I understand: where you said "but this time, attach..." made me think you hadn't spotted the Additional log in the previous post.
Fixlog, followed by Farbar scan w/Addition, speccie log attached as file "Lenovo.txt".
Thanks again for all the help figuring this out, RKinner.
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Bill (05-03-2021 22:30:54) Run:1
Running from F:\FRST & Logs
Loaded Profiles: Bill
Boot Mode: Normal
==============================================
fixlist content:
*****************
ContextMenuHandlers1: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
ContextMenuHandlers2: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
ContextMenuHandlers4: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
FirewallRules: [{8B1EF3E7-EDA2-488F-AC78-9BBDF3AFE14B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{C5B109DB-A4DA-409D-A49D-83B287BD8FAA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{F80157A6-5134-42FE-BEE5-0393B9A05BEE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{4A4BEB17-5908-4241-96F9-FAFD1A3646C9}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{19672D66-F5AF-46BE-872F-2B25F642A803}] => (Allow) C:\Users\Bill\AppData\Local\Temp\7zS3B65\HP.EasyStart.exe => No File
FirewallRules: [{8325C4CD-D605-45E3-B810-60DB5FEF1A9B}] => (Allow) C:\Program Files\iTunes\iTunes.exe => No File
FirewallRules: [{628F320B-28EF-413A-8893-78C1CA07EC57}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{86D86FB5-E6A7-4867-BDA2-482BCCB36E87}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{583C044D-FAC7-4C72-B48A-D855C382F52C}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{66827E1B-2A0D-408D-8053-7645861F7781}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Block) C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [UDP Query User{880AD327-6878-4A84-8FED-C21AE2DF5AAB}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Block) C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [TCP Query User{D610A114-0B6B-4381-911A-0DCB28BDAC66}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{10AD39FE-4A63-4AF1-9B8C-1CD7975FB806}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{FF198961-A67F-465C-94A5-231F0563E650}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{5CC25685-D18C-47AB-B82E-A12D907D761A}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [{B6E12C10-2D94-48F7-8449-0A7594209AC9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{F8F0D5E5-2ABF-42B5-8C5B-DD45CC27C11A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
*****************
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Fix-It Menu => removed successfully
HKLM\Software\Classes\CLSID\{F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Fix-It Menu => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Fix-It Menu => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B1EF3E7-EDA2-488F-AC78-9BBDF3AFE14B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5B109DB-A4DA-409D-A49D-83B287BD8FAA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F80157A6-5134-42FE-BEE5-0393B9A05BEE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A4BEB17-5908-4241-96F9-FAFD1A3646C9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19672D66-F5AF-46BE-872F-2B25F642A803}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8325C4CD-D605-45E3-B810-60DB5FEF1A9B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{628F320B-28EF-413A-8893-78C1CA07EC57}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{86D86FB5-E6A7-4867-BDA2-482BCCB36E87}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{583C044D-FAC7-4C72-B48A-D855C382F52C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{66827E1B-2A0D-408D-8053-7645861F7781}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{880AD327-6878-4A84-8FED-C21AE2DF5AAB}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D610A114-0B6B-4381-911A-0DCB28BDAC66}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{10AD39FE-4A63-4AF1-9B8C-1CD7975FB806}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FF198961-A67F-465C-94A5-231F0563E650}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5CC25685-D18C-47AB-B82E-A12D907D761A}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6E12C10-2D94-48F7-8449-0A7594209AC9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8F0D5E5-2ABF-42B5-8C5B-DD45CC27C11A}" => removed successfully
========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer =========
========= End of CMD: =========
========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database =========
========= End of CMD: =========
========= DISM /Online /Cleanup-Image /RestoreHealth =========
Deployment Image Servicing and Management tool
Version: 10.0.18362.1316
Image Version: 10.0.18363.1316
[== 3.8% ]
[== 3.8% ]
[== 3.8% ]
[== 3.9% ]
[== 4.0% ]
[== 4.2% ]
[== 4.3% ]
[== 4.5% ]
[== 4.5% ]
[== 4.6% ]
[== 4.7% ]
[== 4.8% ]
[== 4.8% ]
[== 4.9% ]
[== 5.1% ]
[== 5.1% ]
[=== 5.4% ]
[=== 5.5% ]
[=== 5.5% ]
[=== 5.7% ]
[=== 5.8% ]
[=== 6.0% ]
[=== 6.0% ]
[=== 6.1% ]
[=== 6.3% ]
[=== 6.4% ]
[=== 6.5% ]
[=== 6.6% ]
[=== 6.7% ]
[=== 6.9% ]
[==== 6.9% ]
[==== 7.1% ]
[==== 7.2% ]
[==== 7.3% ]
[==== 7.5% ]
[==== 7.6% ]
[==== 7.8% ]
[==== 8.0% ]
[==== 8.1% ]
[==== 8.3% ]
[==== 8.5% ]
[==== 8.6% ]
[===== 8.8% ]
[===== 8.9% ]
[===== 9.1% ]
[===== 9.1% ]
[===== 9.3% ]
[===== 9.4% ]
[===== 9.6% ]
[===== 9.6% ]
[===== 9.8% ]
[===== 9.9% ]
[===== 10.0% ]
[===== 10.2% ]
[===== 10.3% ]
[====== 10.4% ]
[====== 10.6% ]
[====== 10.7% ]
[====== 10.9% ]
[====== 11.2% ]
[====== 11.3% ]
[====== 11.4% ]
[====== 11.5% ]
[====== 11.7% ]
[====== 11.8% ]
[====== 11.9% ]
[====== 12.0% ]
[======= 12.1% ]
[======= 12.3% ]
[======= 12.5% ]
[======= 12.5% ]
[======= 12.7% ]
[======= 12.9% ]
[======= 13.1% ]
[======= 13.2% ]
[======= 13.4% ]
[======= 13.6% ]
[======== 13.8% ]
[======== 14.0% ]
[======== 14.1% ]
[======== 14.2% ]
[======== 14.3% ]
[======== 14.3% ]
[======== 14.6% ]
[======== 14.6% ]
[======== 14.8% ]
[======== 14.9% ]
[======== 15.1% ]
[======== 15.2% ]
[======== 15.4% ]
[========= 15.5% ]
[========= 15.8% ]
[========= 15.8% ]
[========= 16.2% ]
[========= 16.2% ]
[========= 16.2% ]
[========= 16.3% ]
[========= 16.5% ]
[========= 16.5% ]
[========= 16.8% ]
[========= 17.1% ]
[========== 17.3% ]
[========== 17.4% ]
[========== 17.5% ]
[========== 17.7% ]
[========== 17.9% ]
[========== 18.9% ]
[=========== 19.6% ]
[=========== 20.1% ]
[=========== 20.3% ]
[=========== 20.6% ]
[============ 20.8% ]
[============ 21.1% ]
[============ 21.4% ]
[============ 21.4% ]
[============ 21.7% ]
[============ 22.0% ]
[============ 22.2% ]
[============ 22.3% ]
[============= 22.6% ]
[============= 22.9% ]
[============= 23.2% ]
[============= 23.6% ]
[============= 23.9% ]
[============== 24.2% ]
[============== 24.5% ]
[============== 24.8% ]
[============== 24.9% ]
[============== 25.1% ]
[============== 25.3% ]
[============== 25.5% ]
[============== 25.6% ]
[============== 25.7% ]
[============== 25.7% ]
[=============== 25.9% ]
[=============== 26.0% ]
[=============== 26.3% ]
[=============== 26.3% ]
[=============== 26.6% ]
[=============== 26.6% ]
[=============== 26.9% ]
[=============== 26.9% ]
[=============== 26.9% ]
[=============== 27.0% ]
[=============== 27.0% ]
[=============== 27.0% ]
[=============== 27.1% ]
[=============== 27.2% ]
[=============== 27.2% ]
[=============== 27.4% ]
[=============== 27.5% ]
[================ 27.6% ]
[================ 27.7% ]
[================ 27.8% ]
[================ 28.1% ]
[================ 28.3% ]
[================ 28.5% ]
[================ 28.7% ]
[================ 28.8% ]
[================ 28.8% ]
[================ 28.9% ]
[================ 29.1% ]
[================ 29.1% ]
[================ 29.2% ]
[================= 29.4% ]
[================= 29.5% ]
[================= 29.7% ]
[================= 29.7% ]
[================= 29.8% ]
[================= 30.0% ]
[================= 30.2% ]
[================= 30.4% ]
[================= 30.6% ]
[================= 30.9% ]
[================= 31.0% ]
[================== 31.2% ]
[================== 31.2% ]
[================== 31.3% ]
[================== 31.5% ]
[================== 31.7% ]
[================== 31.8% ]
[================== 31.9% ]
[================== 32.1% ]
[================== 32.2% ]
[================== 32.5% ]
[================== 32.6% ]
[=================== 32.8% ]
[=================== 33.1% ]
[=================== 33.1% ]
[=================== 33.1% ]
[=================== 33.3% ]
[=================== 33.4% ]
[=================== 33.7% ]
[=================== 33.7% ]
[=================== 33.9% ]
[=================== 34.0% ]
[=================== 34.1% ]
[=================== 34.2% ]
[=================== 34.4% ]
[==================== 34.6% ]
[==================== 34.9% ]
[==================== 34.9% ]
[==================== 34.9% ]
[==================== 35.2% ]
[==================== 35.2% ]
[==================== 35.5% ]
[==================== 35.6% ]
[==================== 35.7% ]
[==================== 35.9% ]
[==================== 36.2% ]
[===================== 36.2% ]
[===================== 36.5% ]
[===================== 36.8% ]
[===================== 36.9% ]
[===================== 36.9% ]
[===================== 37.0% ]
[===================== 37.0% ]
[===================== 37.1% ]
[===================== 37.1% ]
[===================== 37.1% ]
[===================== 37.2% ]
[===================== 37.4% ]
[===================== 37.5% ]
[===================== 37.6% ]
[====================== 38.0% ]
[====================== 38.0% ]
[====================== 38.0% ]
[====================== 38.1% ]
[====================== 38.1% ]
[====================== 38.2% ]
[====================== 38.2% ]
[====================== 38.3% ]
[====================== 38.3% ]
[====================== 38.3% ]
[====================== 38.3% ]
[====================== 38.4% ]
[====================== 38.4% ]
[====================== 38.5% ]
[====================== 38.5% ]
[====================== 38.5% ]
[====================== 38.6% ]
[====================== 38.6% ]
[====================== 38.6% ]
[====================== 38.6% ]
[====================== 38.6% ]
[====================== 38.6% ]
[====================== 38.7% ]
[====================== 38.7% ]
[====================== 38.8% ]
[====================== 38.9% ]
[====================== 38.9% ]
[====================== 38.9% ]
[====================== 39.0% ]
[====================== 39.0% ]
[====================== 39.0% ]
[====================== 39.1% ]
[====================== 39.2% ]
[====================== 39.2% ]
[====================== 39.2% ]
[====================== 39.2% ]
[====================== 39.3% ]
[====================== 39.4% ]
[====================== 39.4% ]
[====================== 39.5% ]
[====================== 39.5% ]
[====================== 39.5% ]
[====================== 39.6% ]
[======================= 39.7% ]
[======================= 39.7% ]
[======================= 39.8% ]
[======================= 39.8% ]
[======================= 39.8% ]
[======================= 39.9% ]
[======================= 40.0% ]
[======================= 40.0% ]
[======================= 40.2% ]
[======================= 40.2% ]
[======================= 40.2% ]
[======================= 40.2% ]
[======================= 40.3% ]
[======================= 40.3% ]
[======================= 40.4% ]
[======================= 40.5% ]
[======================= 40.5% ]
[======================= 40.5% ]
[======================= 40.6% ]
[======================= 40.7% ]
[======================= 40.8% ]
[======================= 40.8% ]
[======================= 40.9% ]
[======================= 40.9% ]
[======================= 41.0% ]
[======================= 41.1% ]
[======================= 41.1% ]
[======================= 41.1% ]
[======================= 41.2% ]
[======================= 41.3% ]
[======================= 41.4% ]
[======================= 41.4% ]
[======================== 41.5% ]
[======================== 41.5% ]
[======================== 41.6% ]
[======================== 41.7% ]
[======================== 41.7% ]
[======================== 41.7% ]
[======================== 41.8% ]
[======================== 41.9% ]
[======================== 42.0% ]
[======================== 42.0% ]
[======================== 42.1% ]
[======================== 42.1% ]
[======================== 42.2% ]
[======================== 42.3% ]
[======================== 42.3% ]
[======================== 42.4% ]
[======================== 42.4% ]
[======================== 42.6% ]
[======================== 42.7% ]
[======================== 42.9% ]
[======================== 42.9% ]
[========================= 43.2% ]
[========================= 43.2% ]
[========================= 43.4% ]
[========================= 43.5% ]
[========================= 43.7% ]
[========================= 43.8% ]
[========================= 44.1% ]
[========================= 44.2% ]
[========================= 44.4% ]
[========================= 44.5% ]
[========================= 44.5% ]
[========================= 44.5% ]
[========================= 44.7% ]
[========================== 44.9% ]
[========================== 44.9% ]
[========================== 45.1% ]
[========================== 45.2% ]
[========================== 45.4% ]
[========================== 45.4% ]
[========================== 45.6% ]
[========================== 45.7% ]
[========================== 45.9% ]
[========================== 46.0% ]
[========================== 46.1% ]
[========================== 46.2% ]
[========================== 46.3% ]
[========================== 46.4% ]
[===========================46.6% ]
[===========================46.6% ]
[===========================46.8% ]
[===========================46.9% ]
[===========================47.0% ]
[===========================47.1% ]
[===========================47.3% ]
[===========================47.5% ]
[===========================47.5% ]
[===========================47.6% ]
[===========================47.7% ]
[===========================47.8% ]
[===========================47.8% ]
[===========================47.9% ]
[===========================48.0% ]
[===========================48.1% ]
[===========================48.2% ]
[===========================48.3% ]
[===========================48.5% ]
[===========================48.7% ]
[===========================48.8% ]
[===========================48.9% ]
[===========================49.1% ]
[===========================49.3% ]
[===========================49.5% ]
[===========================49.7% ]
[===========================49.8% ]
[===========================50.0% ]
[===========================50.3% ]
[===========================50.6% ]
[===========================50.9% ]
[===========================51.2% ]
[===========================51.5% ]
[===========================51.8% ]
[===========================52.2% ]
[===========================52.3% ]
[===========================52.5% ]
[===========================52.7% ]
[===========================52.9% ]
[===========================53.1% ]
[===========================53.4% ]
[===========================53.6% ]
[===========================53.7% ]
[===========================53.7% ]
[===========================53.7% ]
[===========================53.7% ]
[===========================53.8% ]
[===========================53.8% ]
[===========================53.8% ]
[===========================53.9% ]
[===========================53.9% ]
[===========================53.9% ]
[===========================53.9% ]
[===========================54.0% ]
[===========================54.0% ]
[===========================54.0% ]
[===========================54.1% ]
[===========================54.1% ]
[===========================54.1% ]
[===========================54.2% ]
[===========================54.2% ]
[===========================54.2% ]
[===========================54.2% ]
[===========================54.3% ]
[===========================54.3% ]
[===========================54.3% ]
[===========================54.3% ]
[===========================54.3% ]
[===========================54.3% ]
[===========================54.4% ]
[===========================54.4% ]
[===========================54.4% ]
[===========================54.5% ]
[===========================54.5% ]
[===========================54.5% ]
[===========================54.5% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.7% ]
[===========================54.7% ]
[===========================54.8% ]
[===========================54.8% ]
[===========================54.9% ]
[===========================54.9% ]
[===========================54.9% ]
[===========================54.9% ]
[===========================54.9% ]
[===========================54.9% ]
[===========================54.9% ]
[===========================55.0% ]
[===========================55.0% ]
[===========================55.0% ]
[===========================55.1% ]
[===========================55.1% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.3% ]
[===========================55.3% ]
[===========================55.3% ]
[===========================55.4% ]
[===========================55.4% ]
[===========================55.4% ]
[===========================55.4% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.6% ]
[===========================55.6% ]
[===========================55.6% ]
[===========================55.6% ]
[===========================55.7% ]
[===========================55.8% ]
[===========================55.8% ]
[===========================55.8% ]
[===========================55.8% ]
[===========================55.8% ]
[===========================55.9% ]
[===========================56.0% ]
[===========================56.0% ]
[===========================56.0% ]
[===========================56.0% ]
[===========================56.1% ]
[===========================56.1% ]
[===========================56.1% ]
[===========================56.1% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.3% ]
[===========================56.3% ]
[===========================56.4% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.6% ]
[===========================56.6% ]
[===========================56.6% ]
[===========================56.9%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.4%= ]
[===========================57.4%= ]
[===========================57.4%= ]
[===========================57.4%= ]
[===========================57.4%= ]
[===========================57.5%= ]
[===========================57.5%= ]
[===========================57.5%= ]
[===========================57.6%= ]
[===========================57.9%= ]
[===========================57.9%= ]
[===========================58.0%= ]
[===========================58.7%== ]
[===========================59.1%== ]
[===========================59.5%== ]
[===========================59.6%== ]
[===========================60.0%== ]
[===========================60.2%== ]
[===========================62.3%==== ]
[===========================84.9%================= ]
[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.
========= End of CMD: =========
========= SFC /scannow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
========= End of CMD: =========
========= findstr /c:"[SR]" \windows\logs\cbs\cbs.log =========
FINDSTR: Cannot open \windows\logs\cbs\cbs.log
========= End of CMD: =========
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 23:23:49 ====
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by Bill (administrator) on WAFNAFINCA (LENOVO 80TJ) (07-03-2021 23:04:34)
Running from F:\FRST & Logs
Loaded Profiles: Bill
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Bill\AppData\Roaming\uTorrent\updates\3.5.5_45852\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\Lenovo.Vantage.AddinHost.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\CCSDK\CCSDKUpdateAgent.exe
(LENOVO -> Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Opera Software AS -> Opera Software) C:\Users\Bill\AppData\Local\Programs\Opera\73.0.3856.329\opera_autoupdate.exe <6>
(Opera Software AS -> Opera Software) C:\Users\Bill\AppData\Local\Programs\Opera\launcher.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Bill\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16735744 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029064 2016-12-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Run: [uTorrent] => C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe [2142936 2020-12-21] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Run: [Opera Browser Assistant] => C:\Users\Bill\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-24] (Opera Software AS -> Opera Software)
HKLM\...\Print\Monitors\HP BC11 Status Monitor: C:\WINDOWS\system32\hpinkstsBC11LM.dll [329576 2012-04-02] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\WINDOWS\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04412891-24BC-4138-B241-9ACBB5B10BD1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ba3e974b-7a54-4d01-9b35-5642074231e5 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {0B9E4782-3F11-4BD9-B502-ACB8C8DDB50F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0D01D7CF-0142-4E3A-8CDA-44DDE5E68B0A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [190744 2016-10-07] (CyberLink Corp. -> CyberLink)
Task: {125D2278-CFDB-4F9B-9A81-3738DF7F4082} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {128AEEA2-FA81-4CC0-B80B-6639618A482E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\70f1a305-0974-46c4-81b9-a832b5d80daf => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {1F3CFE37-7A3D-4008-92E1-A38238D2920D} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-07-14] (CyberLink Corp. -> CyberLink Corp.)
Task: {1F63ECA0-3DC8-4C71-84BD-9A845C9CE4B6} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {428E159E-C567-4192-B35A-B507EF56DB81} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe
Task: {4306E8EE-D875-4E21-8AD2-6CF06E2B86A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {505C736C-43A3-4950-A4AD-169F7968A0CC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [347416 2016-09-20] (CyberLink Corp. -> CyberLink Corp.)
Task: {5B32D5FD-7F77-4BC0-B5F7-4C15E8668D0D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1476b519-d184-4f7a-9639-ac6abb60e632 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {7161AC20-430F-490E-9004-D314D1D38F49} - System32\Tasks\Opera scheduled assistant Autoupdate 1602450481 => C:\Users\Bill\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-05] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Bill\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {71DF2009-9FD8-4B03-BDD1-EE40C0276588} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7dde65bf-09bf-4af8-be6a-488d904ac14a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {83AB5A5A-3768-481A-9979-3F5875BFF45A} - System32\Tasks\App Explorer => C:\Users\Bill\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7949992 2020-09-04] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {863EFABC-F3FE-490D-915E-11A545A1245B} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {8EF39545-6CAB-48E6-8BBA-760B4B6E0A84} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {912F49DB-15A7-4E3D-B991-F2D73DA1D7B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {985E9A96-5B7A-42AA-8857-01DB5DA9FEB7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A396DD8D-1D0E-4C7E-9BC0-CDEECE6432CA} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {A3F065C0-3BFD-47C0-B5F5-35C1035099BA} - System32\Tasks\GoogleUpdateTaskMachineCore1d577d8762cc324 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {A9E6EAA3-31FB-41FB-9340-2DD4077F7FB3} - System32\Tasks\GoogleUpdateTaskMachineUA1d577d876fd0f06 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {B02115C7-7BF7-41D2-A3DB-C97460DBAE5D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {BE7E0F4A-5C05-49F3-A56E-52388FCEBD6F} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\ScheduleEventAction.exe [24408 2020-11-05] (Lenovo -> Lenovo Group Ltd.)
Task: {D066E7FF-C582-440E-8C49-FC05B23CBA00} - System32\Tasks\Opera scheduled Autoupdate 1602450444 => C:\Users\Bill\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-05] (Opera Software AS -> Opera Software)
Task: {D08A6BAB-F153-4FD0-ABDC-DEC2F67B7AC1} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [144312 2020-09-15] (Lenovo -> Lenovo Group Ltd.)
Task: {E7B6FACF-DCB0-4669-ABE0-529E742E026E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F21BC763-6A7A-401E-814A-337A9B1CAB8B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62280 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {FF18E6DB-F8D9-4B4A-A3E6-6C43D51FFFF1} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0f40e668-a797-4afa-99ef-56ed6e63d747}: [NameServer] 8.8.8.8,4.2.2.1
Tcpip\..\Interfaces\{0f40e668-a797-4afa-99ef-56ed6e63d747}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Edge:
=======
DownloadDir: C:\Users\Bill\Downloads
Edge Notifications: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> hxxps://www.youtube.com
Edge Profile: C:\Users\Bill\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-06]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-06-11] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2020-12-07]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://ijbhodgieeokalkdiehlkbekkfobohgd/newtab/quicknewtabpage.html"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-03]
CHR Extension: (Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-03]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-03]
CHR Extension: (YouTube Music) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2020-05-18]
CHR Extension: (Sheets) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Track My Package) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbhodgieeokalkdiehlkbekkfobohgd [2018-11-09]
CHR Extension: (Disney+) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbjafbmjpcimpkkihihoideiofnoalmh [2019-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
Opera:
=======
OPR Profile: C:\Users\Bill\AppData\Roaming\Opera Software\Opera Stable [2021-03-07]
OPR Notifications: Opera Stable -> hxxps://app.slack.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Bill\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-25]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\LenovoVantageService.exe [29520 2020-11-05] (Lenovo -> Lenovo Group Ltd.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [947280 2020-06-11] (McAfee, LLC -> McAfee, LLC)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1356872 2019-11-13] (McAfee, LLC. -> McAfee, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AQFileRestore; C:\WINDOWS\System32\DRIVERS\AQFileRestore.sys [21008 2013-03-06] (Avanquest North America Inc. -> )
S3 MpKsl4ecfc8ad; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5A02A22-F607-4E48-AA84-EE85B657569F}\MpKslDrv.sys [91376 2021-01-20] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslf9b7ea3a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5A02A22-F607-4E48-AA84-EE85B657569F}\MpKslDrv.sys [91376 2021-01-20] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-03 23:26 - 2021-03-05 23:28 - 000000000 ____D C:\Users\Bill\AppData\LocalLow\uTorrent
2021-02-28 00:44 - 2021-02-28 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{E6F67BE4-0486-4A0C-AAEF-9B6F3FE4C745}
2021-02-26 01:13 - 2021-02-26 01:13 - 000000000 _____ C:\Users\Bill\AppData\Local\{A4CC12BE-8D91-4277-B4D4-C92D06C59722}
2021-02-25 00:44 - 2021-02-25 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{87B047B3-45E8-4752-9873-2F68E5AD6A48}
2021-02-23 01:13 - 2021-02-23 01:13 - 000000000 _____ C:\Users\Bill\AppData\Local\{874F44C6-BA94-4E63-B606-2E990B65E529}
2021-02-22 00:44 - 2021-02-22 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{82766F52-5FF2-459C-9262-508855615D52}
2021-02-20 01:13 - 2021-02-20 01:13 - 000000000 _____ C:\Users\Bill\AppData\Local\{DE1705CE-D04F-4140-A427-BBE96784712B}
2021-02-19 00:44 - 2021-02-19 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{AEB668B4-B64F-4F92-9259-B0A37B8DACC3}
2021-02-18 00:44 - 2021-02-18 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{990E0723-0F61-4385-8F35-879297D37975}
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-07 23:07 - 2019-07-07 08:02 - 000000000 ____D C:\Users\Bill\AppData\Roaming\uTorrent
2021-03-07 23:05 - 2019-10-11 13:02 - 000000000 ____D C:\FRST
2021-03-07 22:59 - 2020-06-20 18:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-07 22:59 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-07 22:04 - 2018-06-13 16:54 - 000000000 ____D C:\Users\Bill\AppData\Local\Host App Service
2021-03-07 20:44 - 2020-06-20 19:07 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D592D06A-5E9D-4972-914E-084C4C3AA140}
2021-03-06 21:31 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-05 23:26 - 2020-06-20 19:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-05 23:25 - 2019-03-18 20:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-05 23:25 - 2017-08-28 16:47 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-03-05 23:04 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-03 23:21 - 2020-06-20 18:49 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-03 23:21 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-28 23:39 - 2020-09-03 19:47 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Zoom
2021-02-28 23:37 - 2019-06-08 17:02 - 000000000 ____D C:\Users\Bill\AppData\Roaming\vlc
2021-02-28 21:56 - 2020-06-20 18:34 - 000000000 ____D C:\Users\Bill
2021-02-27 01:38 - 2021-01-24 22:16 - 000000000 ____D C:\Users\Bill\AppData\Local\ElevatedDiagnostics
2021-02-05 23:39 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\NDF
==================== Files in the root of some directories ========
2019-06-05 11:04 - 2019-06-05 11:04 - 000000017 _____ () C:\Users\Bill\AppData\Local\resmon.resmoncfg
2021-02-22 00:44 - 2021-02-22 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{82766F52-5FF2-459C-9262-508855615D52}
2021-02-23 01:13 - 2021-02-23 01:13 - 000000000 _____ () C:\Users\Bill\AppData\Local\{874F44C6-BA94-4E63-B606-2E990B65E529}
2021-02-25 00:44 - 2021-02-25 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{87B047B3-45E8-4752-9873-2F68E5AD6A48}
2021-02-18 00:44 - 2021-02-18 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{990E0723-0F61-4385-8F35-879297D37975}
2021-02-26 01:13 - 2021-02-26 01:13 - 000000000 _____ () C:\Users\Bill\AppData\Local\{A4CC12BE-8D91-4277-B4D4-C92D06C59722}
2021-02-19 00:44 - 2021-02-19 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{AEB668B4-B64F-4F92-9259-B0A37B8DACC3}
2021-02-20 01:13 - 2021-02-20 01:13 - 000000000 _____ () C:\Users\Bill\AppData\Local\{DE1705CE-D04F-4140-A427-BBE96784712B}
2021-02-28 00:44 - 2021-02-28 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{E6F67BE4-0486-4A0C-AAEF-9B6F3FE4C745}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Bill (07-03-2021 23:09:07)
Running from F:\FRST & Logs
Windows 10 Home Version 1909 18363.1316 (X64) (2020-06-21 03:09:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1122014046-1530283893-1328058983-500 - Administrator - Disabled)
Bill (S-1-5-21-1122014046-1530283893-1328058983-1003 - Administrator - Enabled) => C:\Users\Bill
DefaultAccount (S-1-5-21-1122014046-1530283893-1328058983-503 - Limited - Disabled)
Guest (S-1-5-21-1122014046-1530283893-1328058983-501 - Limited - Disabled)
hogsp (S-1-5-21-1122014046-1530283893-1328058983-1001 - Administrator - Enabled) => C:\Users\hogsp
WDAGUtilityAccount (S-1-5-21-1122014046-1530283893-1328058983-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{DB929D3C-5DF3-95A0-456F-403306EE69B6}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5F16D84E-851C-29BB-3CBE-A480DBAE3A09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{13D096A7-D644-944F-F99D-82A17015AAE0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{EE08C0D5-792F-B256-A499-ECEC56915562}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{37F9C96B-294A-D6A7-183D-930C8A2F5D68}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DAC91F38-7D04-90FC-19CB-AC1C608012ED}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{40E57BA2-6029-7A5D-A2BE-7D47039159D0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{7A54ECFD-70B7-08DF-D581-8CD04B4CDA09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0F8A189-4C96-0179-ACEE-A98F618FD472}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{60694907-C4DE-A4AE-8DD0-E2E50E3A9C14}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{592C6F67-5D6B-8E34-90B9-2E9D44FC537B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{06B55CAD-9FF0-EE80-954C-32FA86AED3BF}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{3B613BFA-C0AC-5FBF-29B1-3C362DFE417B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3364BA9-283A-2B4C-2DED-90C284A54B8D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{6E30A3B3-5427-9D91-5878-BD61820C5671}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{1E282415-8F60-005E-58C2-8FA7A7A391FB}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{8384ACC1-D00D-3818-8C45-E41E3C3FC6F9}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{DA4880B9-F477-386C-B07D-E13A7F4565C4}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{0FEDC0A5-8ED6-1A59-78A4-35E82784E3E0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3BF8C0EC-3127-F42D-78B7-7C5C9E682657}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{3F6354FB-8E86-4BEF-A53F-141D1493EE6D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Kindle Create (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Kindle Create) (Version: 1.38.37.0 - Amazon)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo App Explorer (HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Host App Service) (Version: 0.273.4.172 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.4.16.0 - Lenovo Group Ltd.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.109 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 - Mojang)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation)
OpenOffice 4.1.7 Language Pack (English) (HKLM-x32\...\{307DADC3-1571-4391-95FB-11FD2A73D6E0}) (Version: 4.17.9800 - Apache Software Foundation)
Opera Stable 73.0.3856.329 (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Opera 73.0.3856.329) (Version: 73.0.3856.329 - Opera Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Checkbook HD -> C:\Program Files\WindowsApps\iBearLLC.CheckbookHD_1.0.1.24_x64__pyxe037ww88ja [2017-09-01] (iBear LLC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-08-28] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2011.20.0_x64__k1h2ywk1493x8 [2020-11-26] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.8.12113.0_x64__8wekyb3d8bbwe [2021-01-08] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
MobileDiscord PTB -> C:\Program Files\WindowsApps\11359TimothyLiang.MobileDiscordPTB_1.1.7.0_x64__x50kx86and41j [2019-05-21] (Timothy Liang)
PDF Reader - View, Edit, Share -> C:\Program Files\WindowsApps\0D9A1B2D.PDFReaderUWP_1.11.0.0_x64__jhretta7p24aw [2020-11-18] (Kdan Mobile Software Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-11] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-16] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Bill\Desktop\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
==================== Loaded Modules (Whitelisted) =============
2016-06-29 18:13 - 2016-06-29 18:13 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-12-29 23:45 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2020-06-20 19:21 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> DefaultScope {C2D675D5-F7B8-4FCF-930A-DCEC2DE6332F} URL =
SearchScopes: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> {C2D675D5-F7B8-4FCF-930A-DCEC2DE6332F} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-06-11] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-06-11] (McAfee, LLC -> McAfee, LLC)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 03:47 - 2016-07-16 03:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 8.8.8.8 - 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\StartupApproved\Run: => "iCloudServices"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EE64224A-5E83-49CE-9627-BF8061046D31}] => (Allow) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B41F501C-260B-4E9E-BC8B-5A2668457803}] => (Allow) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CCAE9208-600C-47D2-A2D3-216686CA70D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{0545FF5F-8239-477C-8C0E-EF5179531532}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{6F5BAF2B-F0AB-4FE4-B28F-87A1B2EB9C06}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{443D41B2-980E-49A0-8A7F-403411B44938}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9333D96B-683A-4D19-A1A0-E593FFCAAE5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8AC95417-3A08-442F-AB06-9D7E55C0D733}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{176C77FE-F7F4-4448-B335-95C5EA3E2C3C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{055F68B6-A0C7-4E2B-87A3-18843AE8DFE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{12F08132-AE67-4E0C-8C5C-5F74A81A8DC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E19529CF-0BBB-4021-8B71-317076A31EB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3ADCD76C-B00C-48A7-B7AA-3CA0FE939727}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{48E17121-9BF0-4E1A-A726-FE9BDFA7E3EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{76B01ED0-A0C8-41E3-832E-6F492FF32AF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3392EEA0-501E-4374-8A06-F27C09C686F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CA995C1B-55EE-4DA4-9994-9628FD027F31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{870DB8C2-4266-430A-9D8D-D06A8B059F40}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4702B7FB-9B51-4099-81F1-6C562B37033B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E97C6C2-DC7D-47CD-BE21-DB7060060548}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E153186-4238-47AC-B865-30F45C8C2D1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A941C41B-CC11-4044-B7F3-0AB219D02388}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3B53591-09C4-4970-961F-7D3083EDBC4A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0E5B540E-9A02-4C0C-B289-7DE71EF1602A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{915018EF-5462-49EF-A704-C485AF06365F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C5F75F58-C770-4733-83D6-2CFE28F1B243}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{2AC84A23-C1D4-47B6-8281-32F0BCCD40F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
==================== Restore Points =========================
12-02-2021 15:41:51 Scheduled Checkpoint
04-03-2021 09:22:46 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname WafnaFinca.local already in use; will try WafnaFinca-2.local instead
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 WafnaFinca.local. Addr 192.168.0.7
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 16 WafnaFinca.local. AAAA 2600:8801:DD0A:5800:09C9:2558:429F:AEB1
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 WafnaFinca.local. AAAA FE80:0000:0000:0000:D14A:0697:D7A5:1661
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 16 WafnaFinca.local. AAAA 2600:8801:DD0A:5800:09C9:2558:429F:AEB1
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 WafnaFinca.local. AAAA 2600:8801:DD0A:5800:70A3:4DC2:7088:3967
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 16 WafnaFinca.local. AAAA 2600:8801:DD0A:5800:09C9:2558:429F:AEB1
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 WafnaFinca.local. AAAA 2600:8801:DD0A:5800:D14A:0697:D7A5:1661
System errors:
=============
Error: (03/07/2021 10:33:45 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/07/2021 09:31:53 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/07/2021 08:31:41 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/07/2021 07:32:00 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/07/2021 07:26:35 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/07/2021 06:34:00 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/07/2021 05:33:47 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (03/07/2021 04:33:45 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2020-08-08 20:34:58.125
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\chrome_elf.dll that did not meet the Microsoft signing level requirements.
Date: 2020-07-31 14:25:13.532
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-07-31 14:25:13.514
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-07-31 14:25:09.052
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-07-31 14:25:09.006
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-07-31 14:25:08.853
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-07-31 14:25:08.832
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-07-31 14:25:02.318
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-07-31 14:25:01.440
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-03-07 05:26:36.918
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-03-06 23:46:04.820
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2021-03-06 23:46:04.817
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2021-03-06 23:46:04.815
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2021-03-06 23:45:00.885
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2021-03-06 23:45:00.883
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out
==================== Memory info ===========================
BIOS: Lenovo 1QCN32WW 08/18/2016
Motherboard: LENOVO Nano 5A8
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 70%
Total physical RAM: 3490.6 MB
Available physical RAM: 1043.63 MB
Total Virtual: 7842.6 MB
Available Virtual: 4671.69 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:421.72 GB) (Free:58.07 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.65 GB) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive f: (Lexar) (Removable) (Total:59.61 GB) (Free:59.2 GB) FAT32
\\?\Volume{fffa446e-bbc3-470c-bdda-07cab47dc692}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{9e3476dd-c963-469d-aa8f-4bc29e9838d9}\ (LENOVO_PART) (Fixed) (Total:16.82 GB) (Free:6.24 GB) NTFS
\\?\Volume{840cf185-c678-4fc9-8a86-f21efa62129e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F73B760)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 59.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================