Hi I was able to run Farbar when I turned my firewall off. Here is this report first.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2021
Ran by user (administrator) on HOME (LENOVO 90DG002XUS) (10-08-2021 04:29:35)
Running from C:\Users\user\Downloads
Loaded Profiles: user
Platform: Windows 10 Home Version 21H1 19043.1110 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
() [File not signed] C:\Windows\jmesoft\Service.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(EnTech Taiwan -> EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <36>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\ScanToPCActivationApp.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.7.19.0\Lenovo.Vantage.AddinHost.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.7.19.0\LenovoVantageService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\FastBoot\FbService.exe
(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
(Malwarebytes Corporation -> Malwarebytes) C:\ProgramData\MB3Install\MBAMIService.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ChromiumContainer\delegate.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.4.103.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee.com\Agent\mcupdate.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\CoreUI\Launch.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.14228.20226\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe <3>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [318920 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16735744 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [File not signed]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5296864 2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [331344 2015-07-22] (Hewlett-Packard -> HP Development Company, L.P.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-05] (Adobe Inc. -> )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-06-30] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23967520 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\user\AppData\Local\Microsoft\Teams\Update.exe [2453704 2021-03-27] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680776 2021-06-11] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [HP OfficeJet Pro 8020 series (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\ScanToPCActivationApp.exe [4071840 2018-12-10] (HP Inc -> HP Inc.)
HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49925280 2021-06-18] (Google LLC -> )
HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680776 2021-06-11] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5550304 2021-07-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Someone Else\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Someone Else\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\RunOnce: [Uninstall 19.232.1124.0012\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Someone Else\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64"
HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\RunOnce: [Uninstall 19.232.1124.0012] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Someone Else\AppData\Local\Microsoft\OneDrive\19.232.1124.0012"
HKLM\...\Windows x64\Print Processors\hpcpp155: C:\Windows\System32\spool\prtprocs\x64\hpcpp155.DLL [597792 2013-09-04] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-03] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2021-06-30]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan -> EnTech Taiwan)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {071419F6-5533-4204-9B02-AF359BD2BEAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282288 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {10A4EF20-1973-4DEF-8705-392A00E7B4E2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {12229541-7014-438C-A373-AB8402A46C6E} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-49PEJRG-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {1B5042E0-46DE-4188-A295-1BDEC01BD669} - \Lenovo\ImController\TimeBasedEvents\972eb0a7-797e-4bb7-9abd-27ea9e70cf2f -> No File <==== ATTENTION
Task: {1B55A146-8B6F-4350-9EED-AE6B665A7679} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {1C057A45-4224-4599-B7A2-903FFF36375A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-24] (Google Inc -> Google Inc.)
Task: {1CA96F7C-6DC6-4CD9-9254-0B60F3128783} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4702928 2021-06-08] (McAfee, LLC -> McAfee, LLC)
Task: {211741E4-7721-41DA-8CF4-E22F8DB1E015} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {31F61030-2199-493A-B3C0-31360F182BAA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH9C72Q14T => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {33558C9B-2B8A-46D9-8CB1-E0ACD46879DB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253376 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {38C5328D-4C5F-4F2F-9C5E-2F296BA812D0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-05-12] (McAfee, LLC -> McAfee, LLC)
Task: {4317C26F-7ECB-4F15-A5B7-D692E4AC9CEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {4B2F8A30-6377-47C1-B052-70B408FD673A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253376 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DC447F1-7909-4754-A6BB-30A7FC06FC76} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {52087E12-6A2C-47C5-A557-61DA9D943F2E} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4114728 2021-04-29] (McAfee, LLC -> McAfee, LLC)
Task: {5A3ADC37-CC4F-4D52-9A6F-0125ACF06242} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {627053EE-5EC2-4FEB-ABF6-FBB76D5EF08E} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {634E4A4F-EF5F-49B5-A3B4-D0AC9CBD4171} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {72A37BE9-E85B-4FDD-9BC0-EFDBEC7F9090} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {75118EC5-CEAE-4510-81C7-0878CD26E32F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-24] (Google Inc -> Google Inc.)
Task: {768C8F5A-47B8-4CAB-A0D1-4E4F6D65B71B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38560 2021-07-23] (HP Inc. -> HP Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {7869C6BD-AE4B-401E-AD10-86C3F85D6DAC} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-05-12] (McAfee, LLC -> McAfee, LLC)
Task: {7F23F20E-BD9D-405C-80C1-3036747287EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {7F35FCDC-5754-425F-937E-1A3B785085F7} - System32\Tasks\AdobeAAMUpdater-1.0-HOME-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {826E10E5-85CF-4B60-91D6-EE15C9359C06} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113992 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {8538E05E-C835-43E3-92DE-DDE0798B2D58} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.7.19.0\ScheduleEventAction.exe [23968 2021-05-17] (Lenovo -> Lenovo Group Ltd.)
Task: {895519C8-DC3F-4C91-9E89-C3173ED2B6E3} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {8A77DAA9-E108-4BED-B85B-0319B414FDEB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1150872 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C67E23A-67D4-4F1B-B196-915D70718E8E} - \Lenovo\ImController\TimeBasedEvents\430f9acc-3f4a-4af1-b919-67ca1dc1b488 -> No File <==== ATTENTION
Task: {9B6F2748-27D9-49AF-A828-9623E4E9FDB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {A6B447D3-A991-45AA-A412-596A04BA32CF} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {AEF9487A-605D-4309-82E1-2FB563C9CD32} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
Task: {B0758A0F-10B1-4C39-BD40-D755B25FD862} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38560 2021-07-23] (HP Inc. -> HP Inc.)
Task: {B2C74C01-D7A8-4FCC-A376-B8BED9C7C916} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {B739DC11-CE72-4094-AA93-B49458AFB2C8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {B89F491A-623F-4E97-A443-BBEDBDDBDCD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {C10E7859-4F8D-466F-B238-7280CCB197EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {C116D9EF-C620-42F0-BFED-9E7FCAF96B03} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe
Task: {C23D0B02-21E6-4691-B68B-3FE8E7B0869F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282288 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {CDF557D9-82EA-4924-B7BD-8BF5CB44FCFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {CE0E4961-A59C-4714-B42E-B47F8C781E25} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8020 series => C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPCustPartic.exe [6692256 2019-07-25] (HP Inc -> HP Inc.)
Task: {DE933A65-AA88-42D3-BA87-6195477A39D3} - \Lenovo\ImController\TimeBasedEvents\b98bf4a3-a43e-4deb-9c18-23920eaf91be -> No File <==== ATTENTION
Task: {E1C6E54B-C5AE-420C-ADA8-6FEA4030DD8F} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {EF91FB6C-8BC3-4C21-B520-92E40091C166} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe
Task: {F1304262-E5B9-4157-B7EE-CE9FFA2500CD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113992 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2FB44B9-7D43-4F51-A973-3E66A18744EE} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [91728 2015-08-20] (Hewlett-Packard -> HP Development Company, L.P.)
Task: {F35E4B78-A079-459A-B077-070CC86F14A2} - \Lenovo\ImController\TimeBasedEvents\3e624320-8d20-49d0-84d2-2017300a53db -> No File <==== ATTENTION
Task: {F5324FF7-B479-4455-A24C-2F73E8547267} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.19.96.252 65.19.96.253
Tcpip\..\Interfaces\{41bc1862-9b17-48cf-9726-a914d3b1a3d4}: [DhcpNameServer] 65.19.96.252 65.19.96.253
Edge:
=======
DownloadDir:
Edge HomeButtonPage: HKU\S-1-5-21-93585695-1239137162-3987457199-1001 -> hxxp://www.google.com/
Edge Notifications: HKU\S-1-5-21-93585695-1239137162-3987457199-1001 -> hxxps://www.facebook.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 5
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-02-15]
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Profile 5 [2021-08-10]
Edge Notifications: Profile 5 -> hxxps://business.facebook.com; hxxps://highercaptcha-settle.com; hxxps://pshsbscapr.xyz; hxxps://www.intelius.com
Edge HomePage: Profile 5 -> hxxp://www.google.com/
Edge StartupUrls: Profile 5 -> "hxxp://www.google.com/"
Edge Extension: (McAfee® WebAdvisor) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Profile 5\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2021-07-01]
Edge Extension: (True Key™ by McAfee) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Profile 5\Extensions\gnnbmcifkkjgjdbkilfglpdpmidkgefn [2021-07-01]
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Profile 6 [2021-06-01]
Edge Notifications: Profile 6 -> hxxps://www.facebook.com
FireFox:
========
FF DefaultProfile: v1bw4wjg.default-1610534553716
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v1bw4wjg.default-1610534553716 [2021-08-03]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-08-06] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-06-29] (McAfee, LLC -> )
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-06-30] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\GlanceGuest\npglance.dll [2018-06-23] (Glance Networks Inc -> Glance Networks, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-06-29] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-06-30] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-06-07]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://depositphotos.com; hxxps://dispatch.m.io; hxxps://my.dotloop.com; hxxps://outlook.office.com; hxxps://recordsfinder.com; hxxps://www.bestbuy.com; hxxps://www.bhg.com; hxxps://www.inman.com; hxxps://www.pinterest.com; hxxps://www.techradar.com; hxxps://www.truthfinder.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://jicihihokpllhhnpjbnflpgffcgjfpnb/modern_newtab.html"
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-05-23]
CHR Extension: (Facebook Pixel Helper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-10-09]
CHR Extension: (WebAdBlocker.org) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifcailncnlobddlehplcimgnehnldio [2021-05-23]
CHR Extension: (Photo to Cartoon App) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiionnfmbokfpleilfihlofncgkchjbe [2019-07-21]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-01]
CHR Extension: (Driving Maps Online) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jicihihokpllhhnpjbnflpgffcgjfpnb [2020-08-02]
CHR Extension: (Wave Accounting) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2018-11-06]
CHR Extension: (TRC PPAPI Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lamefdhfniilbngefmkhfihkchggeekg [2020-12-19]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-21]
CHR Extension: (Sooth Gradient) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pamnhppfegefocfcinlhnblodaglebjg [2020-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-01]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-08-10]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-08-10]
CHR Notifications: Profile 2 -> hxxps://business.facebook.com; hxxps://depositphotos.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://www.facebook.com; hxxps://www.reddit.com
CHR DefaultSearchURL: Profile 2 -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1494G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> mcafee
CHR DefaultSuggestURL: Profile 2 -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-19]
CHR Extension: (Mobility Print) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2021-08-07]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-19]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-19]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-19]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-02-18]
CHR Extension: (Fonts Ninja) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eljapbgkmlngdpckoiiibecpemleclhh [2021-07-24]
CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-19]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-07-01]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-25]
CHR Extension: (Zoom) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2021-07-08]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-19]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-28]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2021-08-10]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-93585695-1239137162-3987457199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2018-05-27]
CHR HKU\S-1-5-21-93585695-1239137162-3987457199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
Brave:
=======
BRA Profile: C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2019-08-29]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-08-29]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-08-29]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-08-29]
BRA Extension: (PDF Viewer) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-04-13]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-08-29]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-06-30] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9141648 2021-07-21] (Microsoft Corporation -> Microsoft Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163336 2016-09-19] (Dolby Laboratories, Inc. -> )
R2 FastbootService; C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\FastBoot\FbService.exe [297752 2017-02-25] (LENOVO -> Lenovo)
S3 GameZoneService; C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\GameZoneService.exe [27184 2016-10-10] (LENOVO -> )
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-07-23] (HP Inc. -> HP Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.7.19.0\LenovoVantageService.exe [28576 2021-05-17] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMIService; C:\ProgramData\MB3Install\MBAMIService.exe [231120 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [977824 2021-07-29] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe [797576 2021-07-07] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.4.103.0\\McCSPServiceHost.exe [2825792 2021-06-11] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669200 2021-06-11] (McAfee, LLC -> McAfee, LLC)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4289856 2021-06-15] (McAfee, LLC -> McAfee, LLC)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80400 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [70936 2017-02-25] (LENOVO -> Windows ® Win 7 DDK provider)
R0 FBFsmon; C:\WINDOWS\System32\DRIVERS\FBFsmon.sys [42776 2017-02-25] (LENOVO -> Windows ® Win 7 DDK provider)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-10-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [89112 2021-01-18] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [550944 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390664 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85952 2021-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [527368 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1037320 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [590032 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [120512 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [121352 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [257552 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2020-07-24] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 YLED; C:\WINDOWS\System32\drivers\YLED.sys [23960 2016-04-15] (LENOVO -> )
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-03] (Zemana Ltd. -> Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-10 04:29 - 2021-08-10 04:30 - 000043227 _____ C:\Users\user\Downloads\FRST.txt
2021-08-10 04:28 - 2021-08-10 04:28 - 002300416 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2021-08-06 06:32 - 2021-08-06 06:32 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2021.lnk
2021-08-06 05:31 - 2021-08-06 05:31 - 000411059 _____ C:\Users\user\Downloads\Seller CD.pdf
2021-08-06 05:31 - 2021-08-06 05:31 - 000074185 _____ C:\Users\user\Downloads\Seller Settlement Statement.pdf
2021-08-06 04:20 - 2021-08-06 04:20 - 001161617 _____ C:\Users\user\Downloads\Fox and Roach Service Agreement (1) (1).pdf
2021-08-06 04:19 - 2021-08-06 04:19 - 002373030 _____ C:\Users\user\Downloads\Buyer Seller Flyer.pdf
2021-08-06 04:19 - 2021-08-06 04:19 - 001161617 _____ C:\Users\user\Downloads\Fox and Roach Service Agreement (1).pdf
2021-08-06 04:16 - 2021-08-06 04:16 - 000419680 _____ C:\Users\user\Downloads\HSA & Fox & Roach Interactive Application (2).pdf
2021-08-06 04:10 - 2021-08-06 04:10 - 001161617 _____ C:\Users\user\Downloads\Fox and Roach Service Agreement.pdf
2021-08-05 06:58 - 2021-08-05 06:58 - 000053054 _____ C:\Users\user\Downloads\dog trainer recommendations.pdf
2021-08-05 06:48 - 2021-08-05 06:48 - 009409844 _____ C:\Users\user\Downloads\OneDrive_2021-08-05.zip
2021-08-05 06:48 - 2021-08-05 06:48 - 000002325 _____ C:\Users\user\Downloads\20-22(7)At Home With Diversity (AHWD) PA Required for Fair Housing__(BHHS Fox &
2021-08-05 06:39 - 2021-08-05 06:39 - 000054912 _____ C:\Users\user\Downloads\Wire Authorization Form.pdf
2021-08-05 06:36 - 2021-08-05 06:36 - 000400135 _____ C:\Users\user\Downloads\NTA58943 2016 ALTA Commitment (NJRB 3-09) (A, A-5, B1, B2).PDF
2021-08-04 23:09 - 2021-08-04 23:09 - 000043612 _____ C:\Users\user\Downloads\107 Harrison Ave Commission Memo.docx [1].pdf
2021-08-04 04:58 - 2021-08-04 04:58 - 000045241 _____ C:\Users\user\Downloads\507 Sam Naples Rd Commission Memo.docx.pdf
2021-08-04 04:56 - 2021-08-04 04:56 - 000464707 _____ C:\Users\user\Downloads\rultzCOMM.pdf
2021-08-03 04:28 - 2021-08-03 04:28 - 000116542 _____ C:\Users\user\Downloads\Letter to Attorney re Repair Request.pdf
2021-07-30 05:55 - 2021-07-30 05:55 - 001110730 _____ C:\Users\user\Downloads\backup_2021-07-30-0545_Smires_and_Associates_Real_Estat_11b88434e6ca-db.gz
2021-07-30 05:12 - 2021-07-30 05:12 - 000069950 _____ C:\Users\user\Downloads\America Trotto Application.pdf
2021-07-30 05:00 - 2021-07-30 05:00 - 000000000 ____D C:\ProgramData\MB3Install
2021-07-30 04:56 - 2021-07-30 04:57 - 008553680 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_8.3.0.exe
2021-07-30 04:55 - 2021-07-30 05:00 - 000000000 ____D C:\Users\user\Desktop\malware
2021-07-30 04:47 - 2021-07-30 04:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-07-30 04:46 - 2021-07-30 04:46 - 002040904 _____ (Malwarebytes) C:\Users\user\Downloads\MBSetup-076981.076981-Consumer (1).exe
2021-07-30 04:42 - 2021-07-30 04:42 - 000000000 ____D C:\ProgramData\MB3Migration
2021-07-30 04:42 - 2021-07-30 04:42 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2021-07-30 04:41 - 2021-07-30 04:41 - 002040904 _____ (Malwarebytes) C:\Users\user\Downloads\MBSetup-076981.076981-Consumer.exe
2021-07-30 04:38 - 2021-07-30 04:40 - 064333800 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-1878.1878-3.8.3.2965.exe
2021-07-28 22:31 - 2021-07-28 22:31 - 000172502 _____ C:\Users\user\Downloads\JKB Ventures LLC to Zdinarsic revised AR ltr from Francis Jun 28.pdf
2021-07-28 22:29 - 2021-07-28 22:29 - 000047939 _____ C:\Users\user\Downloads\housing_code_certificate_of_approval_for_occupancy_30559_07-16-2021-35022.pdf
2021-07-28 22:29 - 2021-07-28 22:29 - 000047939 _____ C:\Users\user\Downloads\housing_code_certificate_of_approval_for_occupancy_30559_07-16-2021-35022 (1).pdf
2021-07-28 22:24 - 2021-07-28 22:24 - 000111843 _____ C:\Users\user\Downloads\PDFS-Forms (2) (1).pdf
2021-07-28 22:07 - 2021-07-28 22:07 - 000083401 _____ C:\Users\user\Downloads\NTA58943 Confirmation Copy.PDF
2021-07-28 22:03 - 2021-07-28 22:03 - 000311023 _____ C:\Users\user\Downloads\107 - Lead-Based Paint Disclosure 062921 (1).pdf
2021-07-28 22:03 - 2021-07-28 22:03 - 000309613 _____ C:\Users\user\Downloads\107 - FHA VA Addendum 062921 (2).pdf
2021-07-28 21:58 - 2021-07-28 21:58 - 005045578 _____ C:\Users\user\Downloads\NTA58943 Title Report.PDF
2021-07-28 21:54 - 2021-07-28 21:54 - 003350121 _____ C:\Users\user\Downloads\Sellers Disclosure (1).pdf
2021-07-28 21:00 - 2021-07-28 21:00 - 000111843 _____ C:\Users\user\Downloads\PDFS-Forms (2).pdf
2021-07-27 21:58 - 2021-07-27 21:58 - 001244420 _____ C:\Users\user\Downloads\mike_mccormick.jpeg
2021-07-26 06:03 - 2021-07-26 06:03 - 057452222 _____ C:\Users\user\Downloads\MTSummary_Message trace report - _2021-07-26T090030.141Z__b9c3cb84-ee28-4765-925a-9a6dde7c43bd.csv
2021-07-26 05:15 - 2021-07-26 05:15 - 000007513 _____ C:\Users\user\Downloads\AutoForwardedMsgDetails_Summary.csv
2021-07-24 07:23 - 2021-07-24 07:23 - 000000000 ____D C:\Users\user\AppData\Local\AAR
2021-07-24 07:17 - 2021-07-24 07:17 - 000001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2021.lnk
2021-07-23 06:20 - 2021-07-23 06:20 - 000078751 _____ C:\Users\user\Downloads\users_7_23_2021 10_20_17 AM.csv
2021-07-23 06:16 - 2021-07-23 06:16 - 000001709 _____ C:\Users\user\Downloads\MailFlowForwarding_Details_2021-07-22_2021-07-22__1 (1).csv
2021-07-23 05:54 - 2021-07-23 05:54 - 000001709 _____ C:\Users\user\Downloads\MailFlowForwarding_Details_2021-07-22_2021-07-22__1.csv
2021-07-23 05:52 - 2021-07-23 05:53 - 000000054 _____ C:\Users\user\Downloads\MailFlowForwarding_Summary_2021-04-24_2021-07-22__1.csv
2021-07-22 07:06 - 2021-07-22 07:06 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2021.lnk
2021-07-21 21:48 - 2021-07-21 21:48 - 049138804 _____ C:\Users\user\Desktop\fran.zip
2021-07-21 20:40 - 2021-07-21 21:38 - 000000000 ____D C:\Users\user\Desktop\fran
2021-07-21 04:41 - 2021-07-21 04:41 - 006069620 _____ C:\Users\user\Downloads\2991072_DM_13853676_110_2.pdf
2021-07-16 14:12 - 2021-07-16 14:12 - 006447245 _____ C:\Users\user\Downloads\2991072_DM_13853676_109_1.pdf
2021-07-14 00:30 - 2021-07-14 00:30 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-14 00:30 - 2021-07-14 00:30 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-14 00:30 - 2021-07-14 00:30 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-14 00:30 - 2021-07-14 00:30 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-14 00:29 - 2021-07-14 00:29 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-14 00:29 - 2021-07-14 00:29 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-13 06:43 - 2021-07-13 06:44 - 000347238 _____ C:\Users\user\Downloads\Travisano.2 Concluding AR.pdf
2021-07-13 06:36 - 2021-07-13 06:36 - 003883473 _____ C:\Users\user\Downloads\listings (21).pdf
2021-07-13 05:58 - 2021-07-13 05:58 - 000103647 _____ C:\Users\user\Downloads\437319_7-13-2021.pdf
2021-07-13 05:26 - 2021-07-13 05:29 - 000010818 _____ C:\Users\user\Downloads\nicole_dandrea_sphere.csv
2021-07-13 05:20 - 2021-07-13 05:21 - 000005510 _____ C:\Users\user\Downloads\jl_507samnaples_dandrea.csv
2021-07-13 04:20 - 2021-07-13 04:20 - 001024000 _____ C:\Users\user\Downloads\AdobeStock_206100739 (1).indt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-10 04:30 - 2020-07-24 00:47 - 000857998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-10 04:30 - 2020-07-24 00:44 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8F64D61C-7D50-49F0-A569-657BFAFDD7F8}
2021-08-10 04:30 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-10 04:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-10 04:30 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-10 04:30 - 2018-09-16 23:48 - 000094378 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-08-10 04:30 - 2018-05-27 06:27 - 000000000 ____D C:\FRST
2021-08-10 04:30 - 2018-01-24 22:26 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-10 04:30 - 2017-02-25 15:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-08-10 04:24 - 2021-07-01 03:39 - 000000000 __RSD C:\Users\user\OneDrive - NA\Documents\McAfee Vaults
2021-08-10 04:23 - 2021-05-27 06:05 - 000000000 ___RD C:\Users\user\OneDrive - Smires and Associates
2021-08-10 04:23 - 2020-07-24 00:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-10 04:23 - 2020-07-24 00:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-08-10 04:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-10 04:23 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-10 04:23 - 2018-01-26 01:29 - 000000000 ___RD C:\Users\user\Google Drive
2021-08-10 04:23 - 2018-01-22 16:36 - 000000000 ___RD C:\Users\user\OneDrive
2021-08-10 04:23 - 2017-02-25 15:43 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-08 05:20 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-08-08 05:19 - 2020-07-24 00:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-07 06:59 - 2021-07-01 03:37 - 000000000 ____D C:\Program Files\McAfee
2021-08-07 06:59 - 2021-07-01 03:37 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-08-07 06:59 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-08-07 06:59 - 2018-02-21 21:42 - 000000000 ____D C:\ProgramData\McAfee
2021-08-07 06:50 - 2020-07-24 01:03 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-06 22:32 - 2020-07-24 00:44 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-08-06 06:34 - 2021-01-16 00:55 - 000000000 __HDC C:\adobeTemp
2021-08-06 06:32 - 2018-01-24 23:39 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-08-06 06:32 - 2018-01-24 23:38 - 000000000 ____D C:\Program Files\Adobe
2021-08-06 06:28 - 2018-01-24 23:38 - 000000000 ___RD C:\Users\user\Creative Cloud Files
2021-08-06 04:36 - 2018-02-21 21:42 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-08-06 04:35 - 2021-07-01 03:38 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2021-08-04 13:25 - 2021-02-20 07:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-04 13:23 - 2020-07-24 00:44 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-04 13:23 - 2020-07-24 00:44 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-03 19:14 - 2018-01-24 22:44 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-03 05:28 - 2019-02-12 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2021-07-31 13:34 - 2018-05-28 16:33 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2021-07-30 13:34 - 2018-01-24 23:55 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-07-30 13:34 - 2018-01-24 23:55 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-07-30 13:30 - 2020-12-08 07:14 - 000000000 ___RD C:\Users\user\OneDrive - NA
2021-07-30 13:30 - 2020-07-24 00:44 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-93585695-1239137162-3987457199-1001
2021-07-30 13:30 - 2020-07-24 00:38 - 000002383 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-30 07:10 - 2021-06-01 19:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-30 07:10 - 2019-08-14 23:16 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-30 07:09 - 2018-03-13 22:06 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2021-07-30 06:52 - 2018-01-24 17:47 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-07-30 04:58 - 2021-06-03 05:49 - 000000000 ____D C:\Users\Someone Else\AppData\Roaming\Hewlett-Packard
2021-07-30 04:58 - 2021-06-03 05:49 - 000000000 ____D C:\Users\Someone Else\AppData\Local\Hewlett-Packard
2021-07-30 04:58 - 2020-07-24 00:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-07-30 04:58 - 2020-03-20 00:17 - 000000000 ____D C:\WINDOWS\Lenovo
2021-07-30 04:58 - 2019-02-12 07:12 - 000000000 ____D C:\Users\user\AppData\Roaming\Hewlett-Packard
2021-07-30 04:58 - 2019-02-12 01:06 - 000000000 ____D C:\Users\user\AppData\Local\Hewlett-Packard
2021-07-30 04:58 - 2019-02-12 01:06 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-07-30 04:58 - 2018-06-14 19:59 - 000000000 ____D C:\Users\Someone Else\AppData\Local\Lenovo
2021-07-30 04:58 - 2018-01-22 16:40 - 000000000 ____D C:\Users\user\AppData\Local\Lenovo
2021-07-30 04:58 - 2017-02-25 15:06 - 000000000 ____D C:\ProgramData\Lenovo
2021-07-30 04:22 - 2020-07-24 00:51 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-30 04:22 - 2020-07-24 00:51 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-27 21:59 - 2018-01-22 17:35 - 000000000 ____D C:\Users\user\AppData\Local\Packages
2021-07-27 14:34 - 2021-07-01 03:37 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2021-07-24 07:52 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-24 07:50 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-07-24 07:45 - 2021-02-12 00:42 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-07-24 07:19 - 2018-04-13 21:31 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2021-07-21 04:50 - 2020-12-21 04:53 - 000000000 ____D C:\Users\user\OneDrive - NA\Documents\smires
2021-07-16 09:45 - 2021-02-20 07:22 - 000740152 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-07-16 09:45 - 2021-02-20 07:22 - 000486712 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-07-15 14:51 - 2020-07-24 00:36 - 000806664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-15 14:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-15 14:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-15 14:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-15 14:51 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-14 13:26 - 2018-01-24 23:55 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-07-14 00:22 - 2020-07-23 17:09 - 000000000 ___HD C:\$WinREAgent
2021-07-14 00:18 - 2019-08-14 21:39 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore
2021-07-14 00:18 - 2018-01-22 17:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-14 00:16 - 2018-01-22 17:42 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories ========
2018-01-28 18:02 - 2018-12-14 01:45 - 000000033 _____ () C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat
2018-08-16 02:42 - 2019-04-24 22:29 - 000000028 _____ () C:\Users\user\AppData\Roaming\kulerdata.json
2021-02-11 08:06 - 2021-02-11 08:06 - 000001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-01-27 03:26 - 2018-01-28 03:26 - 000000052 _____ () C:\Users\user\AppData\Local\bpDLTbpDLT
2018-09-26 01:08 - 2018-09-26 01:08 - 000000000 _____ () C:\Users\user\AppData\Local\oobelibMkey.log
2018-12-03 10:55 - 2018-12-03 10:59 - 000000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2021
Ran by user (10-08-2021 04:31:02)
Running from C:\Users\user\Downloads
Windows 10 Home Version 21H1 19043.1110 (X64) (2020-07-24 04:44:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-93585695-1239137162-3987457199-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-93585695-1239137162-3987457199-503 - Limited - Disabled)
Guest (S-1-5-21-93585695-1239137162-3987457199-501 - Limited - Disabled)
Someone Else (S-1-5-21-93585695-1239137162-3987457199-1003 - Limited - Enabled) => C:\Users\Someone Else
user (S-1-5-21-93585695-1239137162-3987457199-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-93585695-1239137162-3987457199-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_1) (Version: 11.1 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.5.0.617 - Adobe Inc.)
Adobe Dreamweaver 2021 (HKLM-x32\...\DRWV_21_1) (Version: 21.1 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_4_1) (Version: 25.4.1 - Adobe Inc.)
Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_3) (Version: 16.3 - Adobe Inc.)
Adobe Media Encoder 2021 (HKLM-x32\...\AME_15_4) (Version: 15.4 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4_2) (Version: 22.4.2.242 - Adobe Inc.)
AgentMetrics 5.3.56 (HKLM-x32\...\0525-1095-4455-6583) (Version: 5.3.56 - Terradatum, Inc)
Backup and Sync from Google (HKLM\...\{A0397FA8-34ED-4A41-A8C9-30EE0B89C464}) (Version: 3.56.3802.7766 - Google, Inc.)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: 1.52.2054 - EnTech Taiwan)
Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{DBC4388A-9417-41DB-85CF-DF4993B84D5A}) (Version: 0.7.5.67 - Dolby Laboratories, Inc.)
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.11 - Sharpened Productions)
File Viewer Plus (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 2.2.1 - Sharpened Productions)
Find my Font (Free) (HKLM-x32\...\Find my Font (Free)) (Version: 3.4.02 - Softonium Developments)
GlanceGuest version 4.2.0.38 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.2.0.38 - Glance Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC)
GoTo Opener (HKLM-x32\...\{665DF231-32BE-46BA-ABD2-B0D69F8314FF}) (Version: 1.0.494 - LogMeIn, Inc.)
HP Dropbox Plugin (HKLM-x32\...\{96A402D4-6126-4899-AEA8-AA764304A7B1}) (Version: 49.1.321.0 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{39BEAF4B-67DB-4820-9864-BCCD4E6C5987}) (Version: 49.1.321.0 - HP)
HP FTP Plugin (HKLM-x32\...\{F6E456FC-18B7-4F41-AF13-9EECFF500A46}) (Version: 49.1.321.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9EDF968A-5D0C-4AF3-9669-1369E2921AA1}) (Version: 49.1.321.0 - HP)
HP OfficeJet Pro 8020 series Basic Device Software (HKLM\...\{7D2A3164-AFBF-4225-9C99-2A2DD82CD4F1}) (Version: 49.3.4475.19206 - HP Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP SFTP Plugin (HKLM-x32\...\{1A3B3517-5C77-4382-9915-B8F0C2AB691F}) (Version: 49.1.321.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{DB2306C6-0DEA-4468-AE0F-9CDEA7BE842E}) (Version: 49.1.321.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLJUTCore (HKLM-x32\...\{06C9D648-CFC6-48CC-A11B-C4A21BEDDAF1}) (Version: 018.000.0001 - HP) Hidden
hpStatusAlerts (HKLM-x32\...\{32DE03E8-D0B3-4D13-A885-D3EDFC959EEC}) (Version: 180.040.00267 - HP Development Company, L.P.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1067 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.2.1002 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)
JPEG-EXIF_autorotate (HKLM-x32\...\JPEG-EXIF_autorotate) (Version: - )
Lenovo App Explorer (HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\Host App Service) (Version: 0.271.1.400 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Nerve Center (HKLM-x32\...\{93EA1F94-3617-47CE-9EB2-B8DC3AC0B880}) (Version: 1.50.1010 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.7.19.0 - Lenovo Group Ltd.)
Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)
Manual (HKLM-x32\...\{A79C1D34-2831-4A5D-91C7-279EF892B5CF}) (Version: 2.02.0813 - Lenovo)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R35 - McAfee, LLC)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{2D98CD18-5754-4D94-B7E8-E6E11DAA56B1}) (Version: 13.0.811.168 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Teams) (Version: 1.4.00.7174 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox 89.0 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0 (x64 en-US)) (Version: 89.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0.2 - Mozilla)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Product Improvement Study for HP OfficeJet Pro 8020 series (HKLM\...\{5F486205-E3D0-40CA-BDD1-92C41A09B153}) (Version: 49.3.4475.19206 - HP Inc.)
psqlODBC_x64 (HKLM\...\{3D4F4C5A-28C7-441D-81DC-2AA2C1A61B6A}) (Version: 09.06.0201 - PostgreSQL Global Development Group)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10332 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.242 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.31217 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
Top Producer Editor (HKLM-x32\...\Top Producer Editor_is1) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
UXP WebView Support (HKLM-x32\...\UXPW_1_0_0) (Version: 1.0.0 - Adobe Inc.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.609 - McAfee, LLC)
WinDirStat 1.1.2 (HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\WinDirStat) (Version: - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows Driver Package - Hewlett-Packard USB (09/08/2015 1.0.0.1) (HKLM\...\C9EDF507DA1B23454B1BF10495C79A1C34ADD79F) (Version: 09/08/2015 1.0.0.1 - Hewlett-Packard)
Zoom (HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\ZoomUMX) (Version: 5.4.2 (58740.1105) - Zoom Video Communications, Inc.)
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-05-28] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-06-12] (Adobe Systems Incorporated)
Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.4.353.0_x64__ynb6jyjzte8ga [2021-07-08] (Adobe Inc.)
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_42.1.22.4_x64__adky2gkssdxte [2021-08-06] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-18] (Amazon.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.8.1165.0_x64__rz1tebttyb220 [2021-07-23] (Dolby Laboratories)
Hitting the Road -> C:\Program Files\WindowsApps\Microsoft.HittingtheRoad_1.0.0.0_neutral__8wekyb3d8bbwe [2020-10-26] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-23] (HP Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.15.0_neutral__8xx8rvfyw5nnt [2021-06-25] (Instagram)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa [2021-06-30] (Apple Inc.) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2105.16.0_x64__k1h2ywk1493x8 [2021-06-10] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-07-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-04] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-24] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{04271989-4A69-962C-A545-E842D1072B5A} -> [OneDrive - Smires and Associates] => C:\Users\user\OneDrive - Smires and Associates [2021-05-27 06:05]
CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{04271989-C4D2-376D-6581-A2BA318B25C1} -> [OneDrive - NA] => C:\Users\user\OneDrive - NA [2020-12-08 07:14]
CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5} -> [Creative Cloud Files] => C:\Users\user\Creative Cloud Files [2018-01-24 23:38]
CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-11] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-11] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-11] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-11] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-06-29] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-11] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-06-29] (McAfee, LLC -> McAfee, LLC)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mobility Print.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=alhngdkjgnedakdlnamimgfihgkmenbh
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 5"
==================== Loaded Modules (Whitelisted) =============
2021-08-10 04:23 - 2021-08-10 04:23 - 000114176 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_ctypes.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000172544 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_elementtree.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 002255872 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_hashlib.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000032256 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_multiprocessing.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000046080 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_psutil_windows.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000047616 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_socket.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 002825216 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_ssl.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000026112 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_yappi.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000080896 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\bz2.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000015872 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\common.time34.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000007680 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\hashobjs_ext.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000301568 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\PIL._imaging.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000168448 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\pyexpat.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 001084416 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\pysqlite2._sqlite.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000548864 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\pythoncom27.dll
2021-08-10 04:23 - 2021-08-10 04:23 - 000137728 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\pywintypes27.dll
2021-08-10 04:23 - 2021-08-10 04:23 - 000010752 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\select.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000020992 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\thumbnails_ext.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000689664 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\unicodedata.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000119808 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\usb_ext.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000128512 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32api.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000438784 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32com.shell.shell.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000011776 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32crypt.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000023040 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32event.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000149504 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32file.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000223232 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32gui.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000048128 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32inet.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000029696 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32pdh.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000027648 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32pipe.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000044032 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32process.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000020480 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32profile.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000136192 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32security.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000026624 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32ts.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000034304 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\windows.conditional.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000037888 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\windows.connectivity.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000071680 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\windows.device_monitor.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000103936 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\windows.volumes.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000019968 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\windows.winwrap.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 001325056 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._controls_.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 001489408 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._core_.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 001007104 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._gdi_.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000103424 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._html2.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 000916992 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._misc_.pyd
2021-08-10 04:23 - 2021-08-10 04:23 - 001039872 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._windows_.pyd
2017-02-25 15:44 - 2011-05-17 17:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll
2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2013-05-16 07:52 - 2013-05-16 07:52 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2013-05-16 07:52 - 2013-05-16 07:52 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2021-07-23 22:17 - 2021-07-23 22:18 - 103578624 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6\HP.Smart.dll
2021-04-03 21:24 - 2021-04-03 21:24 - 007068672 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
2021-08-10 04:23 - 2021-08-10 04:23 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\python27.dll
2021-08-10 04:23 - 2021-08-10 04:23 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxbase30u_net_vc90_x64.dll
2021-08-10 04:23 - 2021-08-10 04:23 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxbase30u_vc90_x64.dll
2021-08-10 04:23 - 2021-08-10 04:23 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxmsw30u_adv_vc90_x64.dll
2021-08-10 04:23 - 2021-08-10 04:23 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxmsw30u_core_vc90_x64.dll
2021-08-10 04:23 - 2021-08-10 04:23 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxmsw30u_html_vc90_x64.dll
2021-08-10 04:23 - 2021-08-10 04:23 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxmsw30u_webview_vc90_x64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-93585695-1239137162-3987457199-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-93585695-1239137162-3987457199-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17swin10.msn.com/?pc=LJSE
HKU\S-1-5-21-93585695-1239137162-3987457199-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17swin10.msn.com/?pc=LJSE
SearchScopes: HKU\S-1-5-21-93585695-1239137162-3987457199-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-07-29] (McAfee, LLC -> McAfee, LLC)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-07-29] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-27] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-06-29] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-06-29] (McAfee, LLC -> McAfee, LLC)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\sharepoint.com -> hxxps://dandrearealestate-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 07:47 - 2018-05-27 06:15 - 000002103 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\HP\Common\HPDestPlgIn\
HKU\S-1-5-21-93585695-1239137162-3987457199-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-93585695-1239137162-3987457199-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 65.19.96.252 - 65.19.96.253
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "StatusAlerts"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B293253A-D574-41EC-A4BF-BC44FE6DDFCC}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS6EF1\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5B61915F-5F4C-4BEC-AEAE-44B0CC06BAEF}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS6EF1\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{E7ECAFFC-D355-422A-B6E8-640145757BC6}C:\users\user\appdata\local\temp\7zs0227\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs0227\enterprisedu.exe => No File
FirewallRules: [TCP Query User{49B2FB1F-D36D-476E-8116-9F3E69AA71CE}C:\users\user\appdata\local\temp\7zs0227\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs0227\enterprisedu.exe => No File
FirewallRules: [{103E5198-B619-4B7C-BD3E-3730671C42D3}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS61CE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{8AA22F5E-D8D7-4171-B424-44E0E9B57C0A}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS61CE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1748E934-13DC-4BA7-A36A-52214B774626}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4DDE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{CB6AC2A2-CAA2-4E19-BB69-B004A557065C}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4DDE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{AC2DFC58-4713-4D18-ACCA-419A53425C07}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe => No File
FirewallRules: [{F20285E6-2077-4707-B122-40DD97A70B7A}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe => No File
FirewallRules: [UDP Query User{2DC7E615-0A02-45CE-A41B-626BFD500DE2}C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe => No File
FirewallRules: [TCP Query User{1D326AA3-9ABF-4F21-A98B-F01AA278487A}C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe => No File
FirewallRules: [UDP Query User{61207B7E-6395-4AF7-9363-B8C6FA3927D8}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{718C1D26-E8B8-4187-9FE3-45D60165EE47}] => (Allow) C:\Users\user\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{FBB5AA06-D21B-4C28-865C-2B40552757D1}] => (Allow) C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{AAD8261A-8442-4728-B15F-6148496D6F1F}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{36AAEE0A-C23B-44E5-B5E3-263AD8572760}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B2E6B352-4AD8-44FD-93DD-55B7E65E2C4C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
FirewallRules: [{2E30F016-157E-4EA4-9118-49B9857642FB}] => (Allow) LPort=5357
FirewallRules: [{7C8B1F5E-2814-4B36-A25A-79CC319D244B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
FirewallRules: [{A60A25E7-E1F7-4B1B-8E55-A2F8A717DCD8}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\FaxPrinterUtility.exe (HP Inc -> HP Inc.)
FirewallRules: [{FFCE71FE-60A9-4359-9EB3-002D2457BA2C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\SendAFax.exe (HP Inc -> HP Inc.)
FirewallRules: [{3FF3FCFA-1970-4661-955C-96A7D15D9D0F}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\DigitalWizards.exe (HP Inc -> HP Inc.)
FirewallRules: [{870B4DEA-98B0-4A73-B689-9AD37D1DD91B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\FaxApplications.exe (HP Inc -> HP Inc.)
FirewallRules: [{601C37F8-9F36-4C19-84E3-BC88EE50D5F9}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{155BB0C6-7ADE-439B-8FA6-921F9BE21E7B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{8105E030-7946-4470-A828-0CAA5DE08707}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{58505E77-6B40-4D28-855D-475A2BD5F93E}C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe => No File
FirewallRules: [UDP Query User{123AEE70-B073-4960-BF05-9B933E3F601F}C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe => No File
FirewallRules: [{D4E9441F-1E13-45B8-BD2E-7E5EE2EAB746}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD6213BE-82E7-49A9-9780-9ABC3297E3D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{924C4CB0-A6FB-47CC-AE44-00091957D9EB}C:\users\user\appdata\local\temp\g2_2220\g2viewer.exe] => (Allow) C:\users\user\appdata\local\temp\g2_2220\g2viewer.exe => No File
FirewallRules: [UDP Query User{87D74F84-FE6B-4E3B-B198-3AEE0E2640B9}C:\users\user\appdata\local\temp\g2_2220\g2viewer.exe] => (Allow) C:\users\user\appdata\local\temp\g2_2220\g2viewer.exe => No File
FirewallRules: [TCP Query User{2D30C0DD-BFC1-4A40-A18B-9B2F405A6614}C:\users\user\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\user\appdata\local\temp\g2_2329\g2viewer.exe => No File
FirewallRules: [UDP Query User{79F8A03A-3B02-4D0C-879A-8B19BFB966C2}C:\users\user\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\user\appdata\local\temp\g2_2329\g2viewer.exe => No File
FirewallRules: [{2457204E-5881-4312-A350-49A4A2629881}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS24FC\HP.EasyStart.exe => No File
FirewallRules: [TCP Query User{357F8607-169E-4F3C-BE2D-8925F04F6AE4}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [UDP Query User{DA1B006F-09B0-4B42-9CDE-B3F8E27EBE2C}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{86511D05-E03B-4458-91A2-88ABD8A1EE10}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4775159B-8BA3-4CBA-B7BF-F88A4A15A5E5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DC336918-C8E6-4C1A-8F16-C16F84DD7F0F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0B4A776-A31C-475E-BD25-DFC1DD5F13F9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4ADD4002-C28C-4876-B322-D51035AD3A41}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EC0AF323-7F31-410E-8465-332CA2D645C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{029F5576-BD36-4015-A513-73A18B6F8EEC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{780F1184-A60F-4464-B68C-A6C16F0A1EEE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9DB5DAEF-53C4-4F20-847C-321C7B70CF59}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{50B8F4F5-F7B6-47D8-AB0F-AFCC7E870F85}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A9A9BF95-3F97-4DED-96E0-6C125128716C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A54CCC8B-AFA6-4B12-A8BF-4CF91F4B6B7D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{66D1EE90-FF7D-4E86-8B8C-5F23B6C0A148}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5A77F68E-05DC-4F26-835D-9620F193847E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93A8F448-F5B6-448B-A322-DE5186B1EC07}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{08D4C69C-C5A7-4CC5-80B8-D0F8A4C3E246}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4387B5EC-37F7-47C6-BE6F-A682D55B30ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{30C95D44-F5D9-4C65-961E-7C065EF176D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B823BCC0-808D-408D-B64F-58FE6972B290}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ED3AFC1D-A97B-44B9-8FE1-2DB260C8264B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1917BE9A-60A7-49B3-A1B2-B6F2FFC8BB8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8551CF36-C86E-49F8-A1CA-C921B2894414}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:117.89 GB) (Free:5.05 GB) (4%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (08/10/2021 04:23:07 AM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0
Error: (08/10/2021 04:23:07 AM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0
Error: (08/07/2021 07:47:21 AM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0
Error: (08/07/2021 07:47:21 AM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0
Error: (08/07/2021 07:09:30 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (08/07/2021 06:59:31 AM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0
Error: (08/07/2021 06:59:31 AM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0
Error: (08/02/2021 12:54:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FbService.exe, version: 3.0.0.1, time stamp: 0x55e67147
Faulting module name: ntdll.dll, version: 10.0.19041.1110, time stamp: 0xe7a22463
Exception code: 0xc0000374
Fault offset: 0x00000000000ff259
Faulting process id: 0x10a8
Faulting application start time: 0x01d7852134bb770e
Faulting application path: C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\FastBoot\FbService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3713901c-bb3f-499e-aaba-9826c89fdecd
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (08/10/2021 04:24:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/10/2021 04:23:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/10/2021 04:23:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LenovoVantageService service terminated unexpectedly. It has done this 1 time(s).
Error: (08/10/2021 04:23:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ImControllerService service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/10/2021 04:23:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ImControllerService service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/08/2021 05:20:01 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.
Error: (08/07/2021 08:02:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/07/2021 07:48:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.
Windows Defender:
================
Date: 2021-06-30 17:34:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-06-29 20:10:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-06-28 21:21:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-06-27 17:09:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-06-27 03:41:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-06-30 03:17:58
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.85.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-30 03:17:58
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.85.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-30 03:17:58
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-29 20:01:08
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.85.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-06-29 20:01:08
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.85.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
CodeIntegrity:
===============
Date: 2021-08-10 04:30:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt_x86.dll that did not meet the Microsoft signing level requirements.
Date: 2021-08-10 04:27:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
Date: 2021-08-10 04:26:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO O35KT15A 02/14/2017
Motherboard: LENOVO SKYBAY
Processor: Intel® Core i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 63%
Total physical RAM: 16338.11 MB
Available physical RAM: 5980.26 MB
Total Virtual: 35794.11 MB
Available Virtual: 22579.68 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:117.89 GB) (Free:5.05 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:911.18 GB) NTFS
\\?\Volume{cf5fcf1b-cf1c-4769-a735-3c9a62404f2a}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{8468cdb4-c32b-4da2-ac4f-ca6481782e90}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 79A07A6E)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 79A07A7A)
Partition: GPT.
==================== End of Addition.txt =======================