Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2021 Ran by JTug (02-10-2021 17:37:18) Running from C:\Users\JTug\Desktop Windows 8.1 (Update) (X64) (2021-09-11 11:47:31) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-223814551-1140071388-4042786358-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-223814551-1140071388-4042786358-501 - Limited - Disabled) JTug (S-1-5-21-223814551-1140071388-4042786358-1001 - Administrator - Enabled) => C:\Users\JTug ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7} AS: COMODO Advanced Protection (Enabled - Up to date) {BEDD9B51-D934-7E62-2AE4-2EA86231677A} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Disabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 21.007.20095 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated) CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform) Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 91.0.4472.164 - Comodo) COMODO Internet Security Premium (HKLM\...\{529CC629-B436-4886-B322-4BE75B97783D}) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.) Hidden COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.) COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA478445}) (Version: 1.4.159.0 - COMODO) Hidden COMODO Secure Shopping (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.4.478445.159 - Comodo) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant) CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.32.00 - Lenovo Inc.) Hidden Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.30.00 - Lenovo Inc.) Hidden Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{2f4d8103-e601-4d48-b81d-d508d760aaba}) (Version: 17.0.3 - Intel Corporation) Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo) Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.9.137 - SweetLabs for Lenovo) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10260 - Realtek Semiconductor Corp.) Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.) Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.) Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.43.4 - ELAN Microelectronic Corp.) Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.1.14.6181 - Lenovo) LibreOffice 7.2.0.4 (HKLM\...\{C52FBB79-D0A7-4F28-9CEC-3B262694409B}) (Version: 7.2.0.4 - The Document Foundation) Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains) Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox (x64 pt-PT) (HKLM\...\Mozilla Firefox 92.0.1 (x64 pt-PT)) (Version: 92.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.1.0 - Mozilla) Mozilla Thunderbird (x64 pt-PT) (HKLM\...\Mozilla Thunderbird 91.1.2 (x64 pt-PT)) (Version: 91.1.2 - Mozilla) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Skype versão 8.75 (HKLM-x32\...\Skype_is1) (Version: 8.75 - Skype Technologies S.A.) UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.3.6 - Lenovo) uTorrent Web (HKU\S-1-5-21-223814551-1140071388-4042786358-1001\...\utweb) (Version: 1.2.3 - BitTorrent, Inc.) Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH) Xerox B215 Multifunction Printer (HKLM-x32\...\Xerox B215 Multifunction Printer) (Version: 1.09 (11/10/2019) - Xerox Corporation) Xerox PowerENGAGE (HKLM-x32\...\{171BF116-713F-43AA-B236-D6188522E609}) (Version: 2.52.0016 - Xerox Inc.) Packages: ========= Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_2.2.26.0_x86__k1h2ywk1493x8 [2016-05-03] (LENOVO INC.) Phone Companion -> C:\Program Files\WindowsApps\E0469640.DeviceCollaboration_2.0.0.9_x64__5grkq8ppsgwt4 [2015-10-31] (LENOVO INC) PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2015-10-31] (CYBERLINK COM CORPORATION) Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-10-31] (Skype) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-223814551-1140071388-4042786358-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4220304 2011-02-12] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\windows\system32\igfxOSP.dll [2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\JTug\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\395fbb84ca74fb25\Comodo Dragon.lnk -> C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============= 2015-06-18 20:03 - 2015-06-18 20:03 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Lenovo\PowerDVD10\MSVCR71.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-223814551-1140071388-4042786358-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-223814551-1140071388-4042786358-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-223814551-1140071388-4042786358-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com HKU\S-1-5-21-223814551-1140071388-4042786358-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-223814551-1140071388-4042786358-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-223814551-1140071388-4042786358-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-223814551-1140071388-4042786358-1001 -> DefaultScope {58A62C29-8274-4A96-9D1A-261431BDBAEA} URL = SearchScopes: HKU\S-1-5-21-223814551-1140071388-4042786358-1001 -> {58A62C29-8274-4A96-9D1A-261431BDBAEA} URL = BHO: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho64.dll [2019-08-21] (Comodo Security Solutions, Inc. -> COMODO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho32.dll [2019-08-21] (Comodo Security Solutions, Inc. -> COMODO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-223814551-1140071388-4042786358-1001\...\onlineregister.com -> hxxp://onlineregister.com IE trusted site: HKU\S-1-5-21-223814551-1140071388-4042786358-1001\...\onlineregister.com -> hxxps://onlineregister.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin HKU\S-1-5-21-223814551-1140071388-4042786358-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JTug\Pictures\PICO.JPG HKU\S-1-5-21-223814551-1140071388-4042786358-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 81.20.240.33 - 81.20.240.34 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. Network Binding: ============= Wi-Fi: COMODO Internet Security Firewall Driver -> inspect (enabled) Bluetooth Network Connection: COMODO Internet Security Firewall Driver -> inspect (enabled) Ethernet: COMODO Internet Security Firewall Driver -> inspect (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-223814551-1140071388-4042786358-1001\...\StartupApproved\Run: => "Skype for Desktop" HKU\S-1-5-21-223814551-1140071388-4042786358-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-223814551-1140071388-4042786358-1001\...\StartupApproved\Run: => "utweb" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E7E57324-2A1E-48AC-A103-AFD7ABC94EA2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> ) FirewallRules: [{B7C9703F-89BB-46A6-B572-1E81741F6338}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File FirewallRules: [{B70742A6-3CA1-4246-8167-1B7D931296AD}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe => No File FirewallRules: [{0FFA90FA-79A0-41A7-B1C3-3848223F2F21}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{0C989911-C1A9-487A-96CC-30B1231A44F3}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{B87AEB21-45F3-43D3-BE07-7C35ED5151D6}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{AB73E184-BE4D-4643-8EA2-C91DD11F59FA}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe => No File FirewallRules: [{6095FCF1-45A4-45E2-896E-F78952F7B5EF}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe => No File FirewallRules: [{3F0A8B8B-671C-48E3-86D0-B4BBEF9A044B}] => (Allow) LPort=55100 FirewallRules: [{FD299C02-28F3-4529-8132-B2FE2F6B3490}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe => No File FirewallRules: [{736D7756-53F9-4D53-A835-8EB217F62031}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{AFE6FA42-BAAB-46F1-9E3D-0EEB21A746D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5DFCCA4C-27CE-40DF-B4FC-AFA8BAB520F8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8FD70CFC-3D81-4570-B386-B246C6115F88}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DD133BAD-4018-4615-B392-6F4564916935}] => (Allow) C:\Users\JTug\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{3DD26CA3-1F63-40DE-AEC3-7E4528CB2C6F}] => (Allow) C:\Users\JTug\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{6AAB58F1-682D-4C6E-825C-00F7A92F4060}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe (Comodo Security Solutions -> Comodo) FirewallRules: [UDP Query User{20712658-B24F-47C1-932F-F2EC85EDB5AB}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe (Comodo Security Solutions -> Comodo) FirewallRules: [{971FA5FC-471F-4E4A-9C3E-819CA7C419DE}] => (Allow) C:\Windows\twain_32\Xerox\XB215\ScanCDLM\ScanCDLM.exe (HP Inc. -> ) FirewallRules: [{26FB8B5C-DE4D-47C3-905A-F7365FF22D9B}] => (Allow) C:\Windows\twain_32\Xerox\XB215\ScanCDLM\ScanCDLM.exe (HP Inc. -> ) ==================== Restore Points ========================= 20-09-2021 18:41:36 Scheduled Checkpoint 28-09-2021 11:05:47 Scheduled Checkpoint 02-10-2021 10:10:52 AdwCleaner_BeforeCleaning_02/10/2021_10:10:38 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (10/02/2021 04:57:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa FRST64.exe versão 0.0.0.0 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo do Centro de Ação. ID do Processo: ee4 Hora de Início: 01d7b7ac2e2cdbce Hora de Cessação: 17 Caminho da Aplicação: C:\Users\JTug\Downloads\FRST64.exe ID do Relatório: c03e6db0-23a1-11ec-825b-e4f89c5a242b Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (10/02/2021 03:40:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome da aplicação com falha: cavwp.exe, versão: 12.2.2.8012, carimbo de data/hora: 0x600ac1e4 Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17476, carimbo de data/hora: 0x54516b13 Código de exceção: 0xc0000008 Desvio de falha: 0x00000000000ec5a0 ID do processo com falha: 0x20ec Hora de início da aplicação com falha: 0x01d7b78de2ca3446 Caminho da aplicação com falha: C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll ID do Relatório: 132e0e2c-2397-11ec-825a-e4f89c5a242b Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (10/02/2021 10:11:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema. Details: AddWin32ServiceFiles: Unable to back up image of service Avast Tools since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (10/02/2021 10:11:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema. Details: AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (10/02/2021 10:11:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema. Details: AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (10/02/2021 10:11:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema. Details: AddLegacyDriverFiles: Unable to back up image of binary aswVmm. System Error: The system cannot find the file specified. . Error: (10/02/2021 10:11:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSP. System Error: The system cannot find the file specified. . Error: (10/02/2021 10:11:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSnx. System Error: The system cannot find the file specified. . System errors: ============= Error: (10/02/2021 04:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço CCSDK falhou o arranque devido ao seguinte erro: O sistema não conseguiu localizar o ficheiro especificado. Error: (10/02/2021 04:38:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço Lenovo System Agent Service falhou o arranque devido ao seguinte erro: O sistema não conseguiu localizar o ficheiro especificado. Error: (10/02/2021 04:37:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: O Módulo de Extensibilidade WLAN parou inesperadamente. Caminho do Módulo: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/02/2021 04:37:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: O Módulo de Extensibilidade WLAN parou inesperadamente. Caminho do Módulo: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/02/2021 04:37:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: O Módulo de Extensibilidade WLAN parou inesperadamente. Caminho do Módulo: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/02/2021 03:14:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: O Módulo de Extensibilidade WLAN parou inesperadamente. Caminho do Módulo: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/02/2021 01:33:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: O Módulo de Extensibilidade WLAN parou inesperadamente. Caminho do Módulo: C:\WINDOWS\System32\IWMSSvc.dll Error: (10/02/2021 01:05:27 PM) (Source: DCOM) (EventID: 10010) (User: Avila_Esteves) Description: O servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} não foi registado no DCOM dentro do tempo limite necessário. ==================== Memory info =========================== BIOS: LENOVO A7CN47WW 04/16/2015 Motherboard: LENOVO Lancer 5A6 Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz Percentage of memory in use: 54% Total physical RAM: 3979.2 MB Available physical RAM: 1810.22 MB Total Virtual: 6667.2 MB Available Virtual: 3995.31 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:891.39 GB) (Free:744.37 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.42 GB) NTFS \\?\Volume{0bd706a5-f338-4297-bdd3-df7701fc3341}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS \\?\Volume{082bbf61-a8f6-4c33-b0c5-01e2f868c748}\ (PBR_DRV) (Fixed) (Total:12.79 GB) (Free:3.5 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6902EF22) Partition: GPT. ==================== End of Addition.txt =======================