Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01 Ran by Tomz (19-05-2020 17:04:43) Running from C:\Users\Tomz\Desktop Windows 10 Home Version 1909 18363.836 (X64) (2019-10-04 00:37:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1748167778-1873205235-3743200142-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1748167778-1873205235-3743200142-503 - Limited - Disabled) Doug (S-1-5-21-1748167778-1873205235-3743200142-1002 - Limited - Enabled) => C:\Users\Doug Guest (S-1-5-21-1748167778-1873205235-3743200142-501 - Limited - Disabled) Samatha (S-1-5-21-1748167778-1873205235-3743200142-1072 - Limited - Enabled) => C:\Users\Samatha Tomz (S-1-5-21-1748167778-1873205235-3743200142-1001 - Administrator - Enabled) => C:\Users\Tomz WDAGUtilityAccount (S-1-5-21-1748167778-1873205235-3743200142-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Auslogics Registry Defrag (HKLM-x32\...\{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1) (Version: 12.4.0.2 - Auslogics Labs Pty Ltd) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.3.2405 - Avast Software) Backup and Sync from Google (HKLM\...\{FE296942-D2D3-4149-8895-60655FE4CFDE}) (Version: 3.49.9800.0000 - Google, Inc.) Belarc Advisor 8.6 (HKLM-x32\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 81.1.8.96 - Brave Software Inc) Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.2.0 - Brother Industries, Ltd.) Brother's Keeper 7.2 (HKLM-x32\...\Brother's Keeper 7.2) (Version: - ) Catalyst Control Center Next Localization BR (HKLM\...\{3744A21F-74D4-8C44-CD64-1C535C9F8071}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{72758110-98B6-8AF0-A821-0CBEE196A924}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{4F1FC082-4E1B-66AA-8A61-6B9920D3AD44}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{59A5D762-C981-E062-2000-9D93A808FD97}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{ED1CBEF9-4591-37D9-95E8-D24C71CD4DD8}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{D76052C6-6876-76B2-4133-7FF9A14AE337}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{D7B23FC0-D0D8-5E4C-AA23-74402AA5F9FF}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{B6922F85-3CAC-A051-E1A1-5240B97C7004}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{A3F74B02-41FB-D74A-7F73-C74CBA0B47B8}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{6C405FAB-C12D-C6ED-0EFB-8FFEC1739C57}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{55A43931-6450-3BE8-ACF3-03287151892A}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{1FE1B50E-E83A-2DE5-B936-529087AA2E10}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{21ACDF49-014E-04CA-30F5-8C5D51BB5531}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{EBEA8BCA-577A-241D-8F35-A067F2A6668A}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{2BB6FEC3-E5F6-DA12-C459-6449E9841054}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{101B967E-8389-2F65-54D3-6BFEE885CA52}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{632DB67E-D4DB-94C7-1166-C43BAE514258}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{A703B85F-1F09-ACBA-6BB6-999E3C1062E0}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{86BDFE76-16CE-BDE4-6C30-6CB06B22C612}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{838232B4-4099-B51F-0583-EB12F7216641}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{095E08BE-0C45-AECF-B0AC-4DA357DF8510}) (Version: 2017.0919.747.12188 - Advanced Micro Devices, Inc.) Hidden CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.) CrystalDiskInfo 8.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.1.0 - Crystal Dew World) CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6929 - CyberLink Corp.) Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform) Driver Sweeper 1.5.5 (HKLM-x32\...\{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1) (Version: - Phyxion.net - Guru3D.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.61 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - ) iVMS-4200(2.7.2.7) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.7.2.7 - hikvision) Java 8 Update 221 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) Lenovo Calliope USB Keyboard (HKLM\...\{520AA862-0064-4B41-B777-1FAFC1AD1293}) (Version: 1.12 - Lenovo) Lenovo Diagnostics Tool (HKLM\...\{C7DB8EA5-C9C1-468F-B90C-CA206CA5C6BE}) (Version: 4.26.1 - Lenovo) Lenovo Service Bridge (HKU\S-1-5-21-1748167778-1873205235-3743200142-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.0.4 - Lenovo) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.2.93.0 - Lenovo Group Ltd.) LibreOffice 5.3.7.2 (HKLM\...\{117F3217-458C-4371-B222-00C69DE96CB2}) (Version: 5.3.7.2 - The Document Foundation) Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1748167778-1873205235-3743200142-1001\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation) Microsoft Outlook 2013 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 15.0.5233.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 76.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 76.0.1 (x64 en-US)) (Version: 76.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla) OEM Application Profile (HKLM-x32\...\{A8ADE0BE-7A4D-4807-09BA-10D302E5E25F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.5233.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.5233.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.5233.1000 - Microsoft Corporation) Hidden OneKeyRecovery (HKLM-x32\...\{B1C01152-7A95-4F37-AEDC-5B09DE983271}) (Version: 9.0.1.1607 - Lenovo) Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.) SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.1.4 - hikvision) SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology) Skype version 8.59 (HKLM-x32\...\Skype_is1) (Version: 8.59 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Synaptics WBF FP Reader (HKLM\...\{74CDC218-2FB9-4718-96E9-17A279E43650}) (Version: 5.5.2310.61 - Synaptics Incorporated) TaxACT 2014 - 1040 Edition (HKLM-x32\...\TaxACT 2014 - 1040 Edition) (Version: 1.07 - TaxACT, Inc.) TaxACT 2014 Oklahoma (HKLM-x32\...\TaxACT 2014 Oklahoma) (Version: 1.03 - TaxACT, Inc.) TaxAct 2015 1040 Edition (HKLM-x32\...\TaxAct 2015 1040 Edition) (Version: 1.10 - TaxAct, Inc.) TaxAct 2015 Oklahoma (HKLM-x32\...\TaxAct 2015 Oklahoma) (Version: 1.03 - TaxAct, Inc.) TaxAct 2016 1040 Edition (HKLM-x32\...\TaxAct 2016 1040 Edition) (Version: 1.12 - TaxAct, Inc.) TaxAct 2016 Oklahoma (HKLM-x32\...\TaxAct 2016 Oklahoma) (Version: 1.01 - TaxAct, Inc.) TaxAct 2017 1040 Edition (HKLM-x32\...\TaxAct 2017 1040 Edition) (Version: 1.01 - TaxAct, Inc.) TaxAct 2017 Oklahoma (HKLM-x32\...\TaxAct 2017 Oklahoma) (Version: 1.02 - TaxAct, Inc.) TaxAct 2018 1040 Edition (HKLM-x32\...\TaxAct 2018 1040 Edition) (Version: 1.05 - TaxAct, Inc.) TaxAct 2018 Oklahoma (HKLM-x32\...\TaxAct 2018 Oklahoma) (Version: 1.03 - TaxAct, Inc.) TaxAct 2019 1040 Edition (HKLM-x32\...\TaxAct 2019 1040 Edition) (Version: 1.08 - TaxAct, Inc.) TaxAct 2019 Oklahoma (HKLM-x32\...\TaxAct 2019 Oklahoma) (Version: 1.03 - TaxAct, Inc.) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.0.8397 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.) Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.6.10 - ) webplugin.exe version 3.0.0.1 (HKLM-x32\...\{E790ABDC-FE4D-4C68-B40F-C93A3D33FA9E}_is1) (Version: 3.0.0.1 - ) Win10Pcap (HKLM-x32\...\{B5B58F8A-1984-4F3E-B400-235A6E005002}) (Version: 10.2.5002 - Daiyuu Nobori, University of Tsukuba, Japan) Windows Driver Package - Advanced Micro Devices Inc. AMD USB Filter Driver (11/26/2015 2.1.11.0304) (HKLM\...\E585B8C8FC4672A7310ACB645D466C2273EBE047) (Version: 11/26/2015 2.1.11.0304 - Advanced Micro Devices Inc.) WinRAR 5.71 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.1 - win.rar GmbH) Zoom (HKU\S-1-5-21-1748167778-1873205235-3743200142-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-03-24] (Autodesk Inc.) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.168.200.0_x86__kgqvnymyfvs32 [2020-05-14] (king.com) Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2020-03-24] (Facebook Inc) Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2020-03-24] (LENOVO INCORPORATED.) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2004.12.0_x64__k1h2ywk1493x8 [2020-05-19] (LENOVO INC.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2020-03-24] (Plex) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2020-04-29] (Realtek Semiconductor Corp) Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.11.85.0_x64__43tkc6nmykmb6 [2020-05-13] (Ookla) Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1748167778-1873205235-3743200142-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Tomz\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1748167778-1873205235-3743200142-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Tomz\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-04-06] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-04-06] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-04-06] (Google LLC -> Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-05-17] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-05-17] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-04-06] (Google LLC -> Google) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-06] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-06] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-05-17] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-04-06] (Google LLC -> Google) ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-05-17] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-06] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-06] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Tomz\Desktop\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory="Default" ==================== Loaded Modules (Whitelisted) ============= 2018-01-08 18:13 - 2009-02-27 17:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2020-04-10 22:31 - 2019-05-28 14:06 - 001021440 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll 2018-01-08 18:13 - 2005-04-21 23:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll 2018-01-08 18:13 - 2012-04-23 16:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2018-01-08 18:13 - 2010-09-29 18:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll 2018-01-08 18:13 - 2011-02-28 12:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll 2018-01-08 18:13 - 2012-01-11 15:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2018-01-08 18:13 - 2012-07-27 00:07 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll 2020-05-06 12:15 - 2020-04-05 18:36 - 001343488 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LanmanServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LanmanWorkstation => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NfsClnt => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NfsClnt => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\simptcp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 16:03 - 2019-01-04 04:29 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Android;C:\Windows\System32 HKU\S-1-5-21-1748167778-1873205235-3743200142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tomz\Pictures\Saved Pictures\SchlossJegenstorf.jpg DNS Servers: 192.168.10.101 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Bluetooth Network Connection: Win10Pcap Packet Capture Driver -> Win10Pcap (enabled) Wi-Fi: Win10Pcap Packet Capture Driver -> Win10Pcap (enabled) Ethernet: Win10Pcap Packet Capture Driver -> Win10Pcap (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeARMservice => 2 HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-1748167778-1873205235-3743200142-1001\...\StartupApproved\Run: => "Magellan Update Manager" HKU\S-1-5-21-1748167778-1873205235-3743200142-1001\...\StartupApproved\Run: => "D0E8F2B54FFA142138155E11D982905E73BD2379._service_run" HKU\S-1-5-21-1748167778-1873205235-3743200142-1001\...\StartupApproved\Run: => "GarminExpress" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{C80BD05A-A170-4075-9689-BB29417DE7F8}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe () [File not signed] FirewallRules: [TCP Query User{3A89E049-7317-402B-AC71-E0827D9A0C45}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe () [File not signed] FirewallRules: [UDP Query User{35D4056B-7CF7-43C0-92D8-9CA8FC8C5E34}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> ) FirewallRules: [TCP Query User{15B7F3B9-B2BC-41CE-B57F-8879635579B7}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> ) FirewallRules: [{2578177D-E3FC-4A5F-A689-4E691541C78D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{34098907-9553-4CBD-985F-64DD7236FBD2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{20AC9C8D-028F-4546-A306-12013AC21E5A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D21E909D-93B0-455C-B3EA-AC1590366938}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{5334FDD8-2298-464B-9193-0BE8764873E9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{694FD7F8-FCA1-4311-871A-D6643E55184B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [TCP Query User{1DD4BBB2-F8C1-4297-87C7-64AD218D1EC0}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> ) FirewallRules: [UDP Query User{3CBCFCFA-FB3B-457E-8F86-89CC00318430}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> ) FirewallRules: [{33BDAA81-1541-4972-A092-4D2BF3014E34}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) FirewallRules: [{A8946DA8-1501-41B6-9A6D-E88A9D524EFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) FirewallRules: [{D0C11057-5D4D-4186-9562-F1BE2FC83E5C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E294F170-4266-4ABE-B13E-CC947E34616E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F05E3E7E-90ED-4DAF-AED2-64838DB9763B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B727FA66-F994-4CD5-9D19-D7F31181265C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{6B52D350-491B-49ED-8888-3E6E9E801CBD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{CB2E2CA7-1026-4408-913B-B92CAE0ED7AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{67C12C24-C751-4F71-8FC5-331EC8BCF5F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{80A95ED6-66E9-424B-9972-8D99AD351DE7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{EEC59591-9FDD-4921-8DDC-F98CA7F94794}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{21AE3823-0B31-4513-937B-7578B6B58F63}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{BC55FDB1-E65D-40BD-83DF-B8FFD7D4A013}] => (Allow) C:\Users\Tomz\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{53C99ADE-F638-4202-8F9A-7F503EF1ACD8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DE4A030D-AE0D-400C-9232-3BE5B610F622}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3E1DB7FD-5E06-42CB-A352-4E3D483AC5E7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.132.618.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{91D81427-BDA6-422B-88BC-C3B8DB68B992}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.132.618.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{20F6A0BF-D841-4040-8DD6-67A0C4A17F0A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.132.618.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{21C82827-067E-4741-910D-808A707153A2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.132.618.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E5A2EE72-B57A-4C7C-A7B8-8C744D34AB97}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.132.618.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2CD16D57-F655-4494-9EB7-D7978EA2F575}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.132.618.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{15DDCCF1-7D4E-42F3-A233-48672BD5065D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.132.618.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4AB1D5A8-1035-4478-B7CB-2F4AD28299D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.132.618.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8DF04495-4510-42B1-A46A-5F2812300371}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{5BC1972C-A745-41F4-A928-85E447B9CB4F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 17-05-2020 16:48:37 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/19/2020 03:49:00 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (05/19/2020 03:48:13 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {f4ab5eda-0a6c-44b9-af45-fcc636e259b6} Error: (05/19/2020 03:40:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: id_bglaunch.exe, version: 6.7.3.16, time stamp: 0x5ec3bad1 Faulting module name: KERNELBASE.dll, version: 10.0.18362.815, time stamp: 0xb89efff3 Exception code: 0xe0434352 Fault offset: 0x000000000003a799 Faulting process id: 0x1848 Faulting application start time: 0x01d62e1dac077863 Faulting application path: C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 8d31dd36-9ec5-4c5e-ad08-513ba93d3f05 Faulting package full name: Faulting package-relative application ID: Error: (05/19/2020 03:40:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: id_bglaunch.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException at System.Threading.Mutex.ReleaseMutex() at BackgroundProcess.Program.Main(System.String[]) Error: (05/19/2020 02:49:01 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (05/19/2020 02:49:01 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (05/19/2020 02:49:00 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (05/19/2020 02:49:00 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] System errors: ============= Error: (05/19/2020 04:07:54 PM) (Source: volmgr) (EventID: 161) (User: ) Description: Dump file creation failed due to error during dump creation. Error: (05/19/2020 04:08:37 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:52:07 PM on ‎5/‎19/‎2020 was unexpected. Error: (05/19/2020 03:48:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The IDriveService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (05/19/2020 03:39:17 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:35:33 PM on ‎5/‎19/‎2020 was unexpected. Error: (05/19/2020 03:35:03 PM) (Source: volmgr) (EventID: 161) (User: ) Description: Dump file creation failed due to error during dump creation. Error: (05/19/2020 03:35:33 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:32:11 PM on ‎5/‎19/‎2020 was unexpected. Error: (05/19/2020 02:52:26 PM) (Source: DCOM) (EventID: 10005) (User: SWISSHOME) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (05/19/2020 02:51:28 PM) (Source: DCOM) (EventID: 10005) (User: SWISSHOME) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Windows Defender: =================================== Date: 2020-05-17 12:10:22.681 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.315.847.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17000.7 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Date: 2020-05-17 11:54:07.163 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2020-05-17 11:16:35.230 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.315.847.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17000.7 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Date: 2020-05-17 10:56:43.412 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2020-05-17 10:41:31.199 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.315.847.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17000.7 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. CodeIntegrity: =================================== Date: 2020-05-19 17:00:19.925 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-19 16:59:09.310 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-19 16:59:09.267 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-19 16:59:07.333 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-19 16:58:47.475 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-19 16:58:47.407 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-19 16:41:30.193 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-19 16:41:30.132 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: LENOVO M14KT40A 03/27/2019 Motherboard: LENOVO 3100 Processor: AMD A12-9800 RADEON R7, 12 COMPUTE CORES 4C+8G Percentage of memory in use: 34% Total physical RAM: 11714.79 MB Available physical RAM: 7663.61 MB Total Virtual: 14914.79 MB Available Virtual: 10660.21 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:909.18 GB) (Free:617.94 GB) NTFS Drive f: (Seagate Expansion Drive) (Fixed) (Total:4657.4 GB) (Free:2193.56 GB) NTFS \\?\Volume{85f909de-c1f2-4fc9-9538-73be7f9701cc}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.56 GB) NTFS \\?\Volume{392867b8-a058-43f0-9629-26637cf650ed}\ (LENOVO_PART) (Fixed) (Total:20 GB) (Free:9.82 GB) NTFS \\?\Volume{44cc01b7-99a3-4ebc-bc94-a8efa4c2acba}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 993955A8) Partition: GPT. ========================================================== Disk: 1 (Size: 4657.5 GB) (Disk ID: EEFD7599) Partition: GPT. ==================== End of Addition.txt =======================