Hi!
I've been getting a LOT of NSFW pop ups. I've disabled them in my Chrome. When I think I've mostly deleted them, they always return so I've left them disabled for now.
Also, I have Chrome as my default browser, but whenever I restart, it goes to Yahoo or Bing? I have no idea why. Again, I always remove from my search engine list and they always come back.
My computer has been running a little slower and I used to have McAfee but that expired years ago.
Please help? Is my computer infected?
Logs below:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by nicz8 (administrator) on DESKTOP-T35MG81 (LENOVO 80X6) (11-09-2022 19:09:17)
Running from C:\Users\nicz8\Desktop
Loaded Profiles: nicz8
Platform: Microsoft Windows 10 Home Version 21H1 19043.1889 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee LLC) C:\Windows\System32\mfevtps.exe <2>
(C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\mcafee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(C:\Program Files\mcafee\WebAdvisor\uihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe <6>
(C:\Program Files\Tablet\ISD\WacomHost.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(C:\Program Files\Tablet\ISD\WTabletServiceISD.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(C:\Program Files\Tablet\ISD\WTabletServiceISD.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCopyAccelerator.exe
(C:\Users\nicz8\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe ->) (Skype Software Sarl -> ) C:\Users\nicz8\AppData\Local\Temp\is-LUME7.tmp\Skype-Setup.tmp
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <3>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\browserhost.exe
(explorer.exe ->) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(explorer.exe ->) (Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe
(explorer.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <101>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igfxEM.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\IntelCpHeciSvc.exe
(services.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (LENOVO -> Lenovo) C:\Program Files\Lenovo\YMC\ymc.exe
(services.exe ->) (McAfee, Inc. -> McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.7.371.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe <2>
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe
(services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Users\nicz8\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
(svchost.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(svchost.exe ->) (McAfee, LLC -> ) C:\Program Files (x86)\McAfee Security Scan\4.1.262\McUpdaterModule.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files (x86)\McAfee Security Scan\4.1.262\SSScheduler.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22062.536.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\consent.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (SweetLabs Inc -> SweetLabs, Inc) C:\Users\nicz8\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781312 2017-02-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-02-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-02-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [APP] => C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe [963376 2016-10-27] (Dolby Laboratories, Inc. -> )
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.33\Installer\setup.exe [3324344 2022-09-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2126566057-4181855661-943989508-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91585088 2020-03-31] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2126566057-4181855661-943989508-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\nicz8\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2126566057-4181855661-943989508-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\nicz8\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2126566057-4181855661-943989508-1001\...\RunOnce: [Uninstall 22.151.0717.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\nicz8\AppData\Local\Microsoft\OneDrive\22.151.0717.0001" (No File)
HKLM\...\Windows x64\Print Processors\Canon TS300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDV.DLL [482816 2017-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS300 series: C:\WINDOWS\system32\CNMLMDV.DLL [1302016 2017-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\105.0.5195.102\Installer\chrmstp.exe [2022-09-11] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2022-08-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\4.1.262\SSScheduler.exe (McAfee, LLC -> McAfee, LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09F8ECF5-6292-4067-AEF5-88BEE5B0A7DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6570472 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {1B977145-C117-42D2-BA89-0206CCE0E5C3} - System32\Tasks\McUpdaterModuleTask => C:\Program Files (x86)\McAfee Security Scan\4.1.262\McUpdaterModule.exe [3512600 2022-06-23] (McAfee, LLC -> )
Task: {1D6FA44E-65B7-4121-B01C-2A7224353DDE} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe (No File)
Task: {234DBE84-DDF3-41C0-A8F4-010E33F33516} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {254353FB-348E-43EF-B4CF-B19F952F5D95} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [745296 2017-10-04] (McAfee, Inc. -> McAfee, Inc.)
Task: {26438B70-2F15-4291-8AA9-EDF9799AEFDF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A98DF94-BF7C-4533-B7CA-F40D5B084514} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4CC4FDF7-25A0-41C7-8FB6-12DF875EB57F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {5A97C3E8-72E6-458C-833C-5214AD70ED19} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\028e192b-a1f1-4375-96be-23f18df75679 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {6077E522-7BDA-480B-ADB8-92D25E066A99} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\855aa72c-dfc5-47c6-b481-90d18cdaa6f8 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {66D183F5-99B4-4211-BE7E-FB37780D1855} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1015416 2017-07-24] (McAfee, Inc. -> McAfee, Inc.)
Task: {794BA88A-EF09-4A49-B749-2A646AAF0D9F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\eb1f11d4-4ad8-4ec9-b91d-4bca5eaea8da => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {7B94BF6D-187D-48C7-AA8E-849A7152ACBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-20] (Google Inc -> Google Inc.)
Task: {8B30D4AC-0967-4C93-8112-A6D4424DB57C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4560960 2022-06-27] (McAfee, LLC -> McAfee, LLC)
Task: {9F484312-0659-4703-94FE-3BB356A21464} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0f8b63f6-8596-4c9f-8616-39a976081da5 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {A375F4C5-31E2-412B-8259-D1F224191056} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A3813C09-7FE9-4A0B-A09F-69357D25BF22} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {A6330C81-A5E8-4B39-8B6B-C688C24F82AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6570472 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {A941E3D8-086F-4592-A522-CB13D593B3C8} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [147864 2022-05-12] (Lenovo -> Lenovo Group Ltd.)
Task: {AB9D833F-8449-4F12-BDD8-1D6AB6D88BAB} - System32\Tasks\SecurityScannerScheduler => C:\Program Files (x86)\McAfee Security Scan\4.1.262\SSScheduler.exe [814872 2022-06-23] (McAfee, LLC -> McAfee, LLC)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {AC4D8C0B-8AF9-4C7E-B768-72651E067634} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1015416 2017-07-24] (McAfee, Inc. -> McAfee, Inc.)
Task: {B674EDBE-FE1C-4273-89E3-E26561249C06} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116632 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {C45B3F37-DA14-41F3-AC15-C317AA326E9B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1555696 2022-08-03] (Adobe Inc. -> Adobe Inc.)
Task: {D36FFA16-1B54-40B6-AC6D-88F5CF30D5BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D90CAE8F-15A5-423D-BC27-889D9FC5BAD8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116632 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {DED4DAFA-6CE4-4D22-9EBB-382412B6116C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.7.104\DADUpdater.exe [4089168 2022-02-08] (McAfee, LLC -> McAfee, LLC)
Task: {E35849B1-741E-439E-9936-DC3891AAEAB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EA8E2548-A120-48D9-B56F-275CB8CA5E4C} - System32\Tasks\App Explorer => C:\Users\nicz8\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7890976 2022-05-23] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION
Task: {F16E7B30-6F5E-4F07-8414-31B18ADD90F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-20] (Google Inc -> Google Inc.)
Task: {F87F90F6-62A5-422A-B935-E8129F0A511C} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {F8AA1377-15DA-4E2F-BCD5-FC97EBBF19F8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\53770f90-b57c-43ef-b586-d389ee35bcde => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.26
Tcpip\..\Interfaces\{d8bb469e-622d-452c-bc58-8ced83f41aba}: [DhcpNameServer] 192.168.0.1 205.171.2.26
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\nicz8\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-03]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2022-09-01] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-26] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] (McAfee, Inc. -> )
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] (McAfee, Inc. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-09-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default [2022-08-13]
CHR Notifications: Default -> hxxps://www.bostonmarket.com; hxxps://www.mirta.com; hxxps://www.sephora.com; hxxps://www.yesstyle.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://intra.bmwgroup.net/China/NSC_Intranet/
CHR StartupUrls: Default -> "hxxps://www.bing.com/?PC=PV02"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US714G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Slides) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (YouTube) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-20]
CHR Extension: (DownAlbum) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2020-10-29]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-02-17]
CHR Extension: (Sheets) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-17]
CHR Extension: (Helium Backup) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpglbgbpeobllokpmeagpoagjbfknanl [2018-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR Profile: C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-04-02]
CHR Profile: C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-09-11]
CHR Notifications: Profile 1 -> hxxps://1.dating-roo2.site; hxxps://idea-shopping.xyz
CHR Extension: (LightSurf) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eeelmcphjdlldmbaamlckoifefbncbaf [2022-08-21]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-08-28]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-26]
CHR Profile: C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-04-10]
CHR Extension: (Slides) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-29]
CHR Extension: (Docs) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-29]
CHR Extension: (Google Drive) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-29]
CHR Extension: (YouTube) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-29]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-10]
CHR Extension: (Sheets) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-04-10]
CHR Extension: (Google Docs Offline) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-29]
CHR Extension: (Gmail) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-29]
CHR Profile: C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-08-13]
CHR Extension: (Slides) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-08]
CHR Extension: (Docs) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-08]
CHR Extension: (Google Drive) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-08]
CHR Extension: (YouTube) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-08]
CHR Extension: (Adobe Acrobat) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-19]
CHR Extension: (Sheets) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-08]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-12-16]
CHR Extension: (Google Docs Offline) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-08]
CHR Extension: (Gmail) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-08]
CHR Profile: C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4 [2022-04-10]
CHR Extension: (Slides) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-03-26]
CHR Extension: (Docs) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2022-03-26]
CHR Extension: (Google Drive) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-03-26]
CHR Extension: (YouTube) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-03-26]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-03-26]
CHR Extension: (Sheets) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-03-26]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-26]
CHR Extension: (Gmail) - C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-03-26]
CHR Profile: C:\Users\nicz8\AppData\Local\Google\Chrome\User Data\System Profile [2022-04-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
Opera:
=======
OPR Profile: C:\Users\nicz8\AppData\Roaming\Opera Software\Opera Stable [2019-11-23]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172264 2022-08-03] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12102608 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc. -> McAfee, Inc.)
R2 DAXAPI; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [147760 2017-01-16] (Dolby Laboratories, Inc. -> )
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [819040 2022-09-01] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc. -> McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2016-11-15] (McAfee, Inc. -> McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\4.1.262\McCHSvc.exe [330288 2022-06-23] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc. -> McAfee, Inc.)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1257520 2021-05-03] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee, Inc. -> McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee, Inc. -> McAfee LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee, Inc. -> McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc. -> McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc. -> McAfee, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ymc; C:\Program Files\Lenovo\YMC\ymc.exe [49032 2016-12-23] (LENOVO -> Lenovo)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee, Inc. -> McAfee LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-10] (McAfee, Inc. -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee, Inc. -> McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee, Inc. -> McAfee LLC)
R3 MpKsl946daeec; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06C9E4FA-6C80-42D7-ADB0-61CA4451C613}\MpKslDrv.sys [228600 2022-09-11] (Microsoft Windows -> Microsoft Corporation)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [132248 2016-12-07] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-09-11 19:06 - 2022-09-11 19:06 - 002371072 _____ (Farbar) C:\Users\nicz8\Desktop\FRST64 (1).exe
2022-09-11 19:06 - 2022-09-11 19:06 - 000000000 ____D C:\Users\nicz8\Downloads\FRST-OlderVersion
2022-09-02 15:59 - 2022-09-02 15:59 - 000167949 _____ C:\Users\nicz8\OneDrive\Documents\canon receipt.pdf
2022-08-13 18:02 - 2022-08-13 18:02 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-13 18:02 - 2022-08-13 18:02 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-13 18:02 - 2022-08-13 18:02 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-13 18:02 - 2022-08-13 18:02 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-13 18:02 - 2022-08-13 18:02 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-13 18:02 - 2022-08-13 18:02 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-13 18:02 - 2022-08-13 18:02 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-13 18:02 - 2022-08-13 18:02 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-13 17:49 - 2022-08-13 17:49 - 000000000 ___HD C:\$WinREAgent
2022-08-13 17:15 - 2022-08-13 17:15 - 000003206 _____ C:\WINDOWS\system32\Tasks\SecurityScannerScheduler
2022-08-13 17:15 - 2022-08-13 17:15 - 000003204 _____ C:\WINDOWS\system32\Tasks\McUpdaterModuleTask
2022-08-13 17:14 - 2022-08-13 17:14 - 000002174 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2022-08-13 17:14 - 2022-08-13 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2022-08-13 17:13 - 2022-08-13 17:13 - 000000000 ____D C:\ProgramData\McAfee Security Scan
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-09-11 19:10 - 2019-11-20 20:32 - 000037309 _____ C:\Users\nicz8\Desktop\FRST.txt
2022-09-11 19:09 - 2019-11-20 20:29 - 000000000 ____D C:\FRST
2022-09-11 18:55 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-11 18:51 - 2017-08-20 02:04 - 000000000 ____D C:\Program Files (x86)\Google
2022-09-11 18:33 - 2020-09-30 00:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-09-11 12:14 - 2017-08-20 01:54 - 000000000 ____D C:\Users\nicz8\AppData\Local\Host App Service
2022-09-11 08:57 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-11 08:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-09-11 08:56 - 2020-09-30 00:09 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-09-11 08:56 - 2017-08-20 02:06 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-09-11 08:56 - 2017-08-20 02:06 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-09-11 08:55 - 2018-04-19 20:18 - 000000000 ____D C:\Users\nicz8\AppData\Local\Packages
2022-09-11 08:55 - 2017-08-23 01:52 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-09-11 08:54 - 2018-04-19 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2022-09-11 08:50 - 2020-05-24 00:26 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-11 08:50 - 2020-05-24 00:26 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-09-11 08:50 - 2018-01-20 10:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-09-01 20:09 - 2021-12-16 22:42 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2126566057-4181855661-943989508-1001
2022-09-01 20:09 - 2020-09-30 00:09 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2126566057-4181855661-943989508-1001
2022-09-01 20:09 - 2020-09-30 00:01 - 000002386 _____ C:\Users\nicz8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-01 20:07 - 2020-09-30 00:09 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-09-01 20:07 - 2020-09-30 00:09 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-08-28 13:46 - 2021-11-08 20:44 - 000000000 ____D C:\Users\nicz8\AppData\Local\D3DSCache
2022-08-28 08:39 - 2021-05-03 11:26 - 000000000 ____D C:\ProgramData\CanonIJPLM
2022-08-28 08:36 - 2020-09-30 00:09 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-08-28 08:36 - 2020-09-30 00:09 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-08-13 19:46 - 2020-09-30 02:46 - 000428838 _____ C:\WINDOWS\system32\prfh0804.dat
2022-08-13 19:46 - 2020-09-30 02:46 - 000133344 _____ C:\WINDOWS\system32\prfc0804.dat
2022-08-13 19:46 - 2020-09-30 00:03 - 001390218 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-08-13 19:46 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-08-13 19:41 - 2020-09-30 00:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-13 19:41 - 2020-09-30 00:00 - 000473928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-13 19:41 - 2020-09-30 00:00 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-13 19:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-08-13 19:41 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-08-13 19:41 - 2017-08-20 01:57 - 000000000 __SHD C:\Users\nicz8\IntelGraphicsProfiles
2022-08-13 19:41 - 2017-07-29 23:58 - 000000000 ____D C:\Program Files (x86)\McAfee
2022-08-13 19:41 - 2017-07-29 23:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-08-13 19:40 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-13 19:40 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-13 19:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-13 19:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-13 19:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-13 19:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-13 19:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-13 19:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-13 19:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-13 19:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-13 19:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-13 18:09 - 2020-09-30 00:09 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2022-08-13 18:06 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-13 18:02 - 2020-09-30 00:04 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-13 17:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-13 17:47 - 2017-08-21 06:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-13 17:42 - 2017-08-21 06:48 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-13 17:15 - 2017-07-29 23:58 - 000000000 ____D C:\ProgramData\McAfee
2022-08-13 17:14 - 2022-05-22 10:20 - 000000000 ____D C:\Program Files (x86)\McAfee Security Scan
2022-08-13 17:09 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by nicz8 (11-09-2022 19:11:27)
Running from C:\Users\nicz8\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1889 (X64) (2020-09-30 05:10:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2126566057-4181855661-943989508-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2126566057-4181855661-943989508-503 - Limited - Disabled)
Guest (S-1-5-21-2126566057-4181855661-943989508-501 - Limited - Disabled)
nicz8 (S-1-5-21-2126566057-4181855661-943989508-1001 - Administrator - Enabled) => C:\Users\nicz8
WDAGUtilityAccount (S-1-5-21-2126566057-4181855661-943989508-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.002.20212 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601013}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.00.4.51 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon TS300 series On-screen Manual (HKLM-x32\...\Canon TS300 series On-screen Manual) (Version: 1.1.0 - Canon Inc.)
Canon TS300 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS300_series) (Version: - Canon Inc.)
darktable (HKLM\...\darktable) (Version: 3.4.1.1 - the darktable project)
Dolby Atmos Windows API SDK (HKLM\...\{4A2D8823-7CFF-4B1D-9A8A-1807645FFB4E}) (Version: 1.0.1.12 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3FC92273-FEF4-4C0B-9AF4-F38D747EB765}) (Version: 1.0.0.10 - Dolby Laboratories, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 105.0.5195.102 - Google LLC)
Intel® Chipset Device Software (HKLM\...\{81520FC5-3518-40E9-9803-70CE8A801D07}) (Version: 10.1.1.38 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{A6B270EC-19A3-4B33-B78A-297EC57E5B2F}) (Version: 11.6.0.1039 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation) Hidden
Lenovo App Explorer (HKU\S-1-5-21-2126566057-4181855661-943989508-1001\...\Host App Service) (Version: 0.273.4.468 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
LINE (HKU\S-1-5-21-2126566057-4181855661-943989508-1001\...\LINE) (Version: 5.11.4.1836 - LINE Corporation)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 4.1.262.1 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.33 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.33 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.15427.20210 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2126566057-4181855661-943989508-1001\...\OneDriveSetup.exe) (Version: 22.166.0807.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mylio (HKLM\...\{005E1001-1B62-491C-8B92-661E112A6546}) (Version: 3.12.7092.0 - Mylio, LLC) Hidden
Mylio (HKLM-x32\...\{333af088-8b57-48b7-a31d-9eecfe31638d}) (Version: 3.12.7092.0 - Mylio, LLC)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15427.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Skype version 8.58 (HKLM-x32\...\Skype_is1) (Version: 8.58 - Skype Technologies S.A.)
Sparkol VideoScribe (HKLM-x32\...\{DD0825FB-0B47-48B8-BAC2-B27F1D63FEAB}) (Version: 3.0.9003 - Sparkol) Hidden
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 3.0.9003) (Version: 3.0.9003 - Sparkol)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stagelight (HKLM\...\Stagelight) (Version: 3.0.3.6229 - Open Labs, LLC.)
TurboTax 2017 wiapbpm (HKLM-x32\...\{1EEA0422-07ED-41AC-8084-B901A5B2770F}) (Version: 017.000.0312 - Intuit Inc.) Hidden
TurboTax 2017 WinBizFedFormset (HKLM-x32\...\{DC6E9B3E-41FA-46D7-8F83-4BA1E2A76D95}) (Version: 017.000.1323 - Intuit Inc.) Hidden
TurboTax 2017 WinBizReleaseEngine (HKLM-x32\...\{14B2DB5A-45A2-45D5-AEF4-83A1046D847E}) (Version: 017.000.0485 - Intuit Inc.) Hidden
TurboTax 2017 WinBizTaxSupport (HKLM-x32\...\{B626F5E1-668F-4298-9352-400746786DED}) (Version: 017.000.0890 - Intuit Inc.) Hidden
TurboTax 2017 wrapper (HKLM-x32\...\{C00030AF-035D-4D5A-909C-A860A155C420}) (Version: 017.000.0126 - Intuit Inc.) Hidden
TurboTax Business 2017 (HKLM-x32\...\TurboTax Business 2017) (Version: 2017.0 - Intuit, Inc)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-3) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-4) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-5) (Version: 1.0.54.1 - Intel Corporation Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-23 - Wacom Technology Corp.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.756 - McAfee, LLC)
WhoCrashed 6.65 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-10] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.21.71.0_x64__kgqvnymyfvs32 [2022-07-24] (king.com)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa [2022-05-23] (Apple Inc.) [Startup Task]
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-07-29] (Keeper Security Inc)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-08-20] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2018-03-26] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2208.7.0_x64__k1h2ywk1493x8 [2022-08-20] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9020.0_x64__8wekyb3d8bbwe [2022-09-11] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.2201.0_x64__8wekyb3d8bbwe [2022-09-01] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-08-20] (Plex)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igfxDTCM.dll [2017-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc. -> McAfee, Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\nicz8\Desktop\Nicole - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\nicz8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Helium Backup.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gpglbgbpeobllokpmeagpoagjbfknanl
==================== Loaded Modules (Whitelisted) =============
2021-05-03 18:41 - 2017-07-05 13:49 - 000593920 _____ (CANON INC.) [File not signed] [File is in use] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2021-05-03 18:41 - 2017-07-05 13:43 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2020-04-20 17:53 - 2020-04-20 17:53 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2020-04-20 17:53 - 2020-04-20 17:53 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2126566057-4181855661-943989508-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2126566057-4181855661-943989508-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2126566057-4181855661-943989508-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-01-25] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-01-25] (McAfee, Inc. -> McAfee, Inc.)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 16:03 - 2022-08-13 17:15 - 000000865 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2126566057-4181855661-943989508-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{37B3A384-E450-404C-BEA3-9450E7DA18C1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E7D70699-C9CA-4053-B021-59C8399B9D4F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{985C433C-047D-4602-97E1-0ED887339089}] => (Allow) C:\Users\nicz8\AppData\Local\LINE\bin\5.10.0.1789\LineUpdater.exe (LINE Corporation -> LINE Corporation)
FirewallRules: [{5E47C5B4-6BF5-498F-83BE-A639A48521E4}] => (Allow) C:\Users\nicz8\AppData\Local\LINE\bin\5.10.0.1789\LineUpdater.exe (LINE Corporation -> LINE Corporation)
FirewallRules: [{2F923BAD-A768-4736-B430-EC55D5F7BA60}] => (Allow) C:\Users\nicz8\AppData\Local\LINE\bin\5.10.0.1789\LINE.exe (LINE Corporation -> LINE Corporation)
FirewallRules: [{C3F1FE33-25B1-4678-B08B-4FB738626F9C}] => (Allow) C:\Users\nicz8\AppData\Local\LINE\bin\5.10.0.1789\LINE.exe (LINE Corporation -> LINE Corporation)
FirewallRules: [{BC30834D-13FE-4617-89C9-D23B3F9DE2B6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{99D4DF19-76F3-4F1B-BB1C-4FF49029C914}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{8F5B8066-4388-4586-98DF-A4993BDAF0AD}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{D7D21A45-BD6D-4360-80DF-7C31046B76A0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{F8D8559A-1435-470C-AC86-27CC10B2571E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{753327F0-9644-4966-822D-31080D36E3B8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{DCB5FC85-43C8-498A-9E82-B4DB7E409DAA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{B278BA47-688C-4BE0-AFBB-E84944891CBC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{358C1194-1C30-4061-B8AC-13BEA2DF7FA5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{3ACF6AEB-1F49-4A7B-AF4D-9A70E2725DE6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67599174-D798-4DCB-A7AD-4682C2C104B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C7495B4-A205-43FF-BA8F-05AA55A35B08}] => (Allow) C:\Program Files\Mylio\Mylio.exe (MYLIO, LLC -> Mylio LLC)
FirewallRules: [{1DDFB1C9-D4D9-4D7E-9E59-B3C49019B788}] => (Allow) C:\Program Files\Mylio\Mylio.exe (MYLIO, LLC -> Mylio LLC)
FirewallRules: [{BA748F57-778C-44B8-89B0-3C8E71F1ADAE}] => (Allow) C:\Users\nicz8\AppData\Local\Temp\win-ts300-1_2-n_mcd\win\MSetup64.exe => No File
FirewallRules: [{0B466E53-82D9-4E8C-930D-C14247FC997C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DD17EA51-F596-4377-98F5-1CB3C751AB9F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA4ADB30-32E9-471E-B50A-D7397AF75CDC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{366A9B4F-B151-436F-B697-F902AD158230}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C7425F0E-BB39-4151-B7C4-3815406160CB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7B271025-BC00-4685-887C-A267C2C72B61}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{89329FEB-6125-4E1F-A6C8-32402A0207FD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3A369B41-6D28-467B-95E2-BA8656A1E030}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13508D2F-D0FC-4522-BC64-5D5C26F387A4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BB70D2E3-837B-4BCA-A7BE-95C2083A8999}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6B517CDF-C3AB-4FCC-9249-20A2668AD622}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4FDB47B-8724-4732-864E-9E44F9D3D434}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A3FDB38-7E73-44B1-907D-9F38603C4296}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.33\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C7F7EB77-1123-4EB3-831A-90E18B12C2BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7DDD999B-6240-42D0-99D7-EE027D27C1B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1C6A57F1-D3BD-494F-B2B3-DB768A6E323E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AAE29C16-0C04-47B2-88C3-C4263C9E0FBF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8FA3F7EC-4C48-4336-892C-6C6705467D29}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
21-08-2022 14:22:06 Scheduled Checkpoint
01-09-2022 21:17:31 Scheduled Checkpoint
11-09-2022 09:10:35 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (08/14/2022 05:35:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1889 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3378
Start Time: 01d8af78166246d3
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: a4ab6bd8-adde-4645-915c-602041aad39a
Faulting package full name: Microsoft.Windows.Search_1.14.6.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Navigation
Error: (08/13/2022 07:44:39 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (08/13/2022 07:43:26 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (08/13/2022 05:10:54 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (08/04/2022 07:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.19041.1806, time stamp: 0x7dcad237
Faulting module name: ntdll.dll, version: 10.0.19041.1806, time stamp: 0x1000a5b9
Exception code: 0xc0000005
Fault offset: 0x0000000000030ee8
Faulting process id: 0x3e80
Faulting application start time: 0x01d8a85ea48ab3f1
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 86262ed3-342e-48ad-be1a-1c3eb4bceb9c
Faulting package full name:
Faulting package-relative application ID:
Error: (07/29/2022 09:51:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program svchost.exe version 10.0.19041.1806 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: b80
Start Time: 01d89c9bd6752602
Termination Time: 4294967295
Application Path: C:\Windows\System32\svchost.exe
Report Id: ea60f326-ce65-4c85-923e-6160028cf0fe
Faulting package full name:
Faulting package-relative application ID:
Hang type: Cross-process
Error: (07/20/2022 07:53:27 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (07/20/2022 07:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.19041.1806, time stamp: 0x7dcad237
Faulting module name: combase.dll, version: 10.0.19041.1741, time stamp: 0xafbf9ef6
Exception code: 0xc0000005
Fault offset: 0x0000000000042b28
Faulting process id: 0x2dd4
Faulting application start time: 0x01d89c9c1d650f6e
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 5e92c5ef-d104-453c-b8d1-42df7b78813c
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (09/11/2022 04:30:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T35MG81)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (09/11/2022 08:55:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (09/01/2022 08:11:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (08/28/2022 08:48:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (08/20/2022 01:49:54 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (08/20/2022 01:49:54 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (08/20/2022 01:49:54 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (08/20/2022 01:49:54 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Windows Defender:
================
Date: 2022-09-11 09:00:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-09-03 01:41:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-09-02 16:11:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-09-01 20:17:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-08-28 09:05:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2022-02-15 20:26:05
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.355.2132.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18800.4
Error code: 0x8024402f
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2021-11-19 19:48:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.669.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2021-11-19 19:48:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.669.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2021-06-30 13:44:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.119.0
Previous security intelligence Version: 1.341.1614.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-30 13:44:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.119.0
Previous security intelligence Version: 1.341.1614.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
CodeIntegrity:
===============
Date: 2022-09-11 18:33:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-11 08:59:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-11 08:48:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 1YCN30WW(V1.07) 06/14/2017
Motherboard: LENOVO Lenovo YOGA 720-13IKB
Processor: Intel® Core i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 94%
Total physical RAM: 8034.39 MB
Available physical RAM: 454.33 MB
Total Virtual: 16621.88 MB
Available Virtual: 2475.97 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:100.62 GB) (Model: NVMe INTEL SSDPEKKW25) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.43 GB) (Model: NVMe INTEL SSDPEKKW25) NTFS
\\?\Volume{518f5e61-ba9f-4b70-852c-9437ce5de1a4}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{e17cf99c-0739-4dd5-8122-ae65e303b6d9}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B9DA0316)
Partition: GPT.
==================== End of Addition.txt =======================