Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021 Ran by 19192 (15-11-2021 14:07:31) Running from C:\Users\19192\OneDrive\Desktop Microsoft Windows 10 Home Version 20H2 19042.1110 (X64) (2021-04-14 12:23:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) 19192 (S-1-5-21-4005300964-2302935580-1863167367-1001 - Administrator - Enabled) => C:\Users\19192 Administrator (S-1-5-21-4005300964-2302935580-1863167367-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4005300964-2302935580-1863167367-503 - Limited - Disabled) defaultuser100001 (S-1-5-21-4005300964-2302935580-1863167367-1019 - Limited - Enabled) Guest (S-1-5-21-4005300964-2302935580-1863167367-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-4005300964-2302935580-1863167367-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon MP830 MP Drivers (HKLM\...\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}) (Version: - Canon Inc.) DriverUpdate (HKLM\...\{70A3DB76-E1F1-4D1C-B791-824F1C63238A}) (Version: 5.8.19 - Slimware Utilities Holdings, Inc.) Hidden <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC) Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 52.0.6.0 - Google LLC) Intel(R) Chipset Device Software (HKLM-x32\...\{afad3740-3061-4b48-a9ab-6f1435cb3dd6}) (Version: 10.1.18383.8213 - Intel(R) Corporation) iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.) Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech) Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation) NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation) NVIDIA Graphics Driver 462.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 462.30 - NVIDIA Corporation) NVIDIA PhysX System Software 9.20.0221 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation) Packages: ========= AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-07-24] (Microsoft Corporation) Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20602.609.0_x64__rz1tebttyb220 [2021-03-10] (Dolby Laboratories) Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-05] (INTEL CORP) [Startup Task] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-02] (Microsoft Studios) [MS Ad] MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-09-10] (Microsoft Corporation) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-11] (NVIDIA Corp.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-25] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.221.0_x64__dt26b99r8h8gj [2021-03-10] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-14] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-22] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_5adc6075318430cf\nvshext.dll [2021-08-31] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-22] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-10-21 04:56 - 2019-10-21 04:56 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll 2019-10-21 04:56 - 2019-10-21 04:56 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll 2019-10-21 04:56 - 2019-10-21 04:56 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll 2019-10-21 04:56 - 2019-10-21 04:56 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll 2019-10-21 04:56 - 2019-10-21 04:56 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/ SearchScopes: HKLM -> DefaultScope {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE SearchScopes: HKLM -> {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE SearchScopes: HKLM-x32 -> DefaultScope {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE SearchScopes: HKLM-x32 -> {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE SearchScopes: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001 -> DefaultScope {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = SearchScopes: HKU\S-1-5-21-4005300964-2302935580-1863167367-1001 -> {10ABE9E3-13DA-46DD-B4E9-AA1779861B5A} URL = BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4005300964-2302935580-1863167367-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\19192\Downloads\DaveGrohlnme.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D5C3E1EA-BD09-48CB-A3DF-30592CE419BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7D0B604C-038B-4FC1-8930-8B3126440FEE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{64AE00D8-D5BF-4F49-915E-B3CD49991C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{9F51071C-07F0-4F8D-B0DD-911B5778B273}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2E6FD9BC-4929-4D79-95F3-D2819EFD8469}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{8F5F7D55-AE49-4AA7-8ED5-1E5382FBB307}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7B96223D-344F-49E8-BB86-B099582965B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{9383BB08-115F-46DC-B831-A85457068B9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{BFC9211C-A41A-4B30-8C01-FA8734904EBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7518B9C5-4A36-4D2B-A28C-A99A57CAE376}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6871DEBF-FBD1-4584-9C5E-1C209E52B0C8}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.) FirewallRules: [{E616003B-1FCD-492F-904C-741D360C791D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BC52CFF5-BB26-4FDE-B744-4B82C17B32B7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{6627577B-64FB-4315-97B9-C34E3C125B52}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{BCEDF912-EBF8-4D18-9963-02964EFCA403}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3E9EEA9D-7126-41F6-BB63-4B7392F2ABAB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F2139E85-C9BC-4E88-AB7E-C822C2957553}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{93B3FA20-4261-4EC3-9A8E-33FEFA400597}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{E281517D-A7B0-4B35-98C2-15EDAB153D75}] => (Allow) C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe => No File FirewallRules: [{868BB4AB-5C17-4ED0-A373-2D0A60535557}] => (Allow) C:\Users\19192\AppData\Local\Temp\HelpDesk\u8\HelpDesk\RPCHelpDeskServiceUAC.exe => No File FirewallRules: [{C7F4D455-330B-4ACC-BC29-DF1ACFF695FE}] => (Allow) C:\Users\19192\AppData\Local\Temp\ShowMyPC\-ShowMyPC3606\SMPCSetup.exe => No File FirewallRules: [{5806E64E-1B06-4E0B-B9C2-B4EF9AFB8809}] => (Allow) C:\Users\19192\AppData\Local\Temp\ShowMyPC\-ShowMyPC3606\tvnserver.exe => No File FirewallRules: [{45671AFA-8FBD-4F27-8BE0-35BDC1A7C406}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3EFDD2F4-2367-4881-9600-7F4CDCA30DCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{03646D20-6E5C-4CD5-A316-E57F5B2BF8D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A188224B-E5AD-4802-BD1C-C73937185DD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E6D8527E-99AD-4C2F-9BDD-B781EAE28F53}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{973868AC-5DF0-49FB-A3C6-7C40E1193B28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F090496E-3A0E-46C3-8ABA-076456BB1161}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{EC124086-E00B-41F1-BADB-F453C4459743}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7CCF74D1-0C30-4D2E-903A-03C178B19976}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) ==================== Restore Points ========================= 10-09-2021 11:04:37 Scheduled Checkpoint 02-11-2021 21:56:09 Scheduled Checkpoint 08-11-2021 14:06:52 Windows Update 12-11-2021 17:30:52 Windows Modules Installer 15-11-2021 13:06:11 Windows Modules Installer 15-11-2021 13:45:22 AdwCleaner_BeforeCleaning_15/11/2021_13:45:21 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (11/15/2021 01:47:38 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (11/15/2021 01:47:38 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (11/15/2021 01:47:38 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (11/15/2021 01:47:38 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (11/15/2021 01:45:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wuauclt.exe, version: 10.0.19041.906, time stamp: 0x01b4b287 Faulting module name: wuuhosdeployment.dll_unloaded, version: 10.0.19041.867, time stamp: 0x14e58421 Exception code: 0xc0000005 Fault offset: 0x000000000001a3f3 Faulting process id: 0x37f0 Faulting application start time: 0x01d7da649cb60506 Faulting application path: C:\Windows\system32\wuauclt.exe Faulting module path: wuuhosdeployment.dll Report Id: a800ac61-8a42-4cea-a66c-f2db78628b39 Faulting package full name: Faulting package-relative application ID: Error: (11/15/2021 01:07:26 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (11/14/2021 07:54:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program utility.exe version 4.1.32.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3d00 Start Time: 01d7d5d52c3da835 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe Report Id: 1b7c558f-a633-487b-acbb-5797ea0e66ab Faulting package full name: E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4 Faulting package-relative application ID: LenovoUtility Hang type: Quiesce Error: (11/13/2021 01:49:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: OneDrive.exe, version: 21.205.1003.5, time stamp: 0x099752be Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2 Exception code: 0x80000003 Fault offset: 0x00000000000c9a92 Faulting process id: 0x5600 Faulting application start time: 0x01d7d8d84be90685 Faulting application path: C:\Users\19192\AppData\Local\Microsoft\OneDrive\OneDrive.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: e624b516-6054-4f86-8237-a60d22d4dc5d Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (11/15/2021 02:04:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/15/2021 02:03:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/15/2021 02:02:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007139f: 9MWPM2CQNLHN-Microsoft.GamingServices. Error: (11/15/2021 01:50:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/15/2021 01:49:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/15/2021 01:49:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/15/2021 01:49:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Error: (11/15/2021 01:48:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The System Interface Foundation Service service failed to start due to the following error: The system cannot find the file specified. Windows Defender: ================ Date: 2021-11-02 22:38:45 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-07-24 15:58:10 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-07-23 19:11:43 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-06-11 17:24:39 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-12 14:31:54 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan  CodeIntegrity: =============== Date: 2021-11-15 14:08:19 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2021-11-15 14:04:17 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: LENOVO EGCN33WW 12/24/2020 Motherboard: LENOVO LNVNB161216 Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz Percentage of memory in use: 70% Total physical RAM: 8059.8 MB Available physical RAM: 2342.26 MB Total Virtual: 19323.8 MB Available Virtual: 11802.48 MB ==================== Drives ================================ Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:155.7 GB) NTFS Drive d: (Data) (Fixed) (Total:931.5 GB) (Free:928.08 GB) NTFS Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:12.68 GB) FAT32 \\?\Volume{4c930333-03c7-4bda-89cb-1ab278503d60}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS \\?\Volume{19bbc73d-d8a9-45aa-aa09-3899456ca382}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 17FC6791) Partition: GPT. ========================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 583D7DAE) Partition: GPT. ==================== End of Addition.txt =======================