-458F-907B-75EBE9F0FA67}C:\xiaomi\xiaomitool2\bin\javaw.exe] => (Block) C:\xiaomi\xiaomitool2\bin\javaw.exe => No File FirewallRules: [UDP Query User{F66BB8DB-AAA0-4154-BF76-AD44E29F6A83}C:\xiaomi\xiaomitool2\bin\javaw.exe] => (Block) C:\xiaomi\xiaomitool2\bin\javaw.exe => No File FirewallRules: [TCP Query User{C1868179-9208-4C38-8A3B-852E92A99591}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File FirewallRules: [UDP Query User{1BEF92FC-C267-4BCF-A3D5-995C6F472C6F}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File FirewallRules: [TCP Query User{DBA88330-9AE5-4E5E-ABD5-E258664A8986}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File FirewallRules: [UDP Query User{11AD2C8E-A0CC-497D-A002-B6BA7958AD61}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File FirewallRules: [TCP Query User{3BC57F26-B946-4B08-8858-0A7CF847AE17}C:\program files\foundry virtual tabletop\foundry virtual tabletop.exe] => (Allow) C:\program files\foundry virtual tabletop\foundry virtual tabletop.exe (Foundry Gaming LLC -> Foundry Gaming LLC) FirewallRules: [UDP Query User{E0DF2BB4-0348-4675-822A-7F1E5BFC16D4}C:\program files\foundry virtual tabletop\foundry virtual tabletop.exe] => (Allow) C:\program files\foundry virtual tabletop\foundry virtual tabletop.exe (Foundry Gaming LLC -> Foundry Gaming LLC) FirewallRules: [{DE47D47E-0126-45FE-A52E-E2FD8CEDF340}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe => No File FirewallRules: [TCP Query User{6D5B4215-F444-467F-8A1C-1F6797034520}C:\users\y\appdata\local\discord\app-1.0.9015\discord.exe] => (Allow) C:\users\y\appdata\local\discord\app-1.0.9015\discord.exe => No File FirewallRules: [UDP Query User{182F7295-AF4B-41B4-907E-D4F41A4C54B4}C:\users\y\appdata\local\discord\app-1.0.9015\discord.exe] => (Allow) C:\users\y\appdata\local\discord\app-1.0.9015\discord.exe => No File FirewallRules: [{4D2F29E5-F866-48F5-9987-179FDD3940BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{08D4A853-D2B8-4D63-91A8-DFD9EB344D9D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{F4887CA5-3050-4CA0-8ADC-074A5224B53E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{7C9D6292-A255-4E54-AE7A-96B294F615CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{A8B31016-9D7C-4916-B0F0-0F5C9DEB1AFB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{8EAAE68D-ABE3-4E4E-99BB-FE508F9483FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{4BB668A5-71B8-480A-A8B4-AE56C6BC7BD1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{4685DCFC-7905-4B4B-8F9A-50B939ED6023}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{1A3660C8-E40C-4A59-81CC-39ECA89E04D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{5CD519AB-29C4-4435-B4DA-5E334EB0CD01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{EDBB1341-33C4-4354-B2F6-A183925145BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{47896000-0CFB-4E9E-B875-0D1AA4DD56F5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{F2B9A5E3-4451-4990-99CF-0F3C6621C4FF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.200\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:237.86 GB) (Free:119.32 GB) (50%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/10/2023 04:48:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.3155, time stamp: 0xbdd5eb20 Faulting module name: OneBackupHandler.dll, version: 10.0.19041.746, time stamp: 0x5e3e17e8 Exception code: 0xc000041d Fault offset: 0x000000000001f21d Faulting process ID: 0x2bdc Faulting application start time: 0x01d9cb96fdef6d96 Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Faulting module path: C:\Windows\System32\OneBackupHandler.dll Report ID: b9cfde3f-0c60-4a2c-a488-87b00d1589bf Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Error: (08/10/2023 04:48:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.3155, time stamp: 0xbdd5eb20 Faulting module name: OneBackupHandler.dll, version: 10.0.19041.746, time stamp: 0x5e3e17e8 Exception code: 0xc0000005 Fault offset: 0x000000000001f21d Faulting process ID: 0x2bdc Faulting application start time: 0x01d9cb96fdef6d96 Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Faulting module path: C:\Windows\System32\OneBackupHandler.dll Report ID: d8dd1c20-8591-4a5a-8212-9c6e328f85a6 Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Error: (08/10/2023 01:53:05 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 Error: (08/10/2023 01:53:04 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 Error: (08/10/2023 01:53:04 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 Error: (08/10/2023 01:52:03 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 Error: (08/09/2023 02:54:21 PM) (Source: SurfaceOemPanel) (EventID: 513) (User: ) Description: Event-ID 513 Error: (08/09/2023 02:54:21 PM) (Source: SurfaceOemPanel) (EventID: 514) (User: ) Description: Event-ID 514 System errors: ============= Error: (08/10/2023 04:54:57 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY) Description: D:\Device\HarddiskVolume62 Error: (08/10/2023 04:51:11 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY) Description: D:\Device\HarddiskVolume52 Error: (08/10/2023 04:26:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DLK0IBS) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/10/2023 04:26:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DLK0IBS) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/10/2023 01:52:02 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {ac4ca895-19d8-4b67-8ca3-743b47671878}, had event 74 Error: (08/09/2023 02:54:20 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {ac4ca895-19d8-4b67-8ca3-743b47671878}, had event 74 Error: (08/07/2023 11:48:06 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {ac4ca895-19d8-4b67-8ca3-743b47671878}, had event 74 Error: (08/06/2023 12:53:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic. Windows Defender: ================ Date: 2023-08-10 15:09:09 Description: Skanowanie produktu Microsoft Defender Antivirus zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {79C3B049-D858-4929-82B7-EE58D56F73B2} Typ skanowania: Antimalware Parametry skanowania: Quick Scan Użytkownik: NT AUTHORITY\SYSTEM Date: 2023-08-08 04:12:39 Description: Produkt Microsoft Defender Antivirus wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/Webshell.PE&threatid=2147741094&enterprise=0 Nazwa: Backdoor:PHP/Webshell.PE Identyfikator: 2147741094 Ważność: Severe Kategoria: Backdoor Ścieżka: containerfile:_C:\Users\Y\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0363cd; file:_C:\Users\Y\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0363cd->(GZip)->(SCRIPT0001) Pochodzenie wykrycia: Local machine Typ wykrycia: Concrete Źródło wykrycia: User Użytkownik: DESKTOP-DLK0IBS\Y Nazwa procesu: Unknown Wersja analizy zabezpieczeń: AV: 1.393.2546.0, AS: 1.393.2546.0, NIS: 1.393.2546.0 Wersja aparatu: AM: 1.1.23060.1005, NIS: 1.1.23060.1005 Date: 2023-08-08 02:52:33 Description: Skanowanie produktu Microsoft Defender Antivirus zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {8BA7A805-B4AC-418E-8A00-869C48EF198F} Typ skanowania: Antimalware Parametry skanowania: Quick Scan Użytkownik: NT AUTHORITY\SYSTEM Date: 2023-08-06 03:49:00 Description: Skanowanie produktu Microsoft Defender Antivirus zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {B27DECC2-F040-4B05-96B4-ABF4F3B0DF6C} Typ skanowania: Antimalware Parametry skanowania: Quick Scan Użytkownik: NT AUTHORITY\SYSTEM Date: 2023-08-05 19:35:51 Description: Skanowanie produktu Microsoft Defender Antivirus zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {08E8A410-FD39-451C-8181-C6E4D64AD2D7} Typ skanowania: Antimalware Parametry skanowania: Quick Scan Użytkownik: NT AUTHORITY\SYSTEM  CodeIntegrity: =============== Date: 2023-08-10 18:55:02 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2023-08-10 18:44:52 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DEPL.dll that did not meet the Windows signing level requirements. Date: 2023-08-08 02:52:12 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Microsoft Corporation 16.102.140 04/06/2023 Motherboard: Microsoft Corporation Surface Laptop 3 Processor: Intel(R) Core(TM) i5-1035G7 CPU @ 1.20GHz Percentage of memory in use: 52% Total physical RAM: 7778.13 MB Available physical RAM: 3708.29 MB Total Virtual: 14178.13 MB Available Virtual: 10455.49 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.86 GB) (Free:119.32 GB) (Model: HFM256GDGTNG-87A0A) (Protected) NTFS \\?\Volume{7e6730f2-eb6b-49f3-b022-e0f78fb53317}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS \\?\Volume{6c400870-e06b-4370-9f39-5441262d8e3b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 0CC30235) Partition: GPT. ==================== End of Addition.txt =======================