LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: pastywhitegurl on July 18, 2022, 08:44:59 PM

Title: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 18, 2022, 08:44:59 PM
This for the other networked computer in the house.  Its just been a while since any cleanups have happened and I'd like to make sure any corruptions are fixed. Before running this scan, I installed the updated Xerox printer drivers and restarted the computer.  Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2022
Ran by DeanZF1 (administrator) on DEANZF (LENOVO 20238) (18-07-2022 15:25:53)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Loaded Profiles: DeanZF1
Platform: Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (BillP Studios -> Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(explorer.exe ->) (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(explorer.exe ->) (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(explorer.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <11>
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Foxit Corporation -> Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.131.0619.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-02-14] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-02-14] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [cdloader] => C:\Users\DeanZF1\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (BillP Studios -> Ruiware LLC)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [254840 2017-03-17] (TomTom International BV -> TomTom)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1986280 2017-08-04] (TomTom International BV -> TomTom)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [121608064 2022-07-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [53160 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Windows x64\Print Processors\xp3215pp: C:\Windows\System32\spool\prtprocs\x64\xp3215pp.dll [128912 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.114\Installer\chrmstp.exe [2022-07-11] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\Lenovo\Bluetooth Software\\BtwCP.dll [2013-09-25] (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-09]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]
Startup: C:\Users\DeanZF1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-06-03]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B335E57-5CA6-400E-9075-227B8B0A7938} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0BF17E1C-6ED3-4995-8B6C-D123216FDC45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11182569-C275-4F85-A65E-73A77EABFD34} - System32\Tasks\{F67749E8-8910-4749-8654-589901F9E9E0} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {16D48D49-4318-4EC6-975D-E38C9E9241B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2285289D-95F4-4B34-A31B-2A2242B674B8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No File)
Task: {25F70752-345A-4BE9-BB13-C7B2664DB5BE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {396625AF-5F02-42D2-9E5D-1F545189AE9D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EF6C0D3-6B6A-4323-834D-228475987269} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321608 2016-12-07] (LENOVO -> Lenovo)
Task: {40510434-5EE9-4F17-A51C-F43AB8BAF9ED} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {4C528CFC-78A4-408F-99F5-00CF0F1FB25C} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle America, Inc. -> Oracle Corporation)
Task: {570D9DD6-A390-4ED0-A305-3A8A637292D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {59EB335A-EFB2-4AED-BE78-109D310F42CC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5CE1AC92-D172-4A01-95A0-8E205CD4F846} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {60FF31F2-6BDF-494B-B6D3-F2465E7A56A5} - System32\Tasks\{EB055ABA-B477-419E-B301-D5160002C46D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {62F29E74-610D-4E16-9BE6-897CAF86F5F8} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {66B243CE-0B4F-49A0-B38F-6B0442FFAF38} - System32\Tasks\{735BFA4D-88DE-4476-BCC8-639ED5DF36CB} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {79FCD25F-85F3-4DF1-A031-0F807606A89F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7B5E1C21-2642-4C1E-8562-E93DBE5E2D58} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {7C2C995C-A1DE-40D6-86B2-808AF17614A9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B9052B5-16DC-4CD0-8CA5-32840CAC51C1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (No File)
Task: {8C280DB7-755A-4F46-A879-7786087DC54B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {990E8D26-BE9E-4AE2-931B-7CAE2C482074} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9AE17186-4E4E-456B-BC39-1FE20D2F5E89} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A07F9968-1390-4370-AFC9-ED04D09EA601} - System32\Tasks\Microsoft\Windows\Windows Defender\DefenderScan => windows defender (No File)
Task: {B222B5E9-E1AF-491D-8D31-09573FCF295A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B6791981-C306-4184-96BC-F5E59A1FE134} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {C0A096B6-455F-4F74-9FA7-9D85632CD2E7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C648E924-E78E-45EA-8F2C-C31F0CD76550} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.)
Task: {C9C3A79F-F987-46B9-B15F-168D8A454FBF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264328 2016-12-07] (LENOVO -> )
Task: {CA4349A7-1B4F-4451-A2D4-F17A55CF38C5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F1ECE186-F1BB-49D6-AACC-AFD2ED74227E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F5E509F9-C7B9-4DE2-ADA2-E1E62246DCED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {F7E80B7B-B78C-4AA5-ACFB-A393B2F783D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAD46F43-8D90-41A4-9D99-FF7AFC400DB9} - System32\Tasks\{275FA3AB-A5B6-4FD6-A80B-6BB53A05DBFC} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d74f6f9e-6879-4b40-9741-86a89841e757}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fc461f4f-5f4c-4a00-b5c6-65a89768f055}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\DeanZF1\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-21]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-13]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: pm6972xb.default-1444513948129
FF ProfilePath: C:\Users\DeanZF1\AppData\Roaming\TomTom\HOME\Profiles\atgo9qgp.default [2017-04-24]
FF ProfilePath: C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 [2022-07-18]
FF DownloadDir: C:\Users\DeanZF1\SkyDrive\Desktop
FF Homepage: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> hxxps://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> hxxps://us-mg6.mail.yahoo.com; hxxp://us-mg6.mail.yahoo.com; hxxps://www.instagram.com
FF Extension: (Lazarus: Form Recovery) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\lazarus@interclue.com.xpi [2016-04-30] [Legacy]
FF Extension: (Textarea Cache) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\textarea-cache-lite@wildsky.cc.xpi [2022-07-12]
FF Extension: (uBlock Origin) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\uBlock0@raymondhill.net.xpi [2022-07-12]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-07-11]
FF Extension: (Eno® from Capital One®) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2022-07-11]
FF Extension: (Textarea Cache) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi [2016-03-20] [Legacy]
FF Plugin: @java.com/DTPlugin,version=13.0.1.0 -> C:\Program Files\Java\jre-10.0.1\bin\dtplugin\npDeployJava1.dll [2018-07-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.1.0 -> C:\Program Files\Java\jre-10.0.1\bin\plugin2\npjp2.dll [2018-07-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default [2021-06-22]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Docs) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-25]
CHR Extension: (Google Drive) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-01]
CHR Extension: (YouTube) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-17]
CHR Extension: (Google Search) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-17]
CHR Extension: (Adobe Acrobat) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-22]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-22]
CHR Extension: (Gmail) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-22]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation -> Foxit Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273544 2016-12-07] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-13] (Malwarebytes Inc. -> Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-18] (Malwarebytes Inc. -> Malwarebytes)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [14224 2021-04-01] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-18 15:24 - 2022-07-18 15:27 - 000000000 ____D C:\FRST
2022-07-18 14:33 - 2022-07-18 14:33 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-18 14:32 - 2022-07-18 14:32 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-18 14:32 - 2022-07-18 14:32 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-18 14:03 - 2022-07-18 14:03 - 000000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2022-07-18 14:02 - 2018-07-19 23:57 - 000420352 _____ C:\WINDOWS\system32\SaMinDrv.dll
2022-07-18 14:02 - 2018-07-19 23:57 - 000151040 _____ C:\WINDOWS\system32\SaImgFlt.dll
2022-07-18 14:02 - 2018-07-19 23:57 - 000068096 _____ C:\WINDOWS\system32\SaErHdlr.dll
2022-07-18 14:01 - 2022-03-23 01:51 - 000167712 _____ (SS) C:\WINDOWS\system32\xp3215ci.exe
2022-07-18 14:01 - 2022-03-23 01:51 - 000099240 _____ (SS) C:\WINDOWS\system32\xp3215ci.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-13 20:59 - 2022-07-13 20:59 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-13 20:59 - 2022-07-13 20:59 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-13 20:59 - 2022-07-13 20:59 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-13 20:58 - 2022-07-13 20:58 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-13 20:57 - 2022-07-13 20:57 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-13 20:13 - 2022-07-13 20:13 - 000000000 ___HD C:\$WinREAgent
2022-07-13 19:47 - 2022-07-13 19:47 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-12 14:51 - 2022-07-12 14:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-06-25 16:10 - 2022-06-25 16:09 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-06-25 13:58 - 2022-06-25 13:58 - 000000000 ____D C:\Users\DeanZF1\.ms-ad
2022-06-25 12:47 - 2022-06-25 12:47 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-25 12:46 - 2022-06-25 12:46 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-25 12:44 - 2022-06-25 12:44 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-18 15:22 - 2022-02-28 11:12 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-18 15:21 - 2016-11-19 12:28 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\Mozilla
2022-07-18 15:18 - 2018-07-12 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-07-18 15:18 - 2014-04-14 11:42 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-18 15:17 - 2021-03-16 00:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-18 15:17 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-18 14:55 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-18 14:34 - 2014-03-08 13:43 - 000000000 ___RD C:\Users\DeanZF1\SkyDrive
2022-07-18 14:32 - 2022-01-21 11:48 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\IGDump
2022-07-18 14:31 - 2017-09-21 16:36 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-07-18 14:31 - 2015-08-07 00:30 - 000000000 __SHD C:\Users\DeanZF1\IntelGraphicsProfiles
2022-07-18 14:30 - 2021-03-16 01:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-18 14:30 - 2021-03-16 00:36 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-18 14:29 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-18 14:05 - 2021-03-16 01:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Leader Technologies
2022-07-18 14:04 - 2016-04-09 19:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers
2022-07-18 14:04 - 2016-04-09 19:51 - 000000000 ____D C:\Program Files (x86)\Xerox
2022-07-18 14:03 - 2016-04-07 01:10 - 000000000 ____D C:\ProgramData\Xerox
2022-07-18 13:40 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-18 13:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-17 16:12 - 2014-10-27 14:38 - 000000000 ____D C:\Users\DeanZF1\AppData\Local\ElevatedDiagnostics
2022-07-16 12:59 - 2020-06-23 07:44 - 000002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-16 12:59 - 2020-06-23 07:44 - 000002318 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-14 08:56 - 2021-03-16 00:58 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-14 08:49 - 2021-03-16 00:36 - 000459320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-14 08:49 - 2016-09-24 14:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-07-14 08:49 - 2014-03-05 16:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-14 08:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-13 21:07 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-13 20:57 - 2021-03-16 00:40 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-13 20:05 - 2014-03-07 15:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-13 19:58 - 2014-03-07 15:50 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-12 14:51 - 2014-03-05 16:23 - 000001274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-12 14:01 - 2017-12-07 16:31 - 000000000 ____D C:\Users\DeanZF1\AppData\Local\Packages
2022-07-12 13:48 - 2021-12-19 10:04 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2910419722-4152969464-3579386052-1001
2022-07-12 13:48 - 2021-03-16 01:16 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2910419722-4152969464-3579386052-1001
2022-07-12 13:48 - 2021-03-16 00:46 - 000002437 _____ C:\Users\DeanZF1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-11 13:20 - 2014-04-14 11:43 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-11 13:20 - 2014-04-14 11:43 - 000002302 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-11 12:22 - 2014-03-05 17:00 - 000000000 ____D C:\Users\DeanZF1\AppData\Roaming\Nitro PDF
2022-06-25 20:56 - 2014-06-03 14:00 - 000000000 ____D C:\Users\DeanZF1\SkyDrive\Documents\OneNote Notebooks
2022-06-25 16:11 - 2021-06-25 18:47 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-06-25 16:11 - 2020-08-21 12:00 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-06-25 16:11 - 2019-08-02 12:35 - 000002063 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-06-25 16:10 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-06-25 16:09 - 2019-08-02 12:35 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-25 16:08 - 2018-01-27 15:23 - 000000000 ____D C:\Program Files\Malwarebytes
2022-06-25 16:08 - 2014-03-16 20:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-06-25 16:03 - 2021-03-16 00:46 - 000000000 ____D C:\Users\DeanZF1
2022-06-25 13:49 - 2018-02-25 19:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-25 13:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-25 11:22 - 2018-07-18 17:01 - 000000000 ____D C:\ProgramData\Packages
2022-06-25 10:47 - 2021-04-13 13:10 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71a29478c6d0b
2022-06-25 10:47 - 2021-03-16 01:16 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

==================== Files in the root of some directories ========

2014-03-10 01:20 - 2017-04-11 02:59 - 000001334 _____ () C:\Users\DeanZF1\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2020-03-15 12:51 - 2020-03-15 12:51 - 000000000 _____ () C:\Users\DeanZF1\AppData\Local\{E4FEAFCA-B66A-417D-BE04-B925AA117C0E}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2022
Ran by DeanZF1 (18-07-2022 15:31:25)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2021-03-16 06:17:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2910419722-4152969464-3579386052-500 - Administrator - Disabled)
DeanZF1 (S-1-5-21-2910419722-4152969464-3579386052-1001 - Administrator - Enabled) => C:\Users\DeanZF1
DefaultAccount (S-1-5-21-2910419722-4152969464-3579386052-503 - Limited - Disabled)
Guest (S-1-5-21-2910419722-4152969464-3579386052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2910419722-4152969464-3579386052-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2910419722-4152969464-3579386052-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\{63B5DA5A-477B-438D-A6A0-118787A4C71B}) (Version: 24.0.0.180 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Amazon Kindle) (Version: 1.27.0.56109 - Amazon)
Band-in-a-Box Server (HKLM-x32\...\BBServer_is1) (Version:  - PG Music Inc.)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
CoyoteWT 1.1 (HKLM-x32\...\CoyoteWT_is1) (Version:  - Coyote Electronics Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.114 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{96714280-14E6-4DF7-BACD-F797C0F17C3D}) (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{89AFB053-A343-46EF-97E4-D593AD7184E6}) (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 10.0.1 (64-bit) (HKLM\...\{D33DF729-38BB-5651-9D40-93BFEFB5DCED}) (Version: 10.0.1.0 - Oracle Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version:  - LifeScan Inc)
magicJack (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Meter Drivers for OneTouch(R) Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan)
Microsoft Audio Enhancement Troubleshooter installer (HKLM\...\{6E0351FF-6A71-45C5-A041-D4D9D8067EAF}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10500 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10100.1.100 - Nero AG)
Nero Control Center 10 (HKLM-x32\...\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}) (Version: 10.0.13100.3.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (HKLM-x32\...\{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}) (Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (HKLM-x32\...\{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}) (Version: 2.0.15100.0.1 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version:  - )
PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG_DX_Plugins_is1) (Version:  - PG Music Inc.)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
RealTracks Shots and Holds 3 (HKLM-x32\...\BB_is1) (Version:  - PG Music Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
SetIP (HKLM-x32\...\Xerox_SetIP) (Version: 2.00.00.01 - Xerox Ltd.)
Skype version 8.86 (HKLM-x32\...\Skype_is1) (Version: 8.86 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.06.00 (5/12/2021) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.02(6/6/2021) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox OCR Software (HKLM-x32\...\Xerox OCR Software) (Version: 1.00.18 (4/14/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.10 (3/24/2022) - Xerox Corporation)
Zoom (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\ZoomUMX) (Version: 5.2.3 (45120.0906) - Zoom Video Communications, Inc.)

Packages:
=========
*Solitaire Collection -> C:\Program Files\WindowsApps\12291raymond.li.SolitaireCollection_1.1.21.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Camera Man -> C:\Program Files\WindowsApps\E0469640.CameraMan_1.0.1929.30229_x86__5grkq8ppsgwt4 [2015-03-07] (LENOVO INC)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-07-11] (Dolby Laboratories)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-03-07] (eBay, Inc)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.40.9.0_x64__q4d96b2w5wcc2 [2022-07-11] (Evernote)
Lenovo Support -> C:\Program Files\WindowsApps\E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8 [2015-03-07] (Lenovo, INC.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2206.16.0_x64__k1h2ywk1493x8 [2022-06-27] (LENOVO INC.)
Live TV -> C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716 [2015-03-07] (FilmOn TV Inc.)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-11] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-29] (Microsoft Corporation)
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2015-03-07] (CYBERLINK COM CORPORATION)
Solitaire Collection+ -> C:\Program Files\WindowsApps\12291raymond.li.5987855B3B0BC_1.1.16.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Spider Solitaire++ -> C:\Program Files\WindowsApps\12291raymond.li.31631ED225837_1.1.16.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Sudoku2 -> C:\Program Files\WindowsApps\12291raymond.li.Sudoku2_1.1.21.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-12] (Twitter Inc.)
YouSendIt for Lenovo -> C:\Program Files\WindowsApps\YouSendIt.YouSendItForLenovo_1.0.5.1412_neutral__069rkrpjefrbc [2015-03-07] (YouSendIt)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2015-03-07] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2013-12-10] (Foxit Corporation -> Foxit Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-25] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.clmp3enc] => C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM [217088 2005-05-13] (CyberLink Corp.) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2014-09-11 10:05 - 2014-09-11 10:05 - 000036352 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 10:06 - 2014-09-11 10:06 - 000038912 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000032256 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000021504 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000027648 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000021504 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000381952 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000204800 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000218112 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 000015872 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000015360 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000307712 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000014848 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000252928 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
2014-09-11 10:06 - 2014-09-11 10:06 - 000878592 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2017-02-08 08:51 - 2017-02-08 08:51 - 004112384 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Core.dll
2014-09-11 09:56 - 2014-09-11 09:56 - 004350464 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Gui.dll
2014-09-11 09:54 - 2014-09-11 09:54 - 000850432 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Network.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 000203776 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Svg.dll
2014-09-11 10:00 - 2014-09-11 10:00 - 004372480 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Widgets.dll
2014-09-11 09:54 - 2014-09-11 09:54 - 000152064 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Xml.dll
2013-08-31 00:18 - 2013-08-31 00:18 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-08-31 00:18 - 2013-08-31 00:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2014-02-14 04:00 - 2014-02-14 04:00 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Lenovo\PowerDVD10\MSVCR71.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 023507968 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icudt52.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 001798656 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icuin52.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 001304064 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icuuc52.dll
2016-11-29 05:00 - 2016-11-29 05:00 - 001184256 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\LIBEAY32.dll
2016-11-29 05:00 - 2016-11-29 05:00 - 000254976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\ssleay32.dll
2017-08-04 05:25 - 2017-08-04 05:25 - 000130048 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\DeviceNavEthernetCore.dll
2017-08-04 05:29 - 2017-08-04 05:29 - 000032768 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\UIController.dll
2014-05-16 01:48 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> DefaultScope {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-10.0.1\bin\ssv.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.1\bin\jp2ssv.dll [2018-07-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Lenovo\Bluetooth Software\;C:\Program Files\Lenovo\Bluetooth Software\syswow64;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\StartupApproved\Run: => "cdloader"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{81A494CA-2629-4B91-B1F2-FD7FCECA7C39}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{01FDF7FD-EA42-4FBF-82C3-ADA2D5D2C332}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{EE6542DB-0674-4C4D-9EE8-3CB4F577C624}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{91730A7A-17FE-4B9E-A873-3DFDBC723FD8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{58ACF143-D724-466E-AF27-762F986AD2C1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{55C1243C-049A-4AC0-8751-80A794543BF1}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{5919411A-9B29-463E-8944-3483AC8D46E9}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [UDP Query User{9D1A61E4-727F-438D-BFDC-597092DC25FA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3BD5F064-C45D-4669-B97B-4D7CBD4BE9BB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{92D90A2D-D1F5-4BD9-9B44-2743B73E7342}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{02525CE2-4CC0-428A-963D-E97659836911}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{5E92661E-4867-42ED-8BCF-9842AEFD4921}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{1AB7BFA6-DE51-4AE9-9891-3431883A3228}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BCCD3AA9-83A1-42F4-A087-B596FEEA429C}] => (Allow) C:\BB\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [File not signed]
FirewallRules: [{474AB47D-634B-43E5-A272-7B7D9D68BB55}] => (Allow) C:\BB\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [File not signed]
FirewallRules: [UDP Query User{B5DBE26C-036E-4C9F-8EE4-A12D70434AD7}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{DB6FADE1-00C2-4B32-ABC2-25F85148E32A}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{903E534C-971D-4785-A511-009E8EC6F5F2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{CDAD3E55-4C2E-4D39-B143-12566DC3F78C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{1CB0D526-1F52-40D9-B11A-288320DE71A4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{E6E55DE7-A7E5-48F2-80F7-0CB61C39C068}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{FD3906D1-8F2E-4B59-8C71-6D34C1B3B87D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{E8C88A37-2F37-4B2D-9285-8D96C0555737}] => (Allow) C:\Users\DeanZF1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{BDF2441A-FAAA-416A-8B4A-5D245DBFF2BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe => No File
FirewallRules: [{EEA1A2C0-9150-4069-8C07-FD2C7DC04753}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F2C08020-E6A7-49FD-8BB1-DFA93FD4AF7D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B250C240-DAC7-46BC-BCE0-2CF86B1CA89A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{923B4769-353D-4825-A209-85BB949983C0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{1C2D0EEF-CB84-442A-82EF-E1BB4F2DDE92}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{71E97009-9091-40D5-9036-04CB5EC3C461}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{B9EDD51E-BF0A-467B-A6C7-E8CF72809848}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{6D2434DF-813D-48B7-A992-7EBC974FA7CE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{C45F6DA0-B877-460B-8E09-8A310996B30E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [TCP Query User{F1B953A7-3D93-4EE8-BC58-7080E2F49FD4}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [UDP Query User{5FC20A24-DA48-4821-8C4F-4FB3A4E74135}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{2B91BD1E-1601-423E-8DBA-D07702E434CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D75DA94-9C04-46C5-A867-22567893DF74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8AAAECA2-AA48-46BF-90AA-74624CC43BF6}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [TCP Query User{FCDB7B71-EAC9-48E8-98D2-556D9698A2FB}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{EA57FBE9-C280-42B3-B471-F82D565B0484}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4612C85C-C662-4CD7-9E7C-863C4BA894BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{70B19604-D351-4589-A153-0BB0694E85C9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F839A700-9A1D-4B2D-87C9-8F0E590F53C4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0CA1103D-D640-4081-ABEF-5C8BD346A740}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A97B2E1-6CC7-4D1E-89D8-AF8850AE857B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CC44FBFA-6555-446E-8D7D-3646B46D78CC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{7C388480-EF9C-40C6-8B57-68626252E2C2}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{06D98C0E-C757-44FA-B442-6A1427F25C04}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{431DB7EE-49B6-4526-AE5E-6D403F5A77BC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{75E0915D-A199-400D-854A-B48BC7FF6052}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{8E6670EB-CE9D-4A4A-B37D-033B6102A626}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{769A0369-326F-4A84-BBF1-B1DB643C4929}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{A2FC424D-0D71-4129-8E49-B5CE2F672DC0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97849000-BF39-4F46-8CEE-492D89789EEC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{6F5BEDD7-0264-4F9E-A731-FA751201B595}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{82D7A728-112A-4EED-A978-EBFB3F55968E}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{B7E6DE97-2A7C-40D0-B562-7FB71B575A38}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{4242F9E2-3731-4CFB-A81A-E5E474FFA59C}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{7D2AE3CE-1F10-4D11-8505-323B92C4BAA4}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{28033CA3-E6A5-47A9-A361-52F4E9EC19AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23117FD6-D306-4371-89A0-EBF63FB6BEAE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

11-07-2022 14:08:51 Scheduled Checkpoint
13-07-2022 20:11:31 Windows Modules Installer
18-07-2022 13:43:07 Windows Defender Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/14/2022 08:48:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/14/2022 08:48:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/13/2022 09:39:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on LENOVO (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/13/2022 09:39:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows8_OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/12/2022 02:03:03 PM) (Source: nlsX86cc) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/12/2022 01:46:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LSC.exe version 3.4.2.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 136c

Start Time: 01d89548010a5df1

Termination Time: 44

Application Path: C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe

Report Id: f1d475d9-02c8-4a87-9cb1-cdd00e8291c0

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (07/11/2022 01:51:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on LENOVO (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/11/2022 01:51:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows8_OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (07/18/2022 03:27:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Device Setup Manager service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/18/2022 03:27:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Device Setup Manager service to connect.

Error: (07/18/2022 02:30:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/18/2022 02:30:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error Code: 126

Error: (07/14/2022 08:56:48 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Storage Service service hung on starting.

Error: (07/14/2022 08:49:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error Code: 126

Error: (07/14/2022 08:49:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/14/2022 08:48:04 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}


Windows Defender:
================
Date: 2022-07-18 13:39:15
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/PiriformBundler&threatid=311950&enterprise=0
Name: PUABundler:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; containerfile:_C:\Users\DeanZF1\Downloads\ccsetup551.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe->(nsis-instdata); file:_C:\Users\DeanZF1\Downloads\ccsetup551.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup551.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.371.334.0, AS: 1.371.334.0, NIS: 1.371.334.0
Engine Version: AM: 1.1.19400.3, NIS: 1.1.19400.3

Date: 2022-07-18 13:39:13
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/PiriformBundler&threatid=311950&enterprise=0
Name: PUABundler:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.371.334.0, AS: 1.371.334.0, NIS: 1.371.334.0
Engine Version: AM: 1.1.19400.3, NIS: 1.1.19400.3

Date: 2022-07-13 19:53:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-25 13:59:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-05-28 23:49:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
�Event[0]:

Date: 2022-06-25 11:17:02
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.369.227.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19300.2
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-06-25 11:10:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.659.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-06-25 11:10:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.659.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-05-19 13:05:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.129.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2022-05-19 13:05:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.129.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2022-07-18 14:41:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-07-18 14:08:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-25 11:37:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-24 17:36:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 79CN46WW(V3.05) 12/23/2013
Motherboard: LENOVO INVALID
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 58%
Total physical RAM: 8104.27 MB
Available physical RAM: 3348.53 MB
Total Virtual: 10664.27 MB
Available Virtual: 5392.97 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.77 GB) (Free:330 GB) (Model: ST500LT012-1DG142) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.65 GB) (Model: ST500LT012-1DG142) NTFS
Drive e: (RED_REDO_RED_BOX_D1) (CDROM) (Total:4.13 GB) (Free:0 GB) UDF

\\?\Volume{6d7c4922-a9af-4d60-970c-ee5befe3a751}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.64 GB) NTFS
\\?\Volume{d6f0baf5-a3be-49d4-b1e9-9517d8b5287f}\ (PBR_DRV) (Fixed) (Total:11.66 GB) (Free:2.41 GB) NTFS
\\?\Volume{0c4ca7cc-6948-4bd8-adaa-034695a51669}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3AAC8861)

Partition: GPT.

==================== End of Addition.txt =======================


Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 19, 2022, 08:04:04 AM
Hi again, PWG. 🙂

The computer is clean, but needs some tidiness.

1. Uninstall programs

ESET Online Scanner v3
You always need the latest scanner to do an online check. No need to have installed an old version. Please uninstall it.

Java 10.0.1
There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. (https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html) For now, just uninstall the old Java. If you need it, install the latest version of it at the end of this cleaning procedure.
Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

WinPatrol
A program that it is no longer gets updates, no particular reason to keep it in a Windows 10 (and above) computer.

Classic Shell
Do you need it? Some users report compatibility issues with Windows 10.


2. SkyDrive/OneDrive

OneDrive is the new name for the old SkyDrive Microsoft's cloud service. Although it's clear that you have Microsoft OneDrive installed, in the logs there are lines showing that the old name is in use:

C:\Users\DeanZF1\SkyDrive\Desktop
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}

Can you please open a File Explorer and check if there is a SkyDrive folder there? Is there a OneDrive folder too? Can you please take a screenshot and attach it in your next reply?



Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 04:44:10 PM
So far, have uninstalled Eset,Java,Winpatrol and Classic Shell

But can't seem to find the Windows system folders.  I have enabled show all hidden files/folders and also unchecked hide protected operating systems.  Still can't see the C drive windows folders.  How do I find them?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 19, 2022, 04:52:09 PM
No, I don't want you to find any hidden system file. I just asked you to open File Explorer. To do that, type File Explorer in the Search area and select it when it appears. check for SkyDrive/OneDrive in the menu at the left.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 05:25:25 PM
Yes, One Drive is listed there.   SkyDrive is not.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 05:38:19 PM
Sky drive does come up in the search under Desktop, but clicking the result takes me to the One Drive (personal) folder.  As I was clicking through some folders, I did see Sky drive listed on the left, but when I tried to go back to screenshot it, I can't find it again.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 05:42:36 PM
I think i just found it, or at least one.  there is a SkyDrive.old folder in the Dean Thomas folder.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 19, 2022, 05:59:02 PM
QuoteSky drive does come up in the search under Desktop, but clicking the result takes me to the One Drive (personal) folder.  As I was clicking through some folders, I did see Sky drive listed on the left, but when I tried to go back to screenshot it, I can't find it again.

Yes... That is an issue that occurs in some users after the change.

What do you mean on the left? When you open a File Explorer?

Check here and let me know if there are SkyDrive/OneDrive folders:

C:\Users\DeanZF1

If yes, check which folder contains files you set them to be saved in the cloud.

Let me also know if on the bottom right of the Taskbar there is a OneDrive icon (the white cloud).
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 06:23:24 PM
3 folders found there.  They were in the Windows 8 OS backup folder.  As mentioned, I cannot access the current location for C:\Users\DeanZF1  Here is the screenshot
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 06:33:10 PM
Sorry, hit post too soon.

There is a one drive white cloud in the taskbar.

The SkyDrive.old folder has one .ini file from 2014

The old OneDrive folder has an .ini file and the Documents folder from 2014

The new One Drive File contents are in the screenshot
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 19, 2022, 06:42:54 PM
Can you please answer this question:

Check here and let me know if there are SkyDrive/OneDrive folders:

C:\Users\DeanZF1

If yes, check which folder contains files you set them to be saved in the cloud.



As to the Windows 8.1, I didn't understand how it is "installed" there.
Drive c: (Windows8_OS) (Fixed) (Total:426.77 GB) (Free:330 GB) (Model: ST500LT012-1DG142) NTFS ==>[system with boot components (obtained from drive)]
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 06:52:45 PM
I think I answered in the post above yours with the screenshots?

But maybe is not clear.
Yes, there are One Drive and SkyDrive folder in C:\Users\DeanZF1\Windows8_OS (C:)

The second OneDrive folder seems to have current updated files.
The second OneDrive folder has Document folder from 2014
The SkyDrive.old file only contains an .ini file from 2014

I guess I assumed that Windows8-OS (C:) was an old folder, but the OneDrive files seem to be up to date.  Is that actually the current Windows 10 folder?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 19, 2022, 07:03:24 PM
Perhaps I was not clear. Apologies.

I meant if there are folders in C:\Users\DeanZF1. Not in another folder in DeanZF1 folder.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 07:17:05 PM
The only folders that come up when I search for  C:\Users\DeanZF1  are the ones in 
This PC > Windows8_OS (C:) > Users > DeanZF1

I don't understand why I can't access the Windows systems folders.  The DeanZF1 account is an administrator account. And yet I can't see The Windows (C:) folders.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 19, 2022, 07:49:33 PM
Now I see.

It seems that your Local Disk (C:), is Windows8_OS (C:). Since you have operating system's files there (Windows 8.1 backup), the name changed. So there isn't anything else to look for.

To sum up:

In This PC > Windows8_OS (C:) > Users > DeanZF1 you have 2 OneDrive folders and 1 SkyDrive.old folder. Only one OneDrive folder is recent-updated.

A question before I go to bed (yes, it's late here):

When you right click SkyDrive and select Properties and then click on the Location tab, what is the path you see there?

Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 08:18:43 PM
There is no sharing tab in the Properties screen for SkyDrive.old.

Under the general tab > location is:
C:\Users\DeanZF1

Also DeanZF1 account may not have full administrator access. The account listed as DeanThomas is marked administrator, so that may be my problem.  I vaguely remember something about there being a problem with the first administrator account, so this was one created to get past that. I just assumed it was also an administrator account as I can add/remove programs.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 08:23:03 PM
Sorry..typo and no way to edit.

I meant to type

There is no location tab in the Properties screen for SkyDrive.old.

Thankyou so much for helping me and being so patient with my computer illiteracy.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 19, 2022, 09:34:05 PM
QuoteScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2022
Ran by DeanZF1 (administrator) on DEANZF (LENOVO 20238) (18-07-2022 15:25:53)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Loaded Profiles: DeanZF1

The above from the FRST report in the first reply shows the FRST program running from a desktop connected to SkyDrive.  Wut?  How did that happen? I gave the browser instructions to download files to desktop, and the FRST files are sitting on the desktop I'm viewing.

I found a thread where this computer was fixed previously, and it has a normal desktop path for running the tool.  Somewhere in between, it appears something has gotten messed up.  No wonder all those file path questions were confusing both of us.

The former topic from 2015 is here: https://www.landzdown.com/index.php?topic=56110.0 
Maybe it has a clue to the mystery.  thats likely the last time any kind of maintenance was performed on Windows.

If none of this matters, and doesn't need to be fixed, that's ok.  The laptop is only being used as a backup computer currently.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 20, 2022, 06:39:41 AM
QuoteWut?  How did that happen? I gave the browser instructions to download files to desktop, and the FRST files are sitting on the desktop I'm viewing.

:D  Yes, now you see that too. That is what we are trying to fix. We can ignore it, yes, but in the future it may cause issues having to do with syncing across your devices.

So, we have two instances of OneDrive. The one is old (SkyDrive related), the other one is new.

Let's see if we can fix the mess.

1. OneDrive folders


2. Unlink this PC


3. FRST logs

Run the FRST tool and give me the two fresh logs to check, FRST and Addition.


In your next reply please post:

Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 20, 2022, 03:03:50 PM
It would only let me uncheck the two folders that had nothing in them.  Files without folders, and Public.

I unsynced as instructed, but when the computer rebooted, OneDrive resynced all the files and the two folders boxes I unchecked were checked again.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2022
Ran by DeanZF1 (administrator) on DEANZF (LENOVO 20238) (20-07-2022 09:46:45)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Loaded Profiles: DeanZF1
Platform: Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(explorer.exe ->) (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(explorer.exe ->) (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(explorer.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.131.0619.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-02-14] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-02-14] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink -> CyberLink Corp.)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [cdloader] => C:\Users\DeanZF1\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [254840 2017-03-17] (TomTom International BV -> TomTom)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1986280 2017-08-04] (TomTom International BV -> TomTom)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [121608064 2022-07-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [53160 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Windows x64\Print Processors\xp3215pp: C:\Windows\System32\spool\prtprocs\x64\xp3215pp.dll [128912 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-19] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\Lenovo\Bluetooth Software\\BtwCP.dll [2013-09-25] (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-09]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]
Startup: C:\Users\DeanZF1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-06-03]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B335E57-5CA6-400E-9075-227B8B0A7938} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0BF17E1C-6ED3-4995-8B6C-D123216FDC45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11182569-C275-4F85-A65E-73A77EABFD34} - System32\Tasks\{F67749E8-8910-4749-8654-589901F9E9E0} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {16D48D49-4318-4EC6-975D-E38C9E9241B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2285289D-95F4-4B34-A31B-2A2242B674B8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No File)
Task: {25F70752-345A-4BE9-BB13-C7B2664DB5BE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {396625AF-5F02-42D2-9E5D-1F545189AE9D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EF6C0D3-6B6A-4323-834D-228475987269} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321608 2016-12-07] (LENOVO -> Lenovo)
Task: {40510434-5EE9-4F17-A51C-F43AB8BAF9ED} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {570D9DD6-A390-4ED0-A305-3A8A637292D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {59EB335A-EFB2-4AED-BE78-109D310F42CC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5CE1AC92-D172-4A01-95A0-8E205CD4F846} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {60FF31F2-6BDF-494B-B6D3-F2465E7A56A5} - System32\Tasks\{EB055ABA-B477-419E-B301-D5160002C46D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {62F29E74-610D-4E16-9BE6-897CAF86F5F8} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {66B243CE-0B4F-49A0-B38F-6B0442FFAF38} - System32\Tasks\{735BFA4D-88DE-4476-BCC8-639ED5DF36CB} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {79FCD25F-85F3-4DF1-A031-0F807606A89F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7B5E1C21-2642-4C1E-8562-E93DBE5E2D58} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {7C2C995C-A1DE-40D6-86B2-808AF17614A9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B9052B5-16DC-4CD0-8CA5-32840CAC51C1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (No File)
Task: {8C280DB7-755A-4F46-A879-7786087DC54B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {990E8D26-BE9E-4AE2-931B-7CAE2C482074} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9AE17186-4E4E-456B-BC39-1FE20D2F5E89} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A07F9968-1390-4370-AFC9-ED04D09EA601} - System32\Tasks\Microsoft\Windows\Windows Defender\DefenderScan => windows defender (No File)
Task: {B222B5E9-E1AF-491D-8D31-09573FCF295A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B6791981-C306-4184-96BC-F5E59A1FE134} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {C0A096B6-455F-4F74-9FA7-9D85632CD2E7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C648E924-E78E-45EA-8F2C-C31F0CD76550} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.)
Task: {C9C3A79F-F987-46B9-B15F-168D8A454FBF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264328 2016-12-07] (LENOVO -> )
Task: {CA4349A7-1B4F-4451-A2D4-F17A55CF38C5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F1ECE186-F1BB-49D6-AACC-AFD2ED74227E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F5E509F9-C7B9-4DE2-ADA2-E1E62246DCED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {F7E80B7B-B78C-4AA5-ACFB-A393B2F783D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAD46F43-8D90-41A4-9D99-FF7AFC400DB9} - System32\Tasks\{275FA3AB-A5B6-4FD6-A80B-6BB53A05DBFC} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d74f6f9e-6879-4b40-9741-86a89841e757}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fc461f4f-5f4c-4a00-b5c6-65a89768f055}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\DeanZF1\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-21]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-13]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: pm6972xb.default-1444513948129
FF ProfilePath: C:\Users\DeanZF1\AppData\Roaming\TomTom\HOME\Profiles\atgo9qgp.default [2017-04-24]
FF ProfilePath: C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 [2022-07-20]
FF DownloadDir: C:\Users\DeanZF1\SkyDrive\Desktop
FF Homepage: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> hxxps://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> hxxps://us-mg6.mail.yahoo.com; hxxp://us-mg6.mail.yahoo.com; hxxps://www.instagram.com
FF Extension: (Lazarus: Form Recovery) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\lazarus@interclue.com.xpi [2016-04-30] [Legacy]
FF Extension: (Textarea Cache) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\textarea-cache-lite@wildsky.cc.xpi [2022-07-12]
FF Extension: (uBlock Origin) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\uBlock0@raymondhill.net.xpi [2022-07-12]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-07-11]
FF Extension: (Eno® from Capital One®) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2022-07-19]
FF Extension: (Textarea Cache) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi [2016-03-20] [Legacy]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default [2021-06-22]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Docs) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-25]
CHR Extension: (Google Drive) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-01]
CHR Extension: (YouTube) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-17]
CHR Extension: (Google Search) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-17]
CHR Extension: (Adobe Acrobat) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-22]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-22]
CHR Extension: (Gmail) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-22]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273544 2016-12-07] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-13] (Malwarebytes Inc. -> Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-20] (Malwarebytes Inc. -> Malwarebytes)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [14224 2021-04-01] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-20 09:28 - 2022-07-20 09:28 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-20 09:27 - 2022-07-20 09:28 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-20 09:27 - 2022-07-20 09:27 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-18 15:24 - 2022-07-20 09:49 - 000000000 ____D C:\FRST
2022-07-18 14:03 - 2022-07-18 14:03 - 000000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2022-07-18 14:02 - 2018-07-19 23:57 - 000420352 _____ C:\WINDOWS\system32\SaMinDrv.dll
2022-07-18 14:02 - 2018-07-19 23:57 - 000151040 _____ C:\WINDOWS\system32\SaImgFlt.dll
2022-07-18 14:02 - 2018-07-19 23:57 - 000068096 _____ C:\WINDOWS\system32\SaErHdlr.dll
2022-07-18 14:01 - 2022-03-23 01:51 - 000167712 _____ (SS) C:\WINDOWS\system32\xp3215ci.exe
2022-07-18 14:01 - 2022-03-23 01:51 - 000099240 _____ (SS) C:\WINDOWS\system32\xp3215ci.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-13 20:59 - 2022-07-13 20:59 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-13 20:59 - 2022-07-13 20:59 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-13 20:59 - 2022-07-13 20:59 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-13 20:58 - 2022-07-13 20:58 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-13 20:57 - 2022-07-13 20:57 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-13 20:13 - 2022-07-13 20:13 - 000000000 ___HD C:\$WinREAgent
2022-07-13 19:47 - 2022-07-13 19:47 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-12 14:51 - 2022-07-12 14:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-06-25 16:10 - 2022-06-25 16:09 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-06-25 13:58 - 2022-06-25 13:58 - 000000000 ____D C:\Users\DeanZF1\.ms-ad
2022-06-25 12:47 - 2022-06-25 12:47 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-25 12:46 - 2022-06-25 12:46 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-25 12:44 - 2022-06-25 12:44 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-20 09:46 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-20 09:45 - 2014-03-08 13:43 - 000000000 ___RD C:\Users\DeanZF1\SkyDrive
2022-07-20 09:30 - 2014-04-14 11:42 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-20 09:28 - 2015-08-07 00:30 - 000000000 __SHD C:\Users\DeanZF1\IntelGraphicsProfiles
2022-07-20 09:27 - 2022-01-21 11:48 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\IGDump
2022-07-20 09:27 - 2017-09-21 16:36 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-07-20 09:26 - 2021-03-16 01:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-20 09:26 - 2021-03-16 00:36 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-20 09:25 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-20 09:25 - 2016-11-19 12:28 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\Mozilla
2022-07-20 09:21 - 2021-03-16 00:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-19 18:19 - 2022-02-28 11:12 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-19 16:22 - 2014-04-14 11:43 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-19 16:22 - 2014-04-14 11:43 - 000002302 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-19 14:53 - 2014-04-18 15:33 - 000000000 ____D C:\ProgramData\Nero
2022-07-19 11:53 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-19 11:53 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-19 11:18 - 2017-12-07 16:31 - 000000000 ____D C:\Users\DeanZF1\AppData\Local\Packages
2022-07-19 10:59 - 2014-03-10 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-07-19 10:59 - 2014-03-10 00:03 - 000000000 ____D C:\ProgramData\InstallMate
2022-07-18 15:18 - 2018-07-12 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-07-18 14:55 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-18 14:05 - 2021-03-16 01:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Leader Technologies
2022-07-18 14:04 - 2016-04-09 19:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers
2022-07-18 14:04 - 2016-04-09 19:51 - 000000000 ____D C:\Program Files (x86)\Xerox
2022-07-18 14:03 - 2016-04-07 01:10 - 000000000 ____D C:\ProgramData\Xerox
2022-07-17 16:12 - 2014-10-27 14:38 - 000000000 ____D C:\Users\DeanZF1\AppData\Local\ElevatedDiagnostics
2022-07-16 12:59 - 2020-06-23 07:44 - 000002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-16 12:59 - 2020-06-23 07:44 - 000002318 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-14 08:56 - 2021-03-16 00:58 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-14 08:49 - 2021-03-16 00:36 - 000459320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-14 08:49 - 2016-09-24 14:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-07-14 08:49 - 2014-03-05 16:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-14 08:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-13 21:07 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-13 20:57 - 2021-03-16 00:40 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-13 20:05 - 2014-03-07 15:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-13 19:58 - 2014-03-07 15:50 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-12 14:51 - 2014-03-05 16:23 - 000001274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-12 13:48 - 2021-12-19 10:04 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2910419722-4152969464-3579386052-1001
2022-07-12 13:48 - 2021-03-16 01:16 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2910419722-4152969464-3579386052-1001
2022-07-12 13:48 - 2021-03-16 00:46 - 000002437 _____ C:\Users\DeanZF1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-11 12:22 - 2014-03-05 17:00 - 000000000 ____D C:\Users\DeanZF1\AppData\Roaming\Nitro PDF
2022-06-25 20:56 - 2014-06-03 14:00 - 000000000 ____D C:\Users\DeanZF1\SkyDrive\Documents\OneNote Notebooks
2022-06-25 16:11 - 2021-06-25 18:47 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-06-25 16:11 - 2020-08-21 12:00 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-06-25 16:11 - 2019-08-02 12:35 - 000002063 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-06-25 16:10 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-06-25 16:09 - 2019-08-02 12:35 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-25 16:08 - 2018-01-27 15:23 - 000000000 ____D C:\Program Files\Malwarebytes
2022-06-25 16:08 - 2014-03-16 20:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-06-25 16:03 - 2021-03-16 00:46 - 000000000 ____D C:\Users\DeanZF1
2022-06-25 13:49 - 2018-02-25 19:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-25 13:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-25 11:22 - 2018-07-18 17:01 - 000000000 ____D C:\ProgramData\Packages
2022-06-25 10:47 - 2021-04-13 13:10 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71a29478c6d0b
2022-06-25 10:47 - 2021-03-16 01:16 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

==================== Files in the root of some directories ========

2014-03-10 01:20 - 2017-04-11 02:59 - 000001334 _____ () C:\Users\DeanZF1\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2020-03-15 12:51 - 2020-03-15 12:51 - 000000000 _____ () C:\Users\DeanZF1\AppData\Local\{E4FEAFCA-B66A-417D-BE04-B925AA117C0E}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2022
Ran by DeanZF1 (20-07-2022 09:54:30)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2021-03-16 06:17:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2910419722-4152969464-3579386052-500 - Administrator - Disabled)
DeanZF1 (S-1-5-21-2910419722-4152969464-3579386052-1001 - Administrator - Enabled) => C:\Users\DeanZF1
DefaultAccount (S-1-5-21-2910419722-4152969464-3579386052-503 - Limited - Disabled)
Guest (S-1-5-21-2910419722-4152969464-3579386052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2910419722-4152969464-3579386052-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2910419722-4152969464-3579386052-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\{63B5DA5A-477B-438D-A6A0-118787A4C71B}) (Version: 24.0.0.180 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Amazon Kindle) (Version: 1.27.0.56109 - Amazon)
Band-in-a-Box Server (HKLM-x32\...\BBServer_is1) (Version:  - PG Music Inc.)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
CoyoteWT 1.1 (HKLM-x32\...\CoyoteWT_is1) (Version:  - Coyote Electronics Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{96714280-14E6-4DF7-BACD-F797C0F17C3D}) (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{89AFB053-A343-46EF-97E4-D593AD7184E6}) (Version: 1.28.487.1 - Intel Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version:  - LifeScan Inc)
magicJack (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Meter Drivers for OneTouch(R) Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan)
Microsoft Audio Enhancement Troubleshooter installer (HKLM\...\{6E0351FF-6A71-45C5-A041-D4D9D8067EAF}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version:  - )
PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG_DX_Plugins_is1) (Version:  - PG Music Inc.)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
RealTracks Shots and Holds 3 (HKLM-x32\...\BB_is1) (Version:  - PG Music Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
SetIP (HKLM-x32\...\Xerox_SetIP) (Version: 2.00.00.01 - Xerox Ltd.)
Skype version 8.86 (HKLM-x32\...\Skype_is1) (Version: 8.86 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.06.00 (5/12/2021) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.02(6/6/2021) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox OCR Software (HKLM-x32\...\Xerox OCR Software) (Version: 1.00.18 (4/14/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.10 (3/24/2022) - Xerox Corporation)
Zoom (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\ZoomUMX) (Version: 5.2.3 (45120.0906) - Zoom Video Communications, Inc.)

Packages:
=========
*Solitaire Collection -> C:\Program Files\WindowsApps\12291raymond.li.SolitaireCollection_1.1.21.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Camera Man -> C:\Program Files\WindowsApps\E0469640.CameraMan_1.0.1929.30229_x86__5grkq8ppsgwt4 [2015-03-07] (LENOVO INC)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-07-11] (Dolby Laboratories)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-03-07] (eBay, Inc)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.40.9.0_x64__q4d96b2w5wcc2 [2022-07-11] (Evernote)
Lenovo Support -> C:\Program Files\WindowsApps\E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8 [2015-03-07] (Lenovo, INC.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2206.16.0_x64__k1h2ywk1493x8 [2022-06-27] (LENOVO INC.)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-11] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-29] (Microsoft Corporation)
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2015-03-07] (CYBERLINK COM CORPORATION)
Solitaire Collection+ -> C:\Program Files\WindowsApps\12291raymond.li.5987855B3B0BC_1.1.16.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Spider Solitaire++ -> C:\Program Files\WindowsApps\12291raymond.li.31631ED225837_1.1.16.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Sudoku2 -> C:\Program Files\WindowsApps\12291raymond.li.Sudoku2_1.1.21.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
YouSendIt for Lenovo -> C:\Program Files\WindowsApps\YouSendIt.YouSendItForLenovo_1.0.5.1412_neutral__069rkrpjefrbc [2015-03-07] (YouSendIt)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2015-03-07] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-25] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.clmp3enc] => C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM [217088 2005-05-13] (CyberLink Corp.) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2014-09-11 10:05 - 2014-09-11 10:05 - 000036352 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 10:06 - 2014-09-11 10:06 - 000038912 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000032256 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000021504 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000027648 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000021504 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000381952 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000204800 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000218112 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 000015872 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000015360 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000307712 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000014848 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000252928 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
2014-09-11 10:06 - 2014-09-11 10:06 - 000878592 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2017-02-08 08:51 - 2017-02-08 08:51 - 004112384 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Core.dll
2014-09-11 09:56 - 2014-09-11 09:56 - 004350464 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Gui.dll
2014-09-11 09:54 - 2014-09-11 09:54 - 000850432 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Network.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 000203776 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Svg.dll
2014-09-11 10:00 - 2014-09-11 10:00 - 004372480 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Widgets.dll
2014-09-11 09:54 - 2014-09-11 09:54 - 000152064 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Xml.dll
2013-08-31 00:18 - 2013-08-31 00:18 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-08-31 00:18 - 2013-08-31 00:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2014-02-14 04:00 - 2014-02-14 04:00 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Lenovo\PowerDVD10\MSVCR71.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 023507968 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icudt52.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 001798656 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icuin52.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 001304064 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icuuc52.dll
2016-11-29 05:00 - 2016-11-29 05:00 - 001184256 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\LIBEAY32.dll
2016-11-29 05:00 - 2016-11-29 05:00 - 000254976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\ssleay32.dll
2017-08-04 05:25 - 2017-08-04 05:25 - 000130048 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\DeviceNavEthernetCore.dll
2017-08-04 05:29 - 2017-08-04 05:29 - 000032768 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\UIController.dll
2014-05-16 01:48 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> DefaultScope {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Lenovo\Bluetooth Software\;C:\Program Files\Lenovo\Bluetooth Software\syswow64;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\StartupApproved\Run: => "cdloader"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{81A494CA-2629-4B91-B1F2-FD7FCECA7C39}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{01FDF7FD-EA42-4FBF-82C3-ADA2D5D2C332}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{EE6542DB-0674-4C4D-9EE8-3CB4F577C624}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{91730A7A-17FE-4B9E-A873-3DFDBC723FD8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{58ACF143-D724-466E-AF27-762F986AD2C1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{55C1243C-049A-4AC0-8751-80A794543BF1}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{5919411A-9B29-463E-8944-3483AC8D46E9}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [UDP Query User{9D1A61E4-727F-438D-BFDC-597092DC25FA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3BD5F064-C45D-4669-B97B-4D7CBD4BE9BB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{92D90A2D-D1F5-4BD9-9B44-2743B73E7342}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{02525CE2-4CC0-428A-963D-E97659836911}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{5E92661E-4867-42ED-8BCF-9842AEFD4921}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{1AB7BFA6-DE51-4AE9-9891-3431883A3228}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BCCD3AA9-83A1-42F4-A087-B596FEEA429C}] => (Allow) C:\BB\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [File not signed]
FirewallRules: [{474AB47D-634B-43E5-A272-7B7D9D68BB55}] => (Allow) C:\BB\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [File not signed]
FirewallRules: [UDP Query User{B5DBE26C-036E-4C9F-8EE4-A12D70434AD7}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{DB6FADE1-00C2-4B32-ABC2-25F85148E32A}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{903E534C-971D-4785-A511-009E8EC6F5F2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{CDAD3E55-4C2E-4D39-B143-12566DC3F78C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{1CB0D526-1F52-40D9-B11A-288320DE71A4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{E6E55DE7-A7E5-48F2-80F7-0CB61C39C068}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{FD3906D1-8F2E-4B59-8C71-6D34C1B3B87D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{E8C88A37-2F37-4B2D-9285-8D96C0555737}] => (Allow) C:\Users\DeanZF1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{BDF2441A-FAAA-416A-8B4A-5D245DBFF2BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe => No File
FirewallRules: [{EEA1A2C0-9150-4069-8C07-FD2C7DC04753}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F2C08020-E6A7-49FD-8BB1-DFA93FD4AF7D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B250C240-DAC7-46BC-BCE0-2CF86B1CA89A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{923B4769-353D-4825-A209-85BB949983C0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{1C2D0EEF-CB84-442A-82EF-E1BB4F2DDE92}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{71E97009-9091-40D5-9036-04CB5EC3C461}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{B9EDD51E-BF0A-467B-A6C7-E8CF72809848}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{6D2434DF-813D-48B7-A992-7EBC974FA7CE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{C45F6DA0-B877-460B-8E09-8A310996B30E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [TCP Query User{F1B953A7-3D93-4EE8-BC58-7080E2F49FD4}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [UDP Query User{5FC20A24-DA48-4821-8C4F-4FB3A4E74135}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{2B91BD1E-1601-423E-8DBA-D07702E434CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D75DA94-9C04-46C5-A867-22567893DF74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8AAAECA2-AA48-46BF-90AA-74624CC43BF6}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [TCP Query User{FCDB7B71-EAC9-48E8-98D2-556D9698A2FB}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{EA57FBE9-C280-42B3-B471-F82D565B0484}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC44FBFA-6555-446E-8D7D-3646B46D78CC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{7C388480-EF9C-40C6-8B57-68626252E2C2}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{06D98C0E-C757-44FA-B442-6A1427F25C04}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{431DB7EE-49B6-4526-AE5E-6D403F5A77BC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{75E0915D-A199-400D-854A-B48BC7FF6052}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{8E6670EB-CE9D-4A4A-B37D-033B6102A626}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{769A0369-326F-4A84-BBF1-B1DB643C4929}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{A2FC424D-0D71-4129-8E49-B5CE2F672DC0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97849000-BF39-4F46-8CEE-492D89789EEC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{6F5BEDD7-0264-4F9E-A731-FA751201B595}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{82D7A728-112A-4EED-A978-EBFB3F55968E}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{B7E6DE97-2A7C-40D0-B562-7FB71B575A38}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{4242F9E2-3731-4CFB-A81A-E5E474FFA59C}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{7D2AE3CE-1F10-4D11-8505-323B92C4BAA4}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{28033CA3-E6A5-47A9-A361-52F4E9EC19AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23117FD6-D306-4371-89A0-EBF63FB6BEAE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4324068-CAE0-4626-979D-E3C82C87DE6E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{99D0F8F2-EEDB-4927-97FD-CEA5A8F39C5E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BD18CA44-9D1E-4A8D-A231-EC6B280A6DAD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B70BA22F-F5A2-4180-A356-1E7952274CF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A2E6820B-2B40-43CA-B4B2-71B9D13B5EE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-07-2022 20:11:31 Windows Modules Installer
18-07-2022 13:43:07 Windows Defender Checkpoint
19-07-2022 14:50:43 Removed Nero BurnLite 10.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/19/2022 02:55:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/19/2022 02:55:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/19/2022 02:55:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/19/2022 02:55:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/14/2022 08:48:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/14/2022 08:48:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/13/2022 09:39:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on LENOVO (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/13/2022 09:39:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows8_OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (07/20/2022 09:27:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/20/2022 09:27:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (07/20/2022 09:26:45 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error Code: 126

Error: (07/20/2022 09:26:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/19/2022 06:13:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.371.444.0).

Error: (07/19/2022 02:57:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/19/2022 02:57:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (07/19/2022 02:56:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
================
Date: 2022-07-19 16:20:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-19 15:11:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-19 14:41:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-18 13:39:15
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/PiriformBundler&threatid=311950&enterprise=0
Name: PUABundler:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; containerfile:_C:\Users\DeanZF1\Downloads\ccsetup551.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe->(nsis-instdata); file:_C:\Users\DeanZF1\Downloads\ccsetup551.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup551.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.371.334.0, AS: 1.371.334.0, NIS: 1.371.334.0
Engine Version: AM: 1.1.19400.3, NIS: 1.1.19400.3

Date: 2022-07-18 13:39:13
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/PiriformBundler&threatid=311950&enterprise=0
Name: PUABundler:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.371.334.0, AS: 1.371.334.0, NIS: 1.371.334.0
Engine Version: AM: 1.1.19400.3, NIS: 1.1.19400.3
�Event

Date: 2022-06-25 11:17:02
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.369.227.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19300.2
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-06-25 11:10:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.659.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-06-25 11:10:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.659.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-05-19 13:05:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.129.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2022-05-19 13:05:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.129.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2022-07-19 15:07:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-07-18 14:08:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-25 11:37:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-24 17:36:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 79CN46WW(V3.05) 12/23/2013
Motherboard: LENOVO INVALID
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 8104.27 MB
Available physical RAM: 4309.35 MB
Total Virtual: 10664.27 MB
Available Virtual: 6917.13 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.77 GB) (Free:330.83 GB) (Model: ST500LT012-1DG142) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.65 GB) (Model: ST500LT012-1DG142) NTFS
Drive e: (RED_REDO_RED_BOX_D1) (CDROM) (Total:4.13 GB) (Free:0 GB) UDF

\\?\Volume{6d7c4922-a9af-4d60-970c-ee5befe3a751}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.64 GB) NTFS
\\?\Volume{d6f0baf5-a3be-49d4-b1e9-9517d8b5287f}\ (PBR_DRV) (Fixed) (Total:11.66 GB) (Free:2.41 GB) NTFS
\\?\Volume{0c4ca7cc-6948-4bd8-adaa-034695a51669}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3AAC8861)

Partition: GPT.

==================== End of Addition.txt =======================

Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 20, 2022, 07:26:02 PM
Hi, PWG.

I didn't find time to review your reply. I'll be back to you tomorrow.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 20, 2022, 09:22:44 PM
Thanks. :)
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 21, 2022, 05:57:24 PM
Hi, PWG.

Let's run an FRST fix. At the same time, I will be asking you to do some things regarding the SkyDrive/OneDrive issue.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
Code (auto:0) Select
Start::
CreateRestorePoint:
CloseProcesses:
Task: {0B335E57-5CA6-400E-9075-227B8B0A7938} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0BF17E1C-6ED3-4995-8B6C-D123216FDC45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {16D48D49-4318-4EC6-975D-E38C9E9241B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2285289D-95F4-4B34-A31B-2A2242B674B8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No File)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {396625AF-5F02-42D2-9E5D-1F545189AE9D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {40510434-5EE9-4F17-A51C-F43AB8BAF9ED} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {59EB335A-EFB2-4AED-BE78-109D310F42CC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7C2C995C-A1DE-40D6-86B2-808AF17614A9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B9052B5-16DC-4CD0-8CA5-32840CAC51C1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (No File)
Task: {990E8D26-BE9E-4AE2-931B-7CAE2C482074} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9AE17186-4E4E-456B-BC39-1FE20D2F5E89} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A07F9968-1390-4370-AFC9-ED04D09EA601} - System32\Tasks\Microsoft\Windows\Windows Defender\DefenderScan => windows defender (No File)
Task: {B222B5E9-E1AF-491D-8D31-09573FCF295A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CA4349A7-1B4F-4451-A2D4-F17A55CF38C5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {7B5E1C21-2642-4C1E-8562-E93DBE5E2D58} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F1ECE186-F1BB-49D6-AACC-AFD2ED74227E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
2022-07-19 10:59 - 2014-03-10 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-07-11 12:22 - 2014-03-05 17:00 - 000000000 ____D C:\Users\DeanZF1\AppData\Roaming\Nitro PDF
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> DefaultScope {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FirewallRules: [{81A494CA-2629-4B91-B1F2-FD7FCECA7C39}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{01FDF7FD-EA42-4FBF-82C3-ADA2D5D2C332}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{903E534C-971D-4785-A511-009E8EC6F5F2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{CDAD3E55-4C2E-4D39-B143-12566DC3F78C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{1CB0D526-1F52-40D9-B11A-288320DE71A4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{E6E55DE7-A7E5-48F2-80F7-0CB61C39C068}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{FD3906D1-8F2E-4B59-8C71-6D34C1B3B87D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{E8C88A37-2F37-4B2D-9285-8D96C0555737}] => (Allow) C:\Users\DeanZF1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{BDF2441A-FAAA-416A-8B4A-5D245DBFF2BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe => No File
FirewallRules: [{71E97009-9091-40D5-9036-04CB5EC3C461}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{B9EDD51E-BF0A-467B-A6C7-E8CF72809848}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{6D2434DF-813D-48B7-A992-7EBC974FA7CE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{C45F6DA0-B877-460B-8E09-8A310996B30E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::


2. Question

You said:

QuoteSky drive does come up in the search under Desktop, but clicking the result takes me to the One Drive (personal) folder.

Can you tell me to which OneDrive folder does it take you? The one with the recently modified folders or the other?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 21, 2022, 07:44:57 PM
The File Explorer Desktop search is not bringing up any SkyDrive results now.

But if I put C:\Users\DeanZF1\SkyDrive\Desktop  in the windows search box, the file path that comes up is:
This PC >Windows8_OS (C:)>  Users > DeanZF1> OneDrive (Personal)> Desktop.

The files in there are current.


Fix result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by DeanZF1 (21-07-2022 13:17:19) Run:1
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Loaded Profiles: DeanZF1
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Task: {0B335E57-5CA6-400E-9075-227B8B0A7938} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0BF17E1C-6ED3-4995-8B6C-D123216FDC45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {16D48D49-4318-4EC6-975D-E38C9E9241B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2285289D-95F4-4B34-A31B-2A2242B674B8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No File)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {396625AF-5F02-42D2-9E5D-1F545189AE9D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {40510434-5EE9-4F17-A51C-F43AB8BAF9ED} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {59EB335A-EFB2-4AED-BE78-109D310F42CC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7C2C995C-A1DE-40D6-86B2-808AF17614A9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B9052B5-16DC-4CD0-8CA5-32840CAC51C1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (No File)
Task: {990E8D26-BE9E-4AE2-931B-7CAE2C482074} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9AE17186-4E4E-456B-BC39-1FE20D2F5E89} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A07F9968-1390-4370-AFC9-ED04D09EA601} - System32\Tasks\Microsoft\Windows\Windows Defender\DefenderScan => windows defender (No File)
Task: {B222B5E9-E1AF-491D-8D31-09573FCF295A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CA4349A7-1B4F-4451-A2D4-F17A55CF38C5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {7B5E1C21-2642-4C1E-8562-E93DBE5E2D58} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F1ECE186-F1BB-49D6-AACC-AFD2ED74227E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
2022-07-19 10:59 - 2014-03-10 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-07-11 12:22 - 2014-03-05 17:00 - 000000000 ____D C:\Users\DeanZF1\AppData\Roaming\Nitro PDF
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> DefaultScope {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FirewallRules: [{81A494CA-2629-4B91-B1F2-FD7FCECA7C39}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{01FDF7FD-EA42-4FBF-82C3-ADA2D5D2C332}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{903E534C-971D-4785-A511-009E8EC6F5F2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{CDAD3E55-4C2E-4D39-B143-12566DC3F78C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{1CB0D526-1F52-40D9-B11A-288320DE71A4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{E6E55DE7-A7E5-48F2-80F7-0CB61C39C068}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{FD3906D1-8F2E-4B59-8C71-6D34C1B3B87D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{E8C88A37-2F37-4B2D-9285-8D96C0555737}] => (Allow) C:\Users\DeanZF1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{BDF2441A-FAAA-416A-8B4A-5D245DBFF2BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe => No File
FirewallRules: [{71E97009-9091-40D5-9036-04CB5EC3C461}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{B9EDD51E-BF0A-467B-A6C7-E8CF72809848}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{6D2434DF-813D-48B7-A992-7EBC974FA7CE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{C45F6DA0-B877-460B-8E09-8A310996B30E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B335E57-5CA6-400E-9075-227B8B0A7938}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B335E57-5CA6-400E-9075-227B8B0A7938}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BF17E1C-6ED3-4995-8B6C-D123216FDC45}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BF17E1C-6ED3-4995-8B6C-D123216FDC45}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16D48D49-4318-4EC6-975D-E38C9E9241B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16D48D49-4318-4EC6-975D-E38C9E9241B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2285289D-95F4-4B34-A31B-2A2242B674B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2285289D-95F4-4B34-A31B-2A2242B674B8}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{396625AF-5F02-42D2-9E5D-1F545189AE9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{396625AF-5F02-42D2-9E5D-1F545189AE9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40510434-5EE9-4F17-A51C-F43AB8BAF9ED}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40510434-5EE9-4F17-A51C-F43AB8BAF9ED}" => removed successfully
C:\WINDOWS\System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent E7CF176E110C211B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59EB335A-EFB2-4AED-BE78-109D310F42CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59EB335A-EFB2-4AED-BE78-109D310F42CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C2C995C-A1DE-40D6-86B2-808AF17614A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C2C995C-A1DE-40D6-86B2-808AF17614A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B9052B5-16DC-4CD0-8CA5-32840CAC51C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B9052B5-16DC-4CD0-8CA5-32840CAC51C1}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64 35" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{990E8D26-BE9E-4AE2-931B-7CAE2C482074}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{990E8D26-BE9E-4AE2-931B-7CAE2C482074}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AE17186-4E4E-456B-BC39-1FE20D2F5E89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AE17186-4E4E-456B-BC39-1FE20D2F5E89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A07F9968-1390-4370-AFC9-ED04D09EA601}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A07F9968-1390-4370-AFC9-ED04D09EA601}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\DefenderScan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\DefenderScan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B222B5E9-E1AF-491D-8D31-09573FCF295A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B222B5E9-E1AF-491D-8D31-09573FCF295A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA4349A7-1B4F-4451-A2D4-F17A55CF38C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4349A7-1B4F-4451-A2D4-F17A55CF38C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B5E1C21-2642-4C1E-8562-E93DBE5E2D58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B5E1C21-2642-4C1E-8562-E93DBE5E2D58}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1ECE186-F1BB-49D6-AACC-AFD2ED74227E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1ECE186-F1BB-49D6-AACC-AFD2ED74227E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol => moved successfully
C:\Users\DeanZF1\AppData\Roaming\Nitro PDF => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81A494CA-2629-4B91-B1F2-FD7FCECA7C39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01FDF7FD-EA42-4FBF-82C3-ADA2D5D2C332}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{903E534C-971D-4785-A511-009E8EC6F5F2}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CDAD3E55-4C2E-4D39-B143-12566DC3F78C}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1CB0D526-1F52-40D9-B11A-288320DE71A4}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6E55DE7-A7E5-48F2-80F7-0CB61C39C068}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD3906D1-8F2E-4B59-8C71-6D34C1B3B87D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8C88A37-2F37-4B2D-9285-8D96C0555737}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDF2441A-FAAA-416A-8B4A-5D245DBFF2BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71E97009-9091-40D5-9036-04CB5EC3C461}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9EDD51E-BF0A-467B-A6C7-E8CF72809848}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D2434DF-813D-48B7-A992-7EBC974FA7CE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C45F6DA0-B877-460B-8E09-8A310996B30E}" => removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19044.1826


[==                         3.8%                           ]

[==                         3.8%                           ]

[==                         3.8%                           ]

[==                         3.9%                           ]

[==                         4.0%                           ]

[==                         4.0%                           ]

[==                         4.1%                           ]

[==                         4.2%                           ]

[==                         4.4%                           ]

[==                         4.5%                           ]

[==                         4.6%                           ]

[==                         4.7%                           ]

[==                         4.8%                           ]

[==                         4.9%                           ]

[==                         5.0%                           ]

[==                         5.1%                           ]

[==                         5.1%                           ]

[===                        5.2%                           ]

[===                        5.3%                           ]

[===                        5.4%                           ]

[===                        5.4%                           ]

[===                        5.5%                           ]

[===                        5.6%                           ]

[===                        5.7%                           ]

[===                        5.7%                           ]

[===                        5.9%                           ]

[===                        6.0%                           ]

[===                        6.1%                           ]

[===                        6.3%                           ]

[===                        6.3%                           ]

[===                        6.6%                           ]

[===                        6.8%                           ]

[====                       6.9%                           ]

[====                       7.1%                           ]

[====                       7.2%                           ]

[====                       7.2%                           ]

[====                       7.3%                           ]

[====                       7.5%                           ]

[====                       7.5%                           ]

[====                       7.7%                           ]

[====                       7.8%                           ]

[====                       7.8%                           ]

[====                       8.0%                           ]

[====                       8.2%                           ]

[====                       8.3%                           ]

[====                       8.5%                           ]

[=====                      8.7%                           ]

[=====                      8.8%                           ]

[=====                      9.1%                           ]

[=====                      9.3%                           ]

[=====                      9.4%                           ]

[=====                      9.5%                           ]

[=====                      9.7%                           ]

[=====                      9.9%                           ]

[=====                      10.0%                          ]

[=====                      10.0%                          ]

[=====                      10.1%                          ]

[=====                      10.2%                          ]

[=====                      10.3%                          ]

[======                     10.6%                          ]

[======                     10.7%                          ]

[======                     10.9%                          ]

[======                     11.0%                          ]

[======                     11.2%                          ]

[======                     11.3%                          ]

[======                     11.4%                          ]

[======                     11.6%                          ]

[======                     11.7%                          ]

[======                     11.8%                          ]

[======                     11.9%                          ]

[======                     12.0%                          ]

[=======                    12.2%                          ]

[=======                    12.2%                          ]

[=======                    12.3%                          ]

[=======                    12.5%                          ]

[=======                    12.6%                          ]

[=======                    12.8%                          ]

[=======                    13.0%                          ]

[=======                    13.1%                          ]

[=======                    13.2%                          ]

[=======                    13.3%                          ]

[=======                    13.5%                          ]

[=======                    13.5%                          ]

[=======                    13.7%                          ]

[========                   14.0%                          ]

[========                   14.1%                          ]

[========                   14.1%                          ]

[========                   14.4%                          ]

[========                   14.4%                          ]

[========                   14.6%                          ]

[========                   14.6%                          ]

[========                   14.8%                          ]

[========                   14.9%                          ]

[========                   15.0%                          ]

[========                   15.1%                          ]

[========                   15.2%                          ]

[========                   15.4%                          ]

[=========                  15.6%                          ]

[=========                  15.8%                          ]

[=========                  16.4%                          ]

[=========                  16.8%                          ]

[==========                 17.4%                          ]

[==========                 17.7%                          ]

[==========                 18.0%                          ]

[==========                 18.2%                          ]

[==========                 18.4%                          ]

[==========                 18.7%                          ]

[==========                 18.9%                          ]

[==========                 18.9%                          ]

[===========                19.1%                          ]

[===========                19.2%                          ]

[===========                19.2%                          ]

[===========                19.5%                          ]

[===========                19.8%                          ]

[===========                19.9%                          ]

[===========                20.2%                          ]

[===========                20.5%                          ]

[============               20.8%                          ]

[============               21.0%                          ]

[============               21.1%                          ]

[============               21.4%                          ]

[============               21.7%                          ]

[============               22.0%                          ]

[============               22.3%                          ]

[=============              22.4%                          ]

[=============              22.6%                          ]

[=============              22.7%                          ]

[=============              22.8%                          ]

[=============              23.1%                          ]

[=============              23.3%                          ]

[=============              23.4%                          ]

[=============              23.5%                          ]

[=============              23.5%                          ]

[=============              23.8%                          ]

[=============              23.9%                          ]

[=============              24.1%                          ]

[==============             24.3%                          ]

[==============             24.4%                          ]

[==============             24.5%                          ]

[==============             24.7%                          ]

[==============             24.8%                          ]

[==============             24.8%                          ]

[==============             24.8%                          ]

[==============             24.9%                          ]

[==============             24.9%                          ]

[==============             25.0%                          ]

[==============             25.0%                          ]

[==============             25.1%                          ]

[==============             25.3%                          ]

[==============             25.4%                          ]

[==============             25.5%                          ]

[==============             25.6%                          ]

[==============             25.7%                          ]

[===============            25.9%                          ]

[===============            26.0%                          ]

[===============            26.3%                          ]

[===============            26.4%                          ]

[===============            26.6%                          ]

[===============            26.7%                          ]

[===============            26.9%                          ]

[===============            27.1%                          ]

[===============            27.2%                          ]

[===============            27.4%                          ]

[===============            27.5%                          ]

[===============            27.5%                          ]

[================           27.6%                          ]

[================           27.8%                          ]

[================           27.9%                          ]

[================           28.1%                          ]

[================           28.2%                          ]

[================           28.3%                          ]

[================           28.5%                          ]

[================           28.5%                          ]

[================           28.5%                          ]

[================           28.6%                          ]

[================           28.8%                          ]

[================           29.1%                          ]

[================           29.2%                          ]

[=================          29.4%                          ]

[=================          29.6%                          ]

[=================          29.7%                          ]

[=================          29.7%                          ]

[=================          30.0%                          ]

[=================          30.3%                          ]

[=================          30.3%                          ]

[=================          30.4%                          ]

[=================          30.5%                          ]

[=================          30.6%                          ]

[=================          30.6%                          ]

[=================          30.9%                          ]

[=================          31.0%                          ]

[==================         31.1%                          ]

[==================         31.2%                          ]

[==================         31.2%                          ]

[==================         31.3%                          ]

[==================         31.4%                          ]

[==================         31.5%                          ]

[==================         31.5%                          ]

[==================         31.6%                          ]

[==================         31.7%                          ]

[==================         31.8%                          ]

[==================         31.9%                          ]

[==================         32.2%                          ]

[==================         32.2%                          ]

[==================         32.4%                          ]

[==================         32.4%                          ]

[==================         32.5%                          ]

[==================         32.7%                          ]

[===================        32.8%                          ]

[===================        32.9%                          ]

[===================        33.0%                          ]

[===================        33.1%                          ]

[===================        33.2%                          ]

[===================        33.4%                          ]

[===================        33.5%                          ]

[===================        33.6%                          ]

[===================        33.8%                          ]

[===================        33.9%                          ]

[===================        34.2%                          ]

[===================        34.3%                          ]

[===================        34.3%                          ]

[===================        34.3%                          ]

[===================        34.4%                          ]

[====================       34.5%                          ]

[====================       34.5%                          ]

[====================       34.6%                          ]

[====================       34.6%                          ]

[====================       34.7%                          ]

[====================       34.8%                          ]

[====================       35.0%                          ]

[====================       35.1%                          ]

[====================       35.5%                          ]

[====================       35.6%                          ]

[====================       35.7%                          ]

[====================       35.7%                          ]

[====================       35.8%                          ]

[====================       35.8%                          ]

[====================       35.8%                          ]

[====================       35.8%                          ]

[====================       35.8%                          ]

[====================       35.9%                          ]

[====================       36.0%                          ]

[====================       36.1%                          ]

[====================       36.1%                          ]

[====================       36.2%                          ]

[====================       36.2%                          ]

[=====================      36.2%                          ]

[=====================      36.3%                          ]

[=====================      36.3%                          ]

[=====================      36.3%                          ]

[=====================      36.4%                          ]

[=====================      36.4%                          ]

[=====================      36.4%                          ]

[=====================      36.5%                          ]

[=====================      36.5%                          ]

[=====================      36.5%                          ]

[=====================      36.6%                          ]

[=====================      36.7%                          ]

[=====================      36.7%                          ]

[=====================      36.7%                          ]

[=====================      36.8%                          ]

[=====================      36.8%                          ]

[=====================      36.8%                          ]

[=====================      36.8%                          ]

[=====================      36.8%                          ]

[=====================      36.9%                          ]

[=====================      37.0%                          ]

[=====================      37.0%                          ]

[=====================      37.0%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.2%                          ]

[=====================      37.3%                          ]

[=====================      37.3%                          ]

[=====================      37.3%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.5%                          ]

[=====================      37.6%                          ]

[=====================      37.6%                          ]

[=====================      37.6%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.8%                          ]

[=====================      37.9%                          ]

[=====================      37.9%                          ]

[=====================      37.9%                          ]

[======================     38.0%                          ]

[======================     38.0%                          ]

[======================     38.0%                          ]

[======================     38.1%                          ]

[======================     38.2%                          ]

[======================     38.3%                          ]

[======================     38.3%                          ]

[======================     38.4%                          ]

[======================     38.5%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.8%                          ]

[======================     38.8%                          ]

[======================     38.8%                          ]

[======================     38.9%                          ]

[======================     38.9%                          ]

[======================     39.2%                          ]

[======================     39.2%                          ]

[======================     39.2%                          ]

[======================     39.3%                          ]

[======================     39.4%                          ]

[======================     39.5%                          ]

[======================     39.5%                          ]

[======================     39.6%                          ]

[======================     39.6%                          ]

[=======================    39.7%                          ]

[=======================    39.8%                          ]

[=======================    39.8%                          ]

[=======================    39.8%                          ]

[=======================    39.9%                          ]

[=======================    39.9%                          ]

[=======================    40.0%                          ]

[=======================    40.1%                          ]

[=======================    40.2%                          ]

[=======================    40.3%                          ]

[=======================    40.5%                          ]

[=======================    40.6%                          ]

[=======================    40.6%                          ]

[=======================    40.7%                          ]

[=======================    40.7%                          ]

[=======================    40.8%                          ]

[=======================    40.9%                          ]

[=======================    40.9%                          ]

[=======================    41.0%                          ]

[=======================    41.1%                          ]

[=======================    41.1%                          ]

[=======================    41.3%                          ]

[=======================    41.4%                          ]

[========================   41.4%                          ]

[========================   41.5%                          ]

[========================   41.7%                          ]

[========================   41.7%                          ]

[========================   41.9%                          ]

[========================   42.0%                          ]

[========================   42.1%                          ]

[========================   42.3%                          ]

[========================   42.4%                          ]

[========================   42.6%                          ]

[========================   42.6%                          ]

[========================   42.7%                          ]

[========================   42.9%                          ]

[========================   42.9%                          ]

[========================   43.1%                          ]

[=========================  43.2%                          ]

[=========================  43.3%                          ]

[=========================  43.5%                          ]

[=========================  43.7%                          ]

[=========================  43.8%                          ]

[=========================  43.8%                          ]

[=========================  43.9%                          ]

[=========================  44.0%                          ]

[=========================  44.1%                          ]

[=========================  44.2%                          ]

[=========================  44.3%                          ]

[=========================  44.4%                          ]

[=========================  44.4%                          ]

[=========================  44.5%                          ]

[=========================  44.8%                          ]

[========================== 44.8%                          ]

[========================== 45.1%                          ]

[========================== 45.1%                          ]

[========================== 45.3%                          ]

[========================== 45.4%                          ]

[========================== 45.7%                          ]

[========================== 45.8%                          ]

[========================== 46.0%                          ]

[========================== 46.1%                          ]

[========================== 46.2%                          ]

[========================== 46.3%                          ]

[========================== 46.3%                          ]

[========================== 46.3%                          ]

[========================== 46.3%                          ]

[========================== 46.4%                          ]

[========================== 46.5%                          ]

[===========================46.6%                          ]

[===========================46.8%                          ]

[===========================46.9%                          ]

[===========================47.1%                          ]

[===========================47.2%                          ]

[===========================47.5%                          ]

[===========================47.5%                          ]

[===========================47.7%                          ]

[===========================47.8%                          ]

[===========================47.8%                          ]

[===========================47.9%                          ]

[===========================48.2%                          ]

[===========================48.4%                          ]

[===========================48.8%                          ]

[===========================49.1%                          ]

[===========================49.4%                          ]

[===========================49.7%                          ]

[===========================49.8%                          ]

[===========================50.3%                          ]

[===========================50.4%                          ]

[===========================50.6%                          ]

[===========================50.6%                          ]

[===========================50.9%                          ]

[===========================51.2%                          ]

[===========================51.3%                          ]

[===========================51.5%                          ]

[===========================51.7%                          ]

[===========================51.7%                          ]

[===========================51.7%                          ]

[===========================51.7%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.9%                          ]

[===========================51.9%                          ]

[===========================52.0%                          ]

[===========================52.1%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.3%                          ]

[===========================52.3%                          ]

[===========================52.3%                          ]

[===========================52.3%                          ]

[===========================52.4%                          ]

[===========================52.4%                          ]

[===========================52.4%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.6%                          ]

[===========================52.6%                          ]

[===========================52.7%                          ]

[===========================52.7%                          ]

[===========================52.7%                          ]

[===========================52.7%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.9%                          ]

[===========================52.9%                          ]

[===========================52.9%                          ]

[===========================53.0%                          ]

[===========================53.0%                          ]

[===========================53.0%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.2%                          ]

[===========================53.3%                          ]

[===========================53.3%                          ]

[===========================53.3%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.5%                          ]

[===========================53.5%                          ]

[===========================53.5%                          ]

[===========================53.6%                          ]

[===========================53.6%                          ]

[===========================53.6%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.8%                          ]

[===========================53.8%                          ]

[===========================53.8%                          ]

[===========================53.8%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.2%                          ]

[===========================54.2%                          ]

[===========================54.2%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.4%                          ]

[===========================54.4%                          ]

[===========================54.4%                          ]

[===========================54.4%                          ]

[===========================54.5%                          ]

[===========================54.5%                          ]

[===========================54.5%                          ]

[===========================54.5%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.7%                          ]

[===========================54.7%                          ]

[===========================54.8%                          ]

[===========================54.8%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================55.0%                          ]

[===========================55.0%                          ]

[===========================55.1%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.3%                          ]

[===========================55.3%                          ]

[===========================55.3%                          ]

[===========================55.4%                          ]

[===========================55.4%                          ]

[===========================55.4%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.6%                          ]

[===========================55.6%                          ]

[===========================55.6%                          ]

[===========================55.6%                          ]

[===========================55.7%                          ]

[===========================55.7%                          ]

[===========================55.7%                          ]

[===========================55.8%                          ]

[===========================55.8%                          ]

[===========================56.0%                          ]

[===========================56.2%                          ]

[===========================56.4%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================57.0%=                         ]

[===========================57.0%=                         ]

[===========================57.0%=                         ]

[===========================57.1%=                         ]

[===========================57.2%=                         ]

[===========================57.6%=                         ]

[===========================57.7%=                         ]

[===========================57.7%=                         ]

[===========================57.8%=                         ]

[===========================58.8%==                        ]

[===========================59.2%==                        ]

[===========================59.5%==                        ]

[===========================59.6%==                        ]

[===========================59.7%==                        ]

[===========================59.9%==                        ]

[===========================60.1%==                        ]

[===========================62.3%====                      ]

[===========================84.9%=================         ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========


========= SFC /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 130174464 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 47510716 B
Edge => 833914 B
Chrome => 23465191 B
Firefox => 1285605892 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 312120462 B
DeanZF1 => 381478471 B

RecycleBin => 6357775804 B
EmptyTemp: => 8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:12:13 ====
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 21, 2022, 07:55:54 PM
Thank you. 8GB of temporary data were deleted!

Type SkyDrive in the Search area. Select Open file location and let me know if it is the one with the recently modified folders that opens or the other?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 21, 2022, 08:22:42 PM
Most files are from 2021 and some from 2017. the only files with a current date is the second OneDrive file and the Downloads file.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 21, 2022, 08:25:59 PM
In a previous post (https://www.landzdown.com/index.php?msg=206204) you wrote that the one folder has only a .ini file and Documents (they are the OneNote notebooks) and the other one has the files you posted there. Is that correct?

Please attach for me a screenshot of what you see when you do this:

Type SkyDrive in the Search area. Select Open file location.



Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 21, 2022, 08:50:42 PM
QuoteIn a previous post you wrote that the one folder has only a .ini file and Documents (they are the OneNote notebooks) and the other one has the files you posted there. Is that correct?

Yes, that is correct.  Two One Drive folders. Second one is current.  First one is dated 2015 and contains just the .ini and Documents folder

In the SkyDrive.old file there is only one .ini fileScreenshot 2022-07-21SkyDriveFolder.png
Screenshot 2022-07-21SkyDriveFolder2.png 
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 21, 2022, 08:54:33 PM
I can't see the screenshots.

Last question for tonight, and it's the same as above:

Please attach for me a screenshot of what you see when you do this:

Type SkyDrive in the Search area. Select Open file location.

I don't want to see what the SkyDrive.old folder contains. I just want to see where the SkyDrive leads you.



Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 21, 2022, 09:04:07 PM
The upload screen was strange, I'll try again. But its the same screen shot. Thats what I see when I click the Open File location.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 21, 2022, 09:07:59 PM
I think this may be what you want?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 08:02:50 AM
Hello.

Always make sure when you take screenshots of a File Explorer, the URL at the top to be shown. Otherwise we are making guessing about the location of a file.

Questions:

1. Do you use OneDrive? If yes, which folders would you like to be saved there?
2. Do you use OneNote?


Next instructions:

1. Double click on the OneDrive white cloud on the bottom right of the Taskbar. Take a screenshot of what you get.

2. Go to: Windows8_OS (C:) > Users > DeanZF1

2.1. Right click on the first OneDrive icon, select Settings and then Unlink this PC. Follow the prompts to complete the process.

2.2. Right click on the second OneDrive icon, select Settings and then Unlink this PC. Follow the prompts to complete the process.

3. RESTART.

4. Take a screenshot of a File Explorer with this path: Windows8_OS (C:) > Users > DeanZF1


In your next reply I would like to see (with this order):

1. Your replies to my questions about OneDrive and OneNote
2. Screenshot of what you got when you doubled click on the Taskbar OneDrive icon
3. After the Restart: Screenshot of a File Explorer with this path: Windows8_OS (C:) > Users > DeanZF1
4. After the Restart: Screenshot of your Taskbar

Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 03:51:54 PM
I do not use One Drive. I would be happy to disengage from it. I find it confusing.
I do not use One Note.

There was no settings option in the first OneCloud icon, but second one was successful in unlinking.  Also, Defender is alerting me to set up One Drive.That didn't happen on the last try.




Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 04:00:25 PM
Thank you.

Question:

1. Which OneDrive icon didn't give the option to unlink? The one showing as modified in 2015 or the other one?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 04:10:55 PM
Another task for you to do:

For the OneDrive that you said there was no option for Unlink:

Right click on it, select Settings and let me see what you get.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 04:55:42 PM
The 2015 OneDrive (first one) did not have the settings option in the right click.

When I go there again, the settings option is still not present.

Not sure if this is important, but I couldn't get to the folder with the file path you specified, but this worked:
C:\Users\DeanZF1
However, the  Windows8_OS (C:) was in the top bar so it seems I got to the right folder.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 05:01:44 PM
And can you please double click this folder and take a screenshot of what you get?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 05:46:26 PM
The Documents folder is empty.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 05:57:12 PM
I see.

1. Delete that old OneDrive folder.

2. Type OneDrive in the Search area, select the item appear. Follow the prompts about entering your Microsoft account's credentials and sign in to OneDrive.

3. Go here: Windows8_OS (C:) > Users > DeanZF1
and take a screenshot of what you see.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 06:14:31 PM
Done.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 06:17:47 PM
YES!

What is that folder OneDrive under the blue sky icon???

Double click to open it and give me another screenshot please.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 06:28:56 PM
I did not enable OneDrive after signing in, but when I click the cloud icon in the taskbar it says my files are synced and up to date?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 06:33:17 PM

I was about to say "Finally!", but now this...

Double click on the blue sky icon now, and do the same. Give me a screenshot of what you get.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 06:42:48 PM
Apparently, I can't leave the message body empty. :)
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 06:49:04 PM
Let's remove those folders from syncing.

Go to the OneDrive icon on the Taskbar, click the little gear and then Settings. Click on the Choose folders option and un-tick Desktop, Documents, Pictures, Public.

After that, restart and give me two screenshots, the exact screenshots you gave me in your last 2 replies.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 07:03:23 PM
Two boxes were left unticked:  files not in a folder, and Personal Vault.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 07:11:30 PM
What about Documents?

What's in that folder in the OneDrive folder? And Public folder seems to be a shared folder.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 07:26:53 PM
Im sorry,  I took the latest screenshots without restarting. I will do that and post again. Then see if your questions apply.

What I was trying to say about selecting the folders, is that I only unselected the list that you mentioned. Two were left ticked.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 07:28:22 PM
Do not tick the Personal Vault. I believe that the Document folder contains OneNote notebooks. Check it anyway, and delete it if you don't need them.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 07:46:21 PM
Documents has many folders in it besides one Note.  I moved the 3 files I want to keep to the desktop.   Should I delete the whole Documents folder? or just the files within it?

these screens are after restart
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 07:51:07 PM
I see that you deleted the folder, and that's fine.

Now, I wonder if the folder OneDrive (the yellow one) will be recreated if we delete it now.

Delete it, restart, and let me see if it's there again. If yes, we will uninstall and reinstall OneDrive, but let's see first what is going to happen.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 08:15:38 PM
I did not delete the Documents folder.   But after I deleted the yellow OneDrive folder, I could no longer open a notepad file I was using to help write my replies.  After restart, my desktop is missing many icons, including the FRST.exe and the three files I moved to desktop.  Am I looking at a different desktop?  Seems to be, as I tried to save a new NotePad file to desktop and its not showing up.

One Cloud reporting files are synced.

The yellow OneCloud folder is no longer showing up in C:\users\DeanZF1 folder
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 08:21:15 PM
Sorry again.  New Notepad file did finally appear on the current desktop.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 08:23:06 PM
Do not empty your recycle bin, in case we need to restore the folder.

It's time to see fresh FRST logs.

Download Farbar Recovery Scan Tool (http://'http//www.geekstogo.com/forum/files/file/435-frst-farbars-recovery-scan-tool/') and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it's safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 08:51:48 PM
Just and FYI---the link you posted for the recovery tool is broken. 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by DeanZF1 (administrator) on DEANZF (LENOVO 20238) (22-07-2022 15:36:29)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Loaded Profiles: DeanZF1
Platform: Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(explorer.exe ->) (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(explorer.exe ->) (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(explorer.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.131.0619.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-02-14] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-02-14] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink -> CyberLink Corp.)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [cdloader] => C:\Users\DeanZF1\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [254840 2017-03-17] (TomTom International BV -> TomTom)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1986280 2017-08-04] (TomTom International BV -> TomTom)
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [53160 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Windows x64\Print Processors\xp3215pp: C:\Windows\System32\spool\prtprocs\x64\xp3215pp.dll [128912 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-19] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\Lenovo\Bluetooth Software\\BtwCP.dll [2013-09-25] (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-09]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]
Startup: C:\Users\DeanZF1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-06-03]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11182569-C275-4F85-A65E-73A77EABFD34} - System32\Tasks\{F67749E8-8910-4749-8654-589901F9E9E0} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {25F70752-345A-4BE9-BB13-C7B2664DB5BE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {3EF6C0D3-6B6A-4323-834D-228475987269} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321608 2016-12-07] (LENOVO -> Lenovo)
Task: {570D9DD6-A390-4ED0-A305-3A8A637292D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CE1AC92-D172-4A01-95A0-8E205CD4F846} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {60FF31F2-6BDF-494B-B6D3-F2465E7A56A5} - System32\Tasks\{EB055ABA-B477-419E-B301-D5160002C46D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {62F29E74-610D-4E16-9BE6-897CAF86F5F8} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {66B243CE-0B4F-49A0-B38F-6B0442FFAF38} - System32\Tasks\{735BFA4D-88DE-4476-BCC8-639ED5DF36CB} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {79FCD25F-85F3-4DF1-A031-0F807606A89F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {8C280DB7-755A-4F46-A879-7786087DC54B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {B6791981-C306-4184-96BC-F5E59A1FE134} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {C0A096B6-455F-4F74-9FA7-9D85632CD2E7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C648E924-E78E-45EA-8F2C-C31F0CD76550} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.)
Task: {C9C3A79F-F987-46B9-B15F-168D8A454FBF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264328 2016-12-07] (LENOVO -> )
Task: {F5E509F9-C7B9-4DE2-ADA2-E1E62246DCED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {F7E80B7B-B78C-4AA5-ACFB-A393B2F783D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAD46F43-8D90-41A4-9D99-FF7AFC400DB9} - System32\Tasks\{275FA3AB-A5B6-4FD6-A80B-6BB53A05DBFC} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d74f6f9e-6879-4b40-9741-86a89841e757}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fc461f4f-5f4c-4a00-b5c6-65a89768f055}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\DeanZF1\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-22]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-13]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: pm6972xb.default-1444513948129
FF ProfilePath: C:\Users\DeanZF1\AppData\Roaming\TomTom\HOME\Profiles\atgo9qgp.default [2017-04-24]
FF ProfilePath: C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 [2022-07-22]
FF DownloadDir: C:\Users\DeanZF1\SkyDrive\Desktop
FF Homepage: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> hxxps://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> hxxps://us-mg6.mail.yahoo.com; hxxp://us-mg6.mail.yahoo.com; hxxps://www.instagram.com
FF Extension: (Lazarus: Form Recovery) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\lazarus@interclue.com.xpi [2016-04-30] [Legacy]
FF Extension: (Textarea Cache) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\textarea-cache-lite@wildsky.cc.xpi [2022-07-12]
FF Extension: (uBlock Origin) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\uBlock0@raymondhill.net.xpi [2022-07-12]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-07-11]
FF Extension: (Eno® from Capital One®) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2022-07-19]
FF Extension: (Textarea Cache) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi [2016-03-20] [Legacy]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default [2022-07-21]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Docs) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-25]
CHR Extension: (Google Drive) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-01]
CHR Extension: (YouTube) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-17]
CHR Extension: (Google Search) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-17]
CHR Extension: (Adobe Acrobat) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-22]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-22]
CHR Extension: (Gmail) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-22]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273544 2016-12-07] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-13] (Malwarebytes Inc. -> Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [14224 2021-04-01] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-22 15:04 - 2022-07-22 15:04 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-22 15:04 - 2022-07-22 15:04 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-22 15:04 - 2022-07-22 15:04 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-22 15:02 - 2022-07-22 15:06 - 000000000 ____D C:\Users\DeanZF1\SkyDrive
2022-07-22 13:10 - 2022-07-22 15:06 - 000000000 ___RD C:\Users\DeanZF1\OneDrive
2022-07-22 12:33 - 2022-07-22 12:38 - 000907892 _____ C:\WINDOWS\Minidump\072222-38265-01.dmp
2022-07-18 15:24 - 2022-07-22 15:37 - 000000000 ____D C:\FRST
2022-07-18 14:03 - 2022-07-18 14:03 - 000000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2022-07-18 14:02 - 2018-07-19 23:57 - 000420352 _____ C:\WINDOWS\system32\SaMinDrv.dll
2022-07-18 14:02 - 2018-07-19 23:57 - 000151040 _____ C:\WINDOWS\system32\SaImgFlt.dll
2022-07-18 14:02 - 2018-07-19 23:57 - 000068096 _____ C:\WINDOWS\system32\SaErHdlr.dll
2022-07-18 14:01 - 2022-03-23 01:51 - 000167712 _____ (SS) C:\WINDOWS\system32\xp3215ci.exe
2022-07-18 14:01 - 2022-03-23 01:51 - 000099240 _____ (SS) C:\WINDOWS\system32\xp3215ci.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-13 20:59 - 2022-07-13 20:59 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-13 20:59 - 2022-07-13 20:59 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-13 20:59 - 2022-07-13 20:59 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-13 20:58 - 2022-07-13 20:58 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-13 20:57 - 2022-07-13 20:57 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-13 20:13 - 2022-07-13 20:13 - 000000000 ___HD C:\$WinREAgent
2022-07-13 19:47 - 2022-07-13 19:47 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-12 14:51 - 2022-07-21 13:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-06-25 16:10 - 2022-06-25 16:09 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-06-25 13:58 - 2022-06-25 13:58 - 000000000 ____D C:\Users\DeanZF1\.ms-ad
2022-06-25 12:47 - 2022-06-25 12:47 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-25 12:46 - 2022-06-25 12:46 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-25 12:44 - 2022-06-25 12:44 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-22 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-22 15:15 - 2014-04-14 11:42 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-22 15:08 - 2022-02-28 11:12 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-22 15:07 - 2016-11-19 12:28 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\Mozilla
2022-07-22 15:04 - 2022-01-21 11:48 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\IGDump
2022-07-22 15:04 - 2021-03-16 01:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-22 15:04 - 2021-03-16 00:36 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-22 15:04 - 2017-09-21 16:36 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-07-22 15:04 - 2015-08-07 00:30 - 000000000 __SHD C:\Users\DeanZF1\IntelGraphicsProfiles
2022-07-22 15:03 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-22 15:02 - 2021-03-16 00:46 - 000000000 ____D C:\Users\DeanZF1
2022-07-22 13:54 - 2021-03-16 00:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-22 12:39 - 2021-03-23 18:50 - 000000000 ____D C:\WINDOWS\Minidump
2022-07-22 12:39 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-07-22 12:39 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-22 12:33 - 2019-10-07 22:06 - 691917578 _____ C:\WINDOWS\MEMORY.DMP
2022-07-21 14:25 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-21 14:11 - 2015-12-07 12:39 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\Temp
2022-07-21 13:56 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-21 13:18 - 2021-03-16 01:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2022-07-21 13:07 - 2021-03-16 01:16 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-19 16:22 - 2014-04-14 11:43 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-19 16:22 - 2014-04-14 11:43 - 000002302 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-19 14:53 - 2014-04-18 15:33 - 000000000 ____D C:\ProgramData\Nero
2022-07-19 11:53 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-19 11:18 - 2017-12-07 16:31 - 000000000 ____D C:\Users\DeanZF1\AppData\Local\Packages
2022-07-19 10:59 - 2014-03-10 00:03 - 000000000 ____D C:\ProgramData\InstallMate
2022-07-18 15:18 - 2018-07-12 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-07-18 14:05 - 2021-03-16 01:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Leader Technologies
2022-07-18 14:04 - 2016-04-09 19:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers
2022-07-18 14:04 - 2016-04-09 19:51 - 000000000 ____D C:\Program Files (x86)\Xerox
2022-07-18 14:03 - 2016-04-07 01:10 - 000000000 ____D C:\ProgramData\Xerox
2022-07-17 16:12 - 2014-10-27 14:38 - 000000000 ____D C:\Users\DeanZF1\AppData\Local\ElevatedDiagnostics
2022-07-16 12:59 - 2020-06-23 07:44 - 000002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-16 12:59 - 2020-06-23 07:44 - 000002318 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-14 08:56 - 2021-03-16 00:58 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-14 08:49 - 2021-03-16 00:36 - 000459320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-14 08:49 - 2016-09-24 14:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-07-14 08:49 - 2014-03-05 16:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-14 08:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-13 20:57 - 2021-03-16 00:40 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-13 20:05 - 2014-03-07 15:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-13 19:58 - 2014-03-07 15:50 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-12 14:51 - 2014-03-05 16:23 - 000001274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-12 13:48 - 2021-12-19 10:04 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2910419722-4152969464-3579386052-1001
2022-07-12 13:48 - 2021-03-16 01:16 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2910419722-4152969464-3579386052-1001
2022-07-12 13:48 - 2021-03-16 00:46 - 000002437 _____ C:\Users\DeanZF1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-25 16:11 - 2021-06-25 18:47 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-06-25 16:11 - 2020-08-21 12:00 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-06-25 16:11 - 2019-08-02 12:35 - 000002063 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-06-25 16:10 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-06-25 16:09 - 2019-08-02 12:35 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-25 16:08 - 2018-01-27 15:23 - 000000000 ____D C:\Program Files\Malwarebytes
2022-06-25 16:08 - 2014-03-16 20:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-06-25 13:49 - 2018-02-25 19:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-25 13:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-25 11:22 - 2018-07-18 17:01 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories ========

2014-03-10 01:20 - 2017-04-11 02:59 - 000001334 _____ () C:\Users\DeanZF1\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2020-03-15 12:51 - 2020-03-15 12:51 - 000000000 _____ () C:\Users\DeanZF1\AppData\Local\{E4FEAFCA-B66A-417D-BE04-B925AA117C0E}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by DeanZF1 (22-07-2022 15:40:49)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2021-03-16 06:17:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2910419722-4152969464-3579386052-500 - Administrator - Disabled)
DeanZF1 (S-1-5-21-2910419722-4152969464-3579386052-1001 - Administrator - Enabled) => C:\Users\DeanZF1
DefaultAccount (S-1-5-21-2910419722-4152969464-3579386052-503 - Limited - Disabled)
Guest (S-1-5-21-2910419722-4152969464-3579386052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2910419722-4152969464-3579386052-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2910419722-4152969464-3579386052-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\{63B5DA5A-477B-438D-A6A0-118787A4C71B}) (Version: 24.0.0.180 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Amazon Kindle) (Version: 1.27.0.56109 - Amazon)
Band-in-a-Box Server (HKLM-x32\...\BBServer_is1) (Version:  - PG Music Inc.)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
CoyoteWT 1.1 (HKLM-x32\...\CoyoteWT_is1) (Version:  - Coyote Electronics Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{96714280-14E6-4DF7-BACD-F797C0F17C3D}) (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{89AFB053-A343-46EF-97E4-D593AD7184E6}) (Version: 1.28.487.1 - Intel Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version:  - LifeScan Inc)
magicJack (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Meter Drivers for OneTouch(R) Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan)
Microsoft Audio Enhancement Troubleshooter installer (HKLM\...\{6E0351FF-6A71-45C5-A041-D4D9D8067EAF}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version:  - )
PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG_DX_Plugins_is1) (Version:  - PG Music Inc.)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
RealTracks Shots and Holds 3 (HKLM-x32\...\BB_is1) (Version:  - PG Music Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
SetIP (HKLM-x32\...\Xerox_SetIP) (Version: 2.00.00.01 - Xerox Ltd.)
Skype version 8.86 (HKLM-x32\...\Skype_is1) (Version: 8.86 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.06.00 (5/12/2021) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.02(6/6/2021) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox OCR Software (HKLM-x32\...\Xerox OCR Software) (Version: 1.00.18 (4/14/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.10 (3/24/2022) - Xerox Corporation)
Zoom (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\ZoomUMX) (Version: 5.2.3 (45120.0906) - Zoom Video Communications, Inc.)

Packages:
=========
*Solitaire Collection -> C:\Program Files\WindowsApps\12291raymond.li.SolitaireCollection_1.1.21.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Camera Man -> C:\Program Files\WindowsApps\E0469640.CameraMan_1.0.1929.30229_x86__5grkq8ppsgwt4 [2015-03-07] (LENOVO INC)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-07-11] (Dolby Laboratories)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-03-07] (eBay, Inc)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.40.9.0_x64__q4d96b2w5wcc2 [2022-07-11] (Evernote)
Lenovo Support -> C:\Program Files\WindowsApps\E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8 [2015-03-07] (Lenovo, INC.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2206.16.0_x64__k1h2ywk1493x8 [2022-06-27] (LENOVO INC.)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-11] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-29] (Microsoft Corporation)
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2015-03-07] (CYBERLINK COM CORPORATION)
Solitaire Collection+ -> C:\Program Files\WindowsApps\12291raymond.li.5987855B3B0BC_1.1.16.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Spider Solitaire++ -> C:\Program Files\WindowsApps\12291raymond.li.31631ED225837_1.1.16.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Sudoku2 -> C:\Program Files\WindowsApps\12291raymond.li.Sudoku2_1.1.21.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
YouSendIt for Lenovo -> C:\Program Files\WindowsApps\YouSendIt.YouSendItForLenovo_1.0.5.1412_neutral__069rkrpjefrbc [2015-03-07] (YouSendIt)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2015-03-07] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-25] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.clmp3enc] => C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM [217088 2005-05-13] (CyberLink Corp.) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2014-09-11 10:05 - 2014-09-11 10:05 - 000036352 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 10:06 - 2014-09-11 10:06 - 000038912 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000032256 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000021504 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000027648 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000021504 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000381952 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000204800 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000218112 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 000015872 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000015360 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000307712 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000014848 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000252928 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
2014-09-11 10:06 - 2014-09-11 10:06 - 000878592 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2017-02-08 08:51 - 2017-02-08 08:51 - 004112384 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Core.dll
2014-09-11 09:56 - 2014-09-11 09:56 - 004350464 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Gui.dll
2014-09-11 09:54 - 2014-09-11 09:54 - 000850432 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Network.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 000203776 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Svg.dll
2014-09-11 10:00 - 2014-09-11 10:00 - 004372480 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Widgets.dll
2014-09-11 09:54 - 2014-09-11 09:54 - 000152064 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Xml.dll
2013-08-31 00:18 - 2013-08-31 00:18 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-08-31 00:18 - 2013-08-31 00:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2014-02-14 04:00 - 2014-02-14 04:00 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Lenovo\PowerDVD10\MSVCR71.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 023507968 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icudt52.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 001798656 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icuin52.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 001304064 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icuuc52.dll
2016-11-29 05:00 - 2016-11-29 05:00 - 001184256 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\LIBEAY32.dll
2016-11-29 05:00 - 2016-11-29 05:00 - 000254976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\ssleay32.dll
2017-08-04 05:25 - 2017-08-04 05:25 - 000130048 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\DeviceNavEthernetCore.dll
2017-08-04 05:29 - 2017-08-04 05:29 - 000032768 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\UIController.dll
2014-05-16 01:48 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Lenovo\Bluetooth Software\;C:\Program Files\Lenovo\Bluetooth Software\syswow64;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\StartupApproved\Run: => "cdloader"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EE6542DB-0674-4C4D-9EE8-3CB4F577C624}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{91730A7A-17FE-4B9E-A873-3DFDBC723FD8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{58ACF143-D724-466E-AF27-762F986AD2C1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{55C1243C-049A-4AC0-8751-80A794543BF1}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{5919411A-9B29-463E-8944-3483AC8D46E9}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [UDP Query User{9D1A61E4-727F-438D-BFDC-597092DC25FA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3BD5F064-C45D-4669-B97B-4D7CBD4BE9BB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{92D90A2D-D1F5-4BD9-9B44-2743B73E7342}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{02525CE2-4CC0-428A-963D-E97659836911}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{5E92661E-4867-42ED-8BCF-9842AEFD4921}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{1AB7BFA6-DE51-4AE9-9891-3431883A3228}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BCCD3AA9-83A1-42F4-A087-B596FEEA429C}] => (Allow) C:\BB\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [File not signed]
FirewallRules: [{474AB47D-634B-43E5-A272-7B7D9D68BB55}] => (Allow) C:\BB\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [File not signed]
FirewallRules: [UDP Query User{B5DBE26C-036E-4C9F-8EE4-A12D70434AD7}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{DB6FADE1-00C2-4B32-ABC2-25F85148E32A}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{EEA1A2C0-9150-4069-8C07-FD2C7DC04753}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F2C08020-E6A7-49FD-8BB1-DFA93FD4AF7D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B250C240-DAC7-46BC-BCE0-2CF86B1CA89A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{923B4769-353D-4825-A209-85BB949983C0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{1C2D0EEF-CB84-442A-82EF-E1BB4F2DDE92}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [TCP Query User{F1B953A7-3D93-4EE8-BC58-7080E2F49FD4}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [UDP Query User{5FC20A24-DA48-4821-8C4F-4FB3A4E74135}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{2B91BD1E-1601-423E-8DBA-D07702E434CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D75DA94-9C04-46C5-A867-22567893DF74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8AAAECA2-AA48-46BF-90AA-74624CC43BF6}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [TCP Query User{FCDB7B71-EAC9-48E8-98D2-556D9698A2FB}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{EA57FBE9-C280-42B3-B471-F82D565B0484}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC44FBFA-6555-446E-8D7D-3646B46D78CC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{7C388480-EF9C-40C6-8B57-68626252E2C2}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{06D98C0E-C757-44FA-B442-6A1427F25C04}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{431DB7EE-49B6-4526-AE5E-6D403F5A77BC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{75E0915D-A199-400D-854A-B48BC7FF6052}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{8E6670EB-CE9D-4A4A-B37D-033B6102A626}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{769A0369-326F-4A84-BBF1-B1DB643C4929}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{A2FC424D-0D71-4129-8E49-B5CE2F672DC0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97849000-BF39-4F46-8CEE-492D89789EEC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{6F5BEDD7-0264-4F9E-A731-FA751201B595}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{82D7A728-112A-4EED-A978-EBFB3F55968E}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{B7E6DE97-2A7C-40D0-B562-7FB71B575A38}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{4242F9E2-3731-4CFB-A81A-E5E474FFA59C}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{7D2AE3CE-1F10-4D11-8505-323B92C4BAA4}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{28033CA3-E6A5-47A9-A361-52F4E9EC19AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23117FD6-D306-4371-89A0-EBF63FB6BEAE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4324068-CAE0-4626-979D-E3C82C87DE6E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{99D0F8F2-EEDB-4927-97FD-CEA5A8F39C5E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BD18CA44-9D1E-4A8D-A231-EC6B280A6DAD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B70BA22F-F5A2-4180-A356-1E7952274CF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A2E6820B-2B40-43CA-B4B2-71B9D13B5EE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

22-07-2022 14:54:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/21/2022 05:06:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on LENOVO (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/21/2022 05:06:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows8_OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/21/2022 02:26:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/21/2022 02:26:21 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/21/2022 02:26:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/21/2022 02:26:21 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/21/2022 01:18:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (07/21/2022 01:17:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d6950c49-89d9-4e04-b179-001ecd005dd7}


System errors:
=============
Error: (07/22/2022 03:04:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/22/2022 03:04:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error Code: 126

Error: (07/22/2022 03:02:51 PM) (Source: DCOM) (EventID: 10010) (User: DEANZF)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (07/22/2022 02:30:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/22/2022 02:30:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (07/22/2022 02:29:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/22/2022 02:29:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error Code: 126

Error: (07/22/2022 12:38:38 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0xfffffffffffffff8, 0x0000000000000002, 0x0000000000000000, 0xfffff8020baf6380). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 5766683d-6202-4719-893f-3a84af5c583d.


Windows Defender:
================
Date: 2022-07-22 15:21:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-22 14:59:42
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-22 14:27:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-21 15:58:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-21 14:25:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
�Event[0]:

Date: 2022-06-25 11:17:02
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.369.227.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19300.2
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-06-25 11:10:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.659.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-06-25 11:10:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.659.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-05-19 13:05:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.129.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2022-05-19 13:05:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.129.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2022-07-22 14:21:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-07-18 14:08:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-25 11:37:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 79CN46WW(V3.05) 12/23/2013
Motherboard: LENOVO INVALID
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 8104.27 MB
Available physical RAM: 4022.13 MB
Total Virtual: 10664.27 MB
Available Virtual: 5925.27 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.77 GB) (Free:347.93 GB) (Model: ST500LT012-1DG142) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.65 GB) (Model: ST500LT012-1DG142) NTFS
Drive e: (RED_REDO_RED_BOX_D1) (CDROM) (Total:4.13 GB) (Free:0 GB) UDF

\\?\Volume{6d7c4922-a9af-4d60-970c-ee5befe3a751}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.64 GB) NTFS
\\?\Volume{d6f0baf5-a3be-49d4-b1e9-9517d8b5287f}\ (PBR_DRV) (Fixed) (Total:11.66 GB) (Free:2.41 GB) NTFS
\\?\Volume{0c4ca7cc-6948-4bd8-adaa-034695a51669}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3AAC8861)

Partition: GPT.

==================== End of Addition.txt =======================
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 22, 2022, 09:03:09 PM
Thanks for letting me know about the link!

Unfortunately, nothing changed, and I need time to check what is happening.

For now:

Restore the OneDrive from the Recycle Bin (just open the bin, find the folder, right click and restore it).

See you tomorrow.



Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 22, 2022, 09:15:08 PM
Interesting. The folder was named SkyDrive in the Recycle Bin, and was restored with that name to C:\users\DeanZF1
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 23, 2022, 08:47:20 AM
To sum up:

Take a screenshot of the content of C:\users\DeanZF1.

Also, a screenshot of what you see when you open the OneDrive icon and another one, when you open the SkyDrive icon.

========================

After that, go to computer Settings > Apps

Let me know which of the following are present:

Microsoft OneDrive
OneDrive
SkyDrive

Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 23, 2022, 11:29:42 AM
I think that we are in a good road, in spite of all this mess. 🙂
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 23, 2022, 01:58:04 PM
That is encouraging, for sure.

The only instance in the Settings>Apps list is Microsoft One Drive
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 23, 2022, 02:50:31 PM
Now we know much more about those OneDrive/SkyDrive instances, we are going to repeat some steps we already tried. Although you may find it as if we are making circles, it's not actually like that.

Right click on the OneDrive Personal (File Explorer left menu), select Settings and Unlink this PC.

Let me know if the OneDrive Personal disappeared from the File Explorer left menu and if the cloud icon on the Taskbar got a grey color with a line.


Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 23, 2022, 03:16:42 PM
It happened just as you said.

OneDrive (Personal) disappeared from the left explorer menu

Cloud icon in taskbar is now gray with a \ through it
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 23, 2022, 03:22:40 PM
Thanks.

1. Go to the icon on the Taskbar, Settings > Quick OneDrive.

2. Go to computer's Settings > Apps > Microsoft OneDrive.

   Click on it and select uninstall.

3. Take screenshots of the content of OneDrive and SkyDrive folders in the C:\users\DeanZF1
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 23, 2022, 04:09:14 PM
1. Quit One Drive

2.Uninstalled Microsoft OneDrive from Apps list
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 23, 2022, 04:37:38 PM
Let's perform an FRST search:

OneDrive;SkyDrive
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 23, 2022, 04:52:07 PM
Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by DeanZF1 (23-07-2022 11:49:09)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Boot Mode: Normal

================== Search Registry: "OneDrive;SkyDrive" ===========


===================== Search result for "OneDrive" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{099EB73C-FF12-45C5-BF64-F0277733A6E2}]
""="OneDriveCloudManagement"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{099EB73C-FF12-45C5-BF64-F0277733A6E2}\InProcServer32]
""="C:\Windows\System32\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34212D32-6E9E-11E2-BDA0-6B2B6288709B}]
""="OneDriveCloudSyncPolicyManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34212D32-6E9E-11E2-BDA0-6B2B6288709B}\InProcServer32]
""="C:\Windows\System32\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FC77A3B-14C6-41B6-ACC5-ED80223D81C4}]
""="OneDriveSettingSyncProvider"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FC77A3B-14C6-41B6-ACC5-ED80223D81C4}\InProcServer32]
""="C:\Windows\System32\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78DE489B-7931-4f14-83B4-C56D38AC9FFA}]
""="OneDrive network states cache SSO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86c815aa-4888-4063-b0ab-03c49f788be4}]
""="OOBE OneDrive Optin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6ABE021-1DE0-49F4-895D-E9694D28F0A4}\InProcServer32]
""="C:\Windows\System32\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDB93701-527B-4250-B619-672EFD3C5B21}]
""="OneDriveCloudStorageInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDB93701-527B-4250-B619-672EFD3C5B21}\InProcServer32]
""="C:\Windows\System32\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0DF05B8F-C752-5855-86B4-4D7D89FA08D8}]
""="__x_Windows_CInternal_CSystem_CUserProfile_CIOneDriveEngagementManagerStatics"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74EC9286-CF9F-5079-89E2-AE0C32F9C678}]
""="__x_Windows_CInternal_CSystem_CUserProfile_CIOneDriveEngagementManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{866641FB-F92C-44A8-BA66-06CA64257B7D}]
""="IOOBEOneDriveOptin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9153BF48-3D44-4D3C-976A-FA62FFF6DDAC}]
""="__x_CloudExperienceHostBroker_CSyncEngine_CIOOBEOneDriveOptinForUser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E89C17A1-D22E-4235-9A2E-F141FB977E7B}]
""="__x_CloudExperienceHostBroker_CSyncEngine_CIOOBEOneDriveOptin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{099EB73C-FF12-45C5-BF64-F0277733A6E2}]
""="OneDriveCloudManagement"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{099EB73C-FF12-45C5-BF64-F0277733A6E2}\InProcServer32]
""="C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{34212D32-6E9E-11E2-BDA0-6B2B6288709B}]
""="OneDriveCloudSyncPolicyManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{34212D32-6E9E-11E2-BDA0-6B2B6288709B}\InProcServer32]
""="C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3FC77A3B-14C6-41B6-ACC5-ED80223D81C4}]
""="OneDriveSettingSyncProvider"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3FC77A3B-14C6-41B6-ACC5-ED80223D81C4}\InProcServer32]
""="C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78DE489B-7931-4f14-83B4-C56D38AC9FFA}]
""="OneDrive network states cache SSO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D6ABE021-1DE0-49F4-895D-E9694D28F0A4}\InProcServer32]
""="C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DDB93701-527B-4250-B619-672EFD3C5B21}]
""="OneDriveCloudStorageInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DDB93701-527B-4250-B619-672EFD3C5B21}\InProcServer32]
""="C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0DF05B8F-C752-5855-86B4-4D7D89FA08D8}]
""="__x_Windows_CInternal_CSystem_CUserProfile_CIOneDriveEngagementManagerStatics"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74EC9286-CF9F-5079-89E2-AE0C32F9C678}]
""="__x_Windows_CInternal_CSystem_CUserProfile_CIOneDriveEngagementManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{866641FB-F92C-44A8-BA66-06CA64257B7D}]
""="IOOBEOneDriveOptin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_UserExperienceVirtualization\MicrosoftOffice2013OneDriveForBusiness]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_UserExperienceVirtualization\MicrosoftOffice2016OneDriveForBusiness]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\DisableOneDriveFileSync]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\DisableOneDriveFileSync]
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows\OneDrive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemSettings\SettingId\SystemSettings_OneBackup_OneDriveBackup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemSettings\SettingId\SystemSettings_OneBackup_OneDriveBackup]
"DllPath"="C:\Windows\System32\SettingsHandlers_OneDriveBackup.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~~0.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1"="2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~~0.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1"="2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~en-US~0.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~en-US~0.0.0.0]
"Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~~0.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~~10.0.19041.1"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~en-US~0.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~en-US~0.0.0.0]
"Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~~0.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1]
"InstallName"="Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~~10.0.19041.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~~10.0.19041.1]
"InstallName"="Microsoft-Windows-OneDrive-Setup-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1]
"InstallName"="Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.mum"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1]
"InstallName"="Microsoft-Windows-OneDrive-Setup-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.mum"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BannerStore\OptIn]
"URL"="http://www.onedrive.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BannerStore\OptOut]
"URL"="http://www.onedrive.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}]
"Name"="OneDriveDocuments"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{339719B5-8C47-4894-94C2-D8F77ADD44A6}]
"Name"="OneDrivePictures"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{767E6811-49CB-4273-87C2-20F355E1085B}]
"Name"="OneDriveCameraRoll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}]
"Name"="OneDrive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}]
"RelativePath"="OneDrive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}]
"Name"="OneDriveMusic"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OneDriveRamps]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OneDriveRamps]
"DefaultSaveToOneDriveRampState"="2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\WindowsSettingHandlers\OneDriveRamps]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\WindowsSettingHandlers\OneDriveRamps]
"RegistryRoot"="Software\Microsoft\Windows\CurrentVersion\OneDriveRamps"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\WindowsSettingHandlers\OneDriveRamps]
"SettingUnitId"="OneDriveRamps"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-onedrive-setup_31bf3856ad364e35_none_5154c8ab59350670]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-s..lers-onedrivebackup_31bf3856ad364e35_none_3f91f088ca83ebb4]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-settingsync-onedrive_31bf3856ad364e35_none_4415c8f172a00240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_none_5ba972fd8d95c86b]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-settingsync-onedrive_31bf3856ad364e35_none_4e6a7343a700c43b]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SettingSync-OneDrive/Analytic]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SettingSync-OneDrive/Debug]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SettingSync-OneDrive/Operational]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{f43c3c35-22e2-53eb-f169-07594054779e}]
""="Microsoft-Windows-SettingSync-OneDrive"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{f43c3c35-22e2-53eb-f169-07594054779e}]
"ResourceFileName"="%SystemRoot%\system32\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{f43c3c35-22e2-53eb-f169-07594054779e}]
"MessageFileName"="%SystemRoot%\system32\OneDriveSettingSyncProvider.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{f43c3c35-22e2-53eb-f169-07594054779e}\ChannelReferences\0]
""="Microsoft-Windows-SettingSync-OneDrive/Operational"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{f43c3c35-22e2-53eb-f169-07594054779e}\ChannelReferences\1]
""="Microsoft-Windows-SettingSync-OneDrive/Debug"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{f43c3c35-22e2-53eb-f169-07594054779e}\ChannelReferences\2]
""="Microsoft-Windows-SettingSync-OneDrive/Analytic"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserDefaults]
"ExcludeProfileDirs"="AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\CloudExperienceHostBroker.SyncEngine.OOBEOneDriveOptin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\CloudExperienceHostBroker.SyncEngine.OOBEOneDriveOptinCore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\CloudExperienceHostBroker.SyncEngine.OOBEOneDriveOptinCoreForUser]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.System.UserProfile.OneDriveEngagementManager]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\BannerStore\OptIn]
"URL"="http://www.onedrive.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\BannerStore\OptOut]
"URL"="http://www.onedrive.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}]
"Name"="OneDriveDocuments"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{339719B5-8C47-4894-94C2-D8F77ADD44A6}]
"Name"="OneDrivePictures"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{767E6811-49CB-4273-87C2-20F355E1085B}]
"Name"="OneDriveCameraRoll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}]
"Name"="OneDrive"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}]
"RelativePath"="OneDrive"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}]
"Name"="OneDriveMusic"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OneDriveRamps]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SettingSync\WindowsSettingHandlers\OneDriveRamps]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SettingSync\WindowsSettingHandlers\OneDriveRamps]
"RegistryRoot"="Software\Microsoft\Windows\CurrentVersion\OneDriveRamps"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SettingSync\WindowsSettingHandlers\OneDriveRamps]
"SettingUnitId"="OneDriveRamps"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellCompatibility\InboxApp]
"14BB934C8A478762_OneDrive_lnk_wow64.lnk"="C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2910419722-4152969464-3579386052-1001]
"\Device\HarddiskVolume5\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\OneDrive.exe"="0x5601C337AD9ED80100000000000000000000000002000000"

[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\59\52C64B7E]
"@C:\WINDOWS\System32\SettingSyncCore.dll,-1024"="OneDrive"

[HKEY_USERS\S-1-5-19\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"OneDriveSetup"="0x040000000000000000000000"

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\OneDrive]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"OneDriveSetup"="0x040000000000000000000000"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\OneDrive]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\Environment]
"OneDrive"="C:\Users\DeanZF1\OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"OneDriveSetup"="0x040000000000000000000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\MediaPlayer\Preferences]
"TrackFoldersDirectories1"="C:\Users\DeanZF1\OneDrive\Music"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\MediaPlayer\Preferences\HME\LastSharedFolders]
"Folders0"="C:\Users\DeanZF1\OneDrive\Music"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\Identities\b8b125beda31ce0b_LiveId\WLINBOX_SKYDRIVE_b8b125beda31ce0b_https://d.docs.live.net/b8b125beda31ce0b]
"ConnectionDisplayName"="Dean Thomas's OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\ONPREM_SHAREPOINT]
"Name"="OneDrive for Business"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLINBOX_SKYDRIVE]
"Description"="Free online storage.  Store, access and share thousands of documents on OneDrive."

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLINBOX_SKYDRIVE]
"Name"="OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLMOUNTED_SKYDRIVE]
"Description"="OneDrive (Mounted)"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLMOUNTED_SKYDRIVE]
"Name"="OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\OneDrive]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\OneDrive\DeletedDirectories]
""="C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\logs\Common;C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.131.0619.0001"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\CreativeEventCache\OneDrive.exe]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\CreativeEvents\SubscribedContent-OneDriveDesktop]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\CreativeEvents\SubscribedContent-OneDriveDocuments]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\CreativeEvents\SubscribedContent-OneDrivePictures]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-OneDriveDesktop]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-OneDriveDocuments]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-OneDrivePictures]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"OneDrive"="0x020000000000000000000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}"="C:\Users\DeanZF1\OneDrive\Documents"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"{339719B5-8C47-4894-94C2-D8F77ADD44A6}"="C:\Users\DeanZF1\OneDrive\Pictures"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}"="%USERPROFILE%\OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\OneDriveOptIn]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall logs\Common"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\logs\Common""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall 22.131.0619.0001"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.131.0619.0001""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Namespace\Windows\onedriveramps]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\onedriveramps]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A002100000261329FFFBAD0010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C8380200FDD8020001000000000000000000000A002100000261329FFFBAD0010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000604002005E58020001000000000000000000000A002100000261329FFFBAD0010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000B0400200C39C020001000000000000000000000A002100000261329FFFBAD0010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C0740200EE3F030001000000000000000000000A002100000261329FFFBAD0010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C88002006A18030001000000000000000000000A002100000261329FFFBAD0010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C88002006A18030001000000000000000000000A0021000019B4C529E312D1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C8800200726B030001000000000000000000000A0021000019B4C529E312D1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C88002006821030001000000000000000000000A0021000019B4C529E312D1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C8BA0200D5D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A0021000033504C2B57DFD1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A0021000033504C2B57DFD1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A0021000033504C2B57DFD1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A7120000033504C2B57DFD1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A7120000033504C2B57DFD1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A7120000033504C2B57DFD1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A7120000033504C2B57DFD1010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.6998.0830_1\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C80E0400AEA6040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C80E0400B6AD040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"="0x5341435001000000000000000700000028000000C8447B0131B57B0101000000000000000000000A00210000E63F486B2AA0D2010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_2\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000C89C0300B381040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A0A203006855040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A0AC03001457040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A0AE0300F24D040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A0BC0300204F040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A8E003002796040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A0F60300D140040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A80204003EA4040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\FileSyncConfig.exe"="0x534143500100000000000000070000002800000020F80300EE6C040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\FileSyncConfig.exe"="0x534143500100000000000000070000002800000020F30300A795040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileSyncConfig.exe"="0x53414350010000000000000007000000280000006010040082C7040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileSyncConfig.exe"="0x534143500100000000000000070000002800000060340400A607050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileSyncConfig.exe"="0x53414350010000000000000007000000280000002031040026BC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncConfig.exe"="0x534143500100000000000000070000002800000020570400F14C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000386B0400903D050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000308104006ACC040001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.012.0121.0011\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000308D04008E97040001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\FileSyncConfig.exe"="0x534143500100000000000000070000002800000060AA0400777F050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\FileSyncConfig.exe"="0x534143500100000000000000070000002800000030AF0400A4BA040001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncConfig.exe"="0x534143500100000000000000070000002800000060BC0400AE33050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.070.0410.0005\FileSyncConfig.exe"="0x534143500100000000000000070000002800000060BC04002A69050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.070.0410.0007\FileSyncConfig.exe"="0x534143500100000000000000070000002800000060BC0400100C050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncConfig.exe"="0x534143500100000000000000070000002800000038C904002188050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\FileSyncConfig.exe"="0x534143500100000000000000070000002800000078D404009BC1050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000788C05000898050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000789405000CF3050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\FileSyncConfig.exe"="0x534143500100000000000000070000002800000078940500FFAD050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.152.0801.0009\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000789C05007343060001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.152.0927.0012\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000809C05005ADD050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000789E0500CD91060001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000688F05001F71060001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.222.1110.0006\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000689B050011D6050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000684D05007A02060001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000384E050032F1050001000000000000000000000A0021000067077CBAC54CD4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000686B0500F9D4050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000686B050098D0050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000787F0500BA45060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000689F05002C93060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\FileSyncConfig.exe"="0x534143500100000000000000070000002800000078AD0500288B060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\FileSyncConfig.exe"="0x534143500100000000000000070000002800000070FF050011A7060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\20.124.0621.0006\FileSyncConfig.exe"="0x534143500100000000000000070000002800000070010600B470060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\20.134.0705.0008\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000680D060024A7060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000687906004ACF060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\20.169.0823.0006\FileSyncConfig.exe"="0x53414350010000000000000007000000280000006897060033E3060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\20.169.0823.0008\FileSyncConfig.exe"="0x534143500100000000000000070000002800000078970600F363070001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000789D06009504070001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.002.0104.0005\FileSyncConfig.exe"="0x534143500100000000000000070000002800000068B10600CBBF060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\FileSyncConfig.exe"="0x534143500100000000000000070000002800000080B70600E2DC060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.030.0211.0002\FileSyncConfig.exe"="0x534143500100000000000000070000002800000068BF0600235C070001000000000000000000000A00210000631F6E6F0EDED4010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\FileSyncConfig.exe"="0x534143500100000000000000070000002800000078C70600A1F7060001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\FileSyncConfig.exe"="0x534143500100000000000000070000002800000070890700E2DC070001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\FileSyncConfig.exe"="0x534143500100000000000000070000002800000078890700F37F080001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.083.0425.0003\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000788B0700B2FA070001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.099.0516.0003\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000688B0700009F070001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.109.0530.0001\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000789B070044B2070001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.119.0613.0001\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000786509006FC0090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.129.0627.0002\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000687B090032F9090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileSyncConfig.exe"="0x53414350010000000000000007000000280000008075090045E2090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\FileSyncConfig.exe"="0x534143500100000000000000070000002800000068810900284F0A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000808F09005D90090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\FileSyncConfig.exe"="0x534143500100000000000000070000002800000078B50900B6220A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.180.0905.0007\FileSyncConfig.exe"="0x534143500100000000000000070000002800000070A90900B1100A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.180.0905.0007\Microsoft.SharePoint.exe"="0x534143500100000000000000070000002800000078110B0041540B0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000B8EC0200000000000100000001000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.205.1003.0003\FileSyncConfig.exe"="0x534143500100000000000000070000002800000080BF0900FBA30A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"="0x534143500100000000000000070000002800000078BB090004430A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.230.1107.0004\FileSyncConfig.exe"="0x534143500100000000000000070000002800000068C10900A94D0A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.230.1107.0004\Microsoft.SharePoint.exe"="0x534143500100000000000000070000002800000078950E0084F30E0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000076F10300000000000200000002000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\FileSyncConfig.exe"="0x534143500100000000000000070000002800000068570A00507C0A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.002.0103.0004\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A0870A00AA290B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.022.0130.0001\FileSyncConfig.exe"="0x534143500100000000000000070000002800000078D50A0009100B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.033.0213.0002\FileSyncConfig.exe"="0x534143500100000000000000070000002800000078D90A00AE930B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.045.0227.0004\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A0E50A007E340B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.065.0412.0004\FileSyncConfig.exe"="0x534143500100000000000000070000002800000098150B0079FB0B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.089.0426.0003\FileSyncConfig.exe"="0x534143500100000000000000070000002800000090330B0035CC0B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.099.0508.0001\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000A01B0B00A5AD0B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.099.0508.0001\Microsoft.SharePoint.exe"="0x534143500100000000000000070000002800000090D708008646090001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000080310000000000000200000002000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.121.0605.0002\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000901B0B0049820B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.121.0605.0002\Microsoft.SharePoint.exe"="0x5341435001000000000000000700000028000000A0D90800B508090001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000F9510000000000000100000001000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"="0x5341435001000000000000000700000028000000907F4E0349DC4E0301000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.131.0619.0001\FileSyncConfig.exe"="0x5341435001000000000000000700000028000000982F0B00113F0B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.131.0619.0001\Microsoft.SharePoint.exe"="0x534143500100000000000000070000002800000090D9080011AD090001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000F6830000000000000E0000000E000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\OneDrive.exe"="0x5341435001000000000000000700000028000000982928003E5B280001000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.131.0619.0001\OneDriveSetup.exe"="0x5341435001000000000000000700000028000000907F4E0349DC4E0301000000000000000000000A0021000050BB64EDDDACD5010000000100000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"="AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\grvopen]
""="URL: OneDrive Client Protocol"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\grvopen\DefaultIcon]
""="C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\OneDrive.exe"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\grvopen\shell\open\command]
""=""C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /url:"%1""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MicrosoftOfficeHub_17.6209.23751.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d0f23fd4455f29\fae8ab0e]
"@{Microsoft.MicrosoftOfficeHub_17.6209.23751.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftOfficeHub/officehubintl/AppManifest_GetOffice_Description}"="Get the latest versions of Word, Excel, PowerPoint, Outlook and OneNote plus OneDrive storage and Skype minutes with - Office 365."

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MicrosoftOfficeHub_17.6314.23751.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d1080f23388342\fae8ab0e]
"@{Microsoft.MicrosoftOfficeHub_17.6314.23751.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftOfficeHub/officehubintl/AppManifest_GetOffice_Description}"="Get the latest versions of Word, Excel, PowerPoint, Outlook and OneNote plus OneDrive storage and Skype minutes with - Office 365."

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MicrosoftOfficeHub_17.6418.23501.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d122f334b696d6\fae8ab0e]
"@{Microsoft.MicrosoftOfficeHub_17.6418.23501.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftOfficeHub/officehubintl/AppManifest_GetOffice_Description}"="Get the latest versions of Word, Excel, PowerPoint, Outlook and OneNote plus OneDrive storage and Skype minutes with - Office 365."

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MicrosoftOfficeHub_17.6605.23751.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d122f334b696d6\fae8ab0e]
"@{Microsoft.MicrosoftOfficeHub_17.6605.23751.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftOfficeHub/officehubintl/AppManifest_GetOffice_Description}"="Get the latest versions of Word, Excel, PowerPoint, Outlook and OneNote plus OneDrive storage and Skype minutes with - Office 365."

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MicrosoftOfficeHub_17.7012.23531.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d1b1f7a388ab33\fae8ab0e]
"@{Microsoft.MicrosoftOfficeHub_17.7012.23531.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftOfficeHub/officehubintl/AppManifest_GetOffice_Description}"="Get the latest versions of Word, Excel, PowerPoint, Outlook and OneNote plus OneDrive storage and Skype minutes with - Office 365."

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MicrosoftOfficeHub_17.7031.23501.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d1c337a3a44629\fae8ab0e]
"@{Microsoft.MicrosoftOfficeHub_17.7031.23501.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftOfficeHub/officehubintl/AppManifest_GetOffice_Description}"="Get the latest versions of Word, Excel, PowerPoint, Outlook and OneNote plus OneDrive storage and Skype minutes with - Office 365."

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CMicrosoft.Windows.SecHealthUI%5CMicrosoft.Windows.SecHealthUI.pri\1d888bb48eef780\326bcf6e]
"@{windows?ms-resource://Microsoft.Windows.SecHealthUI/resources/RansomwareProtection_HighKeywords}"="recovery;ransomware recovery;backup;OneDrive;Cloud;data restore;restore data;restore files;recover files;recover data;files restore"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveCameraRoll/Description}"="OneDrive camera roll settings"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveCameraRoll/HighKeywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveCameraRoll/Keywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveCameraRoll/LowKeywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveFileStorage/Description}"="OneDrive storage space"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveFileStorage/HighKeywords}"="buy;SkyDrive OneDrive;SkyDrive OneDrive;storage;Upgrade upgrades;usage usages"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveFileStorage/Keywords}"="cleanup;cloud;SkyDrive OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveFileStorage/LowKeywords}"="Backup backups;camera cameras;device devices;quota;roll rolls"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveMeteredConnections/Description}"="OneDrive metered connections settings"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveMeteredConnections/HighKeywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveMeteredConnections/Keywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveMeteredConnections/LowKeywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_CameraRollPhotoQuality/Description}"="Upload your camera roll to OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_CameraRollPhotoQuality/HighKeywords}"="camera cameras;folder folders;photo photos;roll rolls;Video videos"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_CameraRollPhotoQuality/Keywords}"="camera cameras;resolution resolutions;roll rolls"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_CameraRollPhotoQuality/LowKeywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_IsOneDriveDefaultStorage/Description}"="Choose a default save location for your files"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_IsOneDriveDefaultStorage/HighKeywords}"="default defaults;Location locations;Save saves"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_IsOneDriveDefaultStorage/Keywords}"="document documents;file files;picture pictures;SkyDrive OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_IsOneDriveDefaultStorage/LowKeywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_ManageOneDrivePlan/Description}"="Get more OneDrive storage"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_ManageOneDrivePlan/HighKeywords}"="SkyDrive OneDrive;space spaces;storage;Upgrade upgrades;buy"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_ManageOneDrivePlan/Keywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_ManageOneDrivePlan/LowKeywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Personalize_LockScreenSlideshowSource_OneDrive/Description}"="Add a folder to the lock screen slide show"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Personalize_LockScreenSlideshowSource_OneDrive/HighKeywords}"="folder folders;lockscreen;personalize;picture pictures;slideshow slideshows"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Personalize_LockScreenSlideshowSource_OneDrive/Keywords}"="library libraries;photo photos;picture pictures;picture pictures;SkyDrive OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Personalize_LockScreenSlideshowSource_OneDrive/LowKeywords}"=""

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d897256af34fcc\326bcf6e]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPageGroup_GranularCloudSearch/HighKeywords}"="cloud content search;search permissions;search OneDrive;search Outlook;search email;search people"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d897256af34fcc\326bcf6e]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPageGroup_Search_GranularCloudSearch/HighKeywords}"="cloud content search;search permissions;search OneDrive;search Outlook;search email;search people"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d897256af34fcc\326bcf6e]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAppRequestedDownloads-2/HighKeywords}"="automatic file downloads settings;downloads settings;download settings;storage provider;online only;OneDrive settings;automatic file downloads permissions;cloud file settings;cloud sync settings;cloud sync permissions;unblock automatic file downloads;automatic downloads notification"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d897256af34fcc\326bcf6e]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsPagePrivacyAppRequestedDownloads/HighKeywords}"="automatic file downloads settings;downloads settings;download settings;storage provider;online only;OneDrive settings;automatic file downloads permissions;cloud file settings;cloud sync settings;cloud sync permissions"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d897256af34fcc\326bcf6e]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SystemSettings_Personalize_LockScreenSlideshowSource_CloudBrandName/HighKeywords}"="folders;library;libraries;lockscreen;personalize;picture;pictures;SkyDrive;OneDrive;slideshows;lock screen settings"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MuiCache\59\52C64B7E]
"@C:\WINDOWS\System32\SettingSyncCore.dll,-1024"="OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy\Applications\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App]
"ApplicationContentUris"="+https://prod.rewardsplatform.microsoft.com/
+https://www.microsoft.com/officeoobe/
+https://wwwqa.microsoft.com/officeoobe/
+https://onedrive.live.com/windows/
+https://account.live.com/
+https://login.live.com/
+https://oloobe.officeapps.live.com/
+https://oloobe.officeapps.live-int.com/
+https://login.microsoftonline.com/
+https://login.microsoft.com/
+https://login.windows.net/
+https://login.windows-ppe.net/
+https://signup.live.com/
+https://account.live-int.com/
+https://login.live-int.com/
+https://signup.live-int.com/
+https://buy.live.com/
+https://buy.live-int.com/
+https://passwordreset.microsoftonline.com/
+https://account.activedirectory.windowsazure.com/
+https://tip.passwordreset.microsoftonline.com/
+https://account.activedirectory.windowsazure.us/
+https://account.activedirectory.windowsazure.cn/
+https://passwordreset.activedirectory.windowsazure.cn/
+https://password.ccsctp.com/
+https://account.activedirectory-ppe.windowsazure.com/
+https://sdx.microsoft.com/
+https://sdx.microsoft-ppe.com/
+https://sdx.microsoft-int.com/
+https://canary.sdx.microsoft.com/
+ms-appx-web:///webapps/
+ms-appx-web:///views/
+ms-appx-web:///RetailDemo/
+ms-appx-web:///core/
+https://login.microsoftonline.us/
+https://login.microsoftonline.de/
+https://login.partner.microsoftonline.cn/"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\OneDrive.exe.FriendlyAppName"="Microsoft OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\OneDrive.exe.ApplicationCompany"="Microsoft Corporation"


===================== Search result for "SkyDrive" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\FileManager_cw5n1h2txyewy\SplashScreen\FileManager_cw5n1h2txyewy!Microsoft.Windows.FileManager]
"AppName"="@{FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://FileManager/MarketBranding/SkyDriveDisplayName}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\FileManager_cw5n1h2txyewy\SplashScreen\FileManager_cw5n1h2txyewy!Microsoft.Windows.FileManager]
"Image"="@{FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://FileManager/Files/Assets/SkyDriveSplashScreen.png}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming]
"RestoreFlowUri"="https://skydrive.live.com/windows/skydrivesettings"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming]
"SkyDriveUri"="https://go.microsoft.com/fwlink/?LinkId=282720"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SkyDrive-SyncEngine/Debug]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SkyDrive-SyncEngine/Operational]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{70b2a341-03fe-494a-8888-87914d2c4d81}]
""="Microsoft-Windows-SkyDrive-SyncEngine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{70b2a341-03fe-494a-8888-87914d2c4d81}\ChannelReferences\0]
""="Microsoft-Windows-SkyDrive-SyncEngine/Operational"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{70b2a341-03fe-494a-8888-87914d2c4d81}\ChannelReferences\1]
""="Microsoft-Windows-SkyDrive-SyncEngine/Debug"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance]
"CriticalTasks"="\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\CrawlScopeManager\Windows\SystemIndex\WorkingSetRules\5]
"URL"="file:///C:\[85e5f259-4e5c-489d-9a54-03936b50c35b]\Users\DeanZF1\SkyDrive\Documents\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\CrawlScopeManager\Windows\SystemIndex\WorkingSetRules\6]
"URL"="file:///C:\[85e5f259-4e5c-489d-9a54-03936b50c35b]\Users\DeanZF1\SkyDrive\Music\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\FileChangeClientConfigs\{E4965B43-B64D-4D31-B0F7-5A6F77582B0F}]
"ScopeToMonitor"="C:\Users\DeanZF1\SkyDrive\Pictures"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Registration\{323277B1-D81D-4329-973E-497F413BC5D0}]
"ProductName"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Registration\{323277B1-D81D-4329-973E-497F413BC5D0}]
"ProductNameBrand"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Registration\{4825AC28-CE41-45A7-9E6E-1FED74057601}]
"ProductName"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Registration\{4825AC28-CE41-45A7-9E6E-1FED74057601}]
"ProductNameBrand"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Registration\{7868FC3D-ABA3-4B5D-B4EA-419C608DAB45}]
"ProductName"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Registration\{7868FC3D-ABA3-4B5D-B4EA-419C608DAB45}]
"ProductNameBrand"="Microsoft SkyDrive Pro 2013 Trial"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Registration\{CFAF5356-49E3-48A8-AB3C-E729AB791250}]
"ProductName"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Registration\{CFAF5356-49E3-48A8-AB3C-E729AB791250}]
"ProductNameBrand"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Registration\{FB4875EC-0C6B-450F-B82B-AB57D8D1677F}]
"ProductName"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Registration\{FB4875EC-0C6B-450F-B82B-AB57D8D1677F}]
"ProductNameBrand"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\User Settings\{323277B1-D81D-4329-973E-497F413BC5D0}\Create\Software\Microsoft\Office\15.0]
"ProductName"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\User Settings\{323277B1-D81D-4329-973E-497F413BC5D0}\Create\Software\Microsoft\Office\15.0]
"ProductNameBrand"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\User Settings\{4825AC28-CE41-45A7-9E6E-1FED74057601}\Create\Software\Microsoft\Office\15.0]
"ProductName"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\User Settings\{4825AC28-CE41-45A7-9E6E-1FED74057601}\Create\Software\Microsoft\Office\15.0]
"ProductNameBrand"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\User Settings\{7868FC3D-ABA3-4B5D-B4EA-419C608DAB45}\Create\Software\Microsoft\Office\15.0]
"ProductName"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\User Settings\{7868FC3D-ABA3-4B5D-B4EA-419C608DAB45}\Create\Software\Microsoft\Office\15.0]
"ProductNameBrand"="Microsoft SkyDrive Pro 2013 Trial"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\User Settings\{CFAF5356-49E3-48A8-AB3C-E729AB791250}\Create\Software\Microsoft\Office\15.0]
"ProductName"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\User Settings\{CFAF5356-49E3-48A8-AB3C-E729AB791250}\Create\Software\Microsoft\Office\15.0]
"ProductNameBrand"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\User Settings\{FB4875EC-0C6B-450F-B82B-AB57D8D1677F}\Create\Software\Microsoft\Office\15.0]
"ProductName"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\User Settings\{FB4875EC-0C6B-450F-B82B-AB57D8D1677F}\Create\Software\Microsoft\Office\15.0]
"ProductNameBrand"="Microsoft SkyDrive Pro 2013"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Live\Roaming]
"RestoreFlowUri"="https://skydrive.live.com/windows/skydrivesettings"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Live\Roaming]
"SkyDriveUri"="https://go.microsoft.com/fwlink/?LinkId=282720"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Search\CrawlScopeManager\Windows\SystemIndex\WorkingSetRules\5]
"URL"="file:///C:\[85e5f259-4e5c-489d-9a54-03936b50c35b]\Users\DeanZF1\SkyDrive\Documents\"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Search\CrawlScopeManager\Windows\SystemIndex\WorkingSetRules\6]
"URL"="file:///C:\[85e5f259-4e5c-489d-9a54-03936b50c35b]\Users\DeanZF1\SkyDrive\Music\"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Search\FileChangeClientConfigs\{E4965B43-B64D-4D31-B0F7-5A6F77582B0F}]
"ScopeToMonitor"="C:\Users\DeanZF1\SkyDrive\Pictures"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2910419722-4152969464-3579386052-1001]
"\Device\HarddiskVolume5\Users\DeanZF1\SkyDrive\Desktop\FRST64.exe"="0xBC56227DB39ED80100000000000000000000000002000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\MediaPlayer\Preferences]
"TrackFoldersDirectories3"="C:\Users\DeanZF1\SkyDrive\Music"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\MediaPlayer\Preferences\HME\LastSharedFolders]
"Folders1"="C:\Users\DeanZF1\SkyDrive\Music"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\MediaPlayer\Preferences\HME\ShareFolders]
"Folders6"="C:\Users\DeanZF1\SkyDrive\Pictures"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\14.0\Word\File MRU]
"Item 10"="[F00000000][T01D592BFC8DBBB30][O00000000]*C:\Users\DeanZF1\SkyDrive\Documents\COSTCO.doc"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\14.0\Word\File MRU]
"Item 22"="[F00000000][T01D46BCF454D4080][O00000000]*C:\Users\DeanZF1\SkyDrive\Documents\Question for Jill.doc"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\14.0\Word\Place MRU]
"Item 6"="[F00000000][T01D592BFC8DAF7E0][O00000000]*C:\Users\DeanZF1\SkyDrive\Documents\"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\Identities\b8b125beda31ce0b_LiveId\WLINBOX_SKYDRIVE_b8b125beda31ce0b_https://d.docs.live.net/b8b125beda31ce0b]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\Identities\b8b125beda31ce0b_LiveId\WLINBOX_SKYDRIVE_b8b125beda31ce0b_https://d.docs.live.net/b8b125beda31ce0b]
"ConnectionDisplayName"="Dean Thomas's OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\Identities\b8b125beda31ce0b_LiveId\WLINBOX_SKYDRIVE_b8b125beda31ce0b_https://d.docs.live.net/b8b125beda31ce0b]
"ConnectionId"="WLINBOX_SKYDRIVE_b8b125beda31ce0b_https://d.docs.live.net/b8b125beda31ce0b"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\Identities\b8b125beda31ce0b_LiveId\WLINBOX_SKYDRIVE_b8b125beda31ce0b_https://d.docs.live.net/b8b125beda31ce0b]
"ConnectionMetadata"="<Metadata><Type>Skydrive</Type><DefaultFolderRelativePath>/^.Documents</DefaultFolderRelativePath><DefaultCreateRelativePath>/^.Documents</DefaultCreateRelativePath><KeyTip>K</KeyTip><RegularExpression>^(?:http|https)://(?:[a-zA-Z0-9])+\.(?:[a-zA-Z0-9\-]+\.)*docs(?:-df|-bvt|-s3|-gd|-current|-dev)*\.live(?:-tst)*\.net(?:\:[0-9]*)?/([A-Fa-f0-9]*)(?:\/.*)?$</RegularExpression><DocumentsDavUrl>https://d.docs.live.net/b8b125beda31ce0b/^.Documents</DocumentsDavUrl><PhotosDavUrl>https://d.docs.live.net/b8b125beda31ce0b/^.Photos</PhotosDavUrl></Metadata>"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\Identities\b8b125beda31ce0b_LiveId\WLINBOX_SKYDRIVE_b8b125beda31ce0b_https://d.docs.live.net/b8b125beda31ce0b]
"ServiceId"="WLINBOX_SKYDRIVE"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\Identities\b8b125beda31ce0b_LiveId\WLINBOX_SKYDRIVE_b8b125beda31ce0b_https://d.docs.live.net/b8b125beda31ce0b\Metadata]
"Type"="Skydrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLINBOX_SKYDRIVE]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLINBOX_SKYDRIVE]
"CapabilitiesMetadata"="<Metadata><Type>Skydrive</Type><DefaultFolderRelativePath>/^.Documents</DefaultFolderRelativePath><DefaultCreateRelativePath>/^.Documents</DefaultCreateRelativePath><KeyTip>K</KeyTip><RegularExpression>^(?:http|https)://(?:[a-zA-Z0-9])+\.(?:[a-zA-Z0-9\-]+\.)*docs(?:-df|-bvt|-s3|-gd|-current|-dev)*\.live(?:-tst)*\.net(?:\:[0-9]*)?/([A-Fa-f0-9]*)(?:\/.*)?$</RegularExpression></Metadata>"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLINBOX_SKYDRIVE]
"Description"="Free online storage.  Store, access and share thousands of documents on OneDrive."

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLINBOX_SKYDRIVE]
"Name"="OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLINBOX_SKYDRIVE]
"ServiceId"="WLINBOX_SKYDRIVE"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLINBOX_SKYDRIVE]
"ServiceUrl"="http://g.live.com/8seskydrive/HomePageUrl"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLINBOX_SKYDRIVE\Metadata]
"Type"="Skydrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLMOUNTED_SKYDRIVE]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLMOUNTED_SKYDRIVE]
"CapabilitiesMetadata"="<Metadata><Type>Skydrive</Type><DefaultFolderRelativePath>/^.Documents</DefaultFolderRelativePath><DefaultCreateRelativePath>/^.Documents</DefaultCreateRelativePath><KeyTip>K</KeyTip><RegularExpression>^(?:http|https)://(?:[a-zA-Z0-9])+\.(?:[a-zA-Z0-9\-]+\.)*docs(?:-df|-bvt|-s3|-gd|-current|-dev)*\.live(?:-tst)*\.net(?:\:[0-9]*)?/([A-Fa-f0-9]*)(?:\/.*)?$</RegularExpression></Metadata>"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLMOUNTED_SKYDRIVE]
"Description"="OneDrive (Mounted)"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLMOUNTED_SKYDRIVE]
"Name"="OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLMOUNTED_SKYDRIVE]
"ServiceId"="WLMOUNTED_SKYDRIVE"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLMOUNTED_SKYDRIVE]
"ServiceUrl"="http://g.live.com/8seskydrive/HomePageUrl"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Common\ServicesManagerCache\ServicesCatalog\WLMOUNTED_SKYDRIVE\Metadata]
"Type"="Skydrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Office\15.0\Registration\DEANZF\{90150000-000F-0000-0000-0000000FF1CE}\O365HomePremRetail\EULA]
"18"="SUPPLEMENT TO MICROSOFT SERVICE AGREEMENT
MICROSOFT OFFICE 365 CONSUMER SUBSCRIPTION SERVICE AND SOFTWARE:
MICROSOFT OFFICE 365 HOME PREMIUM
MICROSOFT OFFICE 365 UNIVERSITY

Thank you for choosing a Microsoft Office 365 Consumer Subscription.  Your use of the Office 365 Consumer Subscription service and software is governed by the terms and conditions of the Microsoft Service Agreement you agreed to when you signed up for a Microsoft Account (formerly known as Windows Live ID) and the terms and conditions of this Supplement, which with other terms contained in web links listed in this Supplement are an agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates).  A separate license may be presented when installing and using the software on a licensed device.  That separate license controls to the extent of any conflict with this Supplement.  For your convenience, we've organized this Supplement into two parts. The first part includes introductory terms; the Additional Terms follow and contain greater detail. You should review this entire Supplement, including any linked terms, because all of the terms are important and create this contract that applies to you. You can review linked terms by pasting the forward link into your browser window.  In the event of any conflict between the Microsoft Service Agreement and this Supplement, this Supplement will govern as to your use of an Office 365 Consumer Subscription.
BY ACCEPTING THIS AGREEMENT OR USING THE SOFTWARE/SERVICE, YOU AGREE TO ALL OF THESE TERMS AND CONSENT TO THE TRANSMISSION OF CERTAIN INFORMATION DURING ACTIVATION AND FOR INTERNET-BASED FEATURES OF THE SOFTWARE/SERVICE.  IF YOU DO NOT ACCEPT AND COMPLY WITH THESE TERMS, YOU MAY NOT USE THE SERVICE OR SOFTWARE.
How can I use the software that is provided as part of the service?  We do not sell our software or your copy of it – we only license it.  Under our license we grant you the right to install and run that one copy of the software on one licensed computer (the first licensed computer) for use by one person at a time, but only if you comply with all the terms of this Supplement.  The user whose Microsoft account is associated with the software license for the first licensed computer is the "licensed subscriber."  Provided that you comply with all the terms of this Supplement, you may install and run additional copies of the software on licensed computers and licensed devices as follows: 
Office 365 Home Premium:  On four additional licensed computers and five licensed devices, for use only by members of the same household as the licensed subscriber. Please refer to the Additional Terms for qualifications and requirements that apply to "Military" and "Canadian Forces" subscriptions.
Office 365 University: On one additional licensed computer and two licensed devices, for use only by the licensed subscriber.  Please refer to the Additional Terms for qualifications and requirements that apply to "Qualified Educational Users."
Only one person at a time may use the software on each licensed computer or licensed device.  The service/software may not be used for commercial, non-profit, or revenue-generating activities. The components of the software are licensed as a single unit, and you may not separate or virtualize the components and install them on different computers.  Except for the permitted use described under "Remote Access" below, this license is for direct use of the software only through the input mechanisms of the licensed computer, such as a keyboard, mouse, or touchscreen.  It does not give permission for installation of the software on a server or for use by or through other computers or devices connected to the server over an internal or external network. The software also is not licensed for commercial hosting. For more information on multiple user scenarios and virtualization, see the Additional Terms.
How long can I use the software?  Your right to use the service/software is limited to the subscription period.  You may have the option to extend your subscription. If you extend your subscription, you may continue using the service/software until the end of your extended subscription period. See the software activation screens or other accompanying materials for subscription details. After the expiration of your subscription, most features of the service and software will stop running.
Can I assign or transfer the software to another computer, device or user?  License transfers are not permitted.  You may assign the software license to another computer or device in accordance with the above installation and use rights.  Anytime you assign the software license to a new computer or device, the software will no longer run on the prior computer or device.
How does Internet activation work?  Activation associates the use of the service/software with a specific computer or device.  Activation is required for each licensed computer and each licensed device to which a software license is assigned.  During activation, the software will automatically contact Microsoft or its affiliate to confirm that the license is associated with the licensed computer or licensed device. Because activation is meant to identify unauthorized changes to the licensing or activation functions of the software, and to otherwise prevent unlicensed use of the software, you have no right to use the service and software after the time permitted for activation and you may not bypass or circumvent activation.  If you have not entered a product key during the time permitted for activation, most features of the service and software will stop running.
Does the software collect my personal information? If you connect your computer to the Internet, some features of the service or software may connect to Microsoft or service provider computer systems to send or receive information. You may not always receive a separate notice when they connect. If you choose to use any of these features, you agree to send or receive this information when using that feature. Many of these features can be switched off or you can choose not to use them.
How do we use your information? Microsoft uses the information it collects through the service and software features to upgrade or fix the service and software and otherwise personalize the user experience or improve our products and services. We may use this information we collect to identify and contact you.  In certain circumstances, we also share it with others to improve our products and services.  For example, we share error reports with relevant hardware and software vendors, so that they can use the information to improve how their products run with Microsoft products. You agree that we may use and disclose the information as described in our Privacy Statement, at r.office.microsoft.com/r/rlidOOPrivacyState15HighLight?clid=1033.
ADDITIONAL TERMS
A. LICENSE RIGHTS AND MULTI USER SCENARIOS
1.    Computer and Device. In this agreement, "computer" means a hardware system (whether physical or virtual) with a storage device capable of running the software. A hardware partition or blade is considered to be a computer. "Device" means a mobile device capable of running the software.
2.    Multiple or pooled connections. You may not use hardware or software to multiplex or pool connections, or otherwise allow multiple users or multiple computers or devices to access or use the software indirectly through the licensed computer or licensed device.
3.      Use in a virtualized environment. If you use virtualization software, including client hyper-v, to create one or more virtual computers on a single computer hardware system, each virtual computer, and the physical computer, is considered a separate computer for purposes of this agreement. This license allows you to install only one copy of the software for use on each computer or device permitted under the installation and use rights above, whether that computer or device is physical or virtual.  If you want to virtualize the software, you must obtain separate copies of the software and a separate license for each copy. Content protected by digital rights management technology or other full-volume disk drive encryption technology may be less secure in a virtualized environment.
4.      Remote access: The licensed subscriber may access and use the software installed on the licensed computer or licensed device remotely from any other computer or device, as long as the software installed on the licensed computer or licensed device is not being used non-remotely by another user simultaneously. As an exception, you may allow others to access the software simultaneously only to provide you with technical support.
B.   ACTIVATION
1.   More on how activation works. During activation, the software will send information about the software and your computer and/or device to Microsoft. This information includes the version, license version, language, and product key of the software, the Internet protocol address of the computer, and information derived from the hardware configuration of the computer. For more information about activation, see microsoft.com/piracy/activation.mspx. If the licensed computer is connected to the Internet, the software will automatically connect to Microsoft for activation. You can also activate the software manually by Internet. Internet service charges may apply.
2.   Re-activation. Some changes to your computer or device components or the software may require re-activation of the software.
3.   Activation failure. During online activation, if the licensing or activation functions of the software are found to be counterfeit or improperly licensed, activation will fail. The software will notify you if the installed copy of the software is improperly licensed. In addition, you will receive reminders to obtain a properly licensed copy of the software.
4.   Updates and Upgrades.  You may only obtain updates or upgrades for the software from Microsoft or authorized sources. Certain upgrades, support, and other services may be offered only to users of genuine Microsoft software. To identify genuine Microsoft software, see howtotell.com.
C.   INTERNET-BASED FEATURES; PRIVACY
The following software features use Internet protocols, which send to Microsoft (or its suppliers or service providers) computer information, such as your Internet protocol address, the type of operating system, browser and name and version of the software you are using, and the language code of the computer or device where you installed the software. Microsoft uses this information to make the Internet-based features available to you, in accordance with the Office 2013 Privacy Statement, at r.office.microsoft.com/r/rlidOOPrivacyState15HighLight?clid=1033. Some Internet-based features may be delivered at a later date via Microsoft's Update service.
1.   Consent for Internet-Based Services. The software features described below and in the Office 2013 Privacy Statement connect to Microsoft or service provider computer systems over the Internet. In some cases, you will not receive a separate notice when they connect. In some cases, you may switch off these features or not use them. For more information about these features, see the Office 2013 Privacy Statement at r.office.microsoft.com/r/rlidOOPrivacyState15HighLight?clid=1033. BY USING THESE FEATURES, YOU CONSENT TO THE TRANSMISSION OF THIS INFORMATION. Microsoft does not use the information to identify or contact you.
2.   Office Personalization Experience Program (OPEP). You have the option of joining OPEP. If you join, OPEP automatically sends Microsoft information about your hardware and how you use this software and our services. We collect this information to identify trends and usage patterns so that we can personalize your experience and improve Office software and services. We may use the information collected to identify and contact you. OPEP will also periodically download a small file to your computer. This file helps us collect information about problems that you have while using the software and service. When available, new help information about software errors might also be automatically downloaded. If you choose recommended settings during first run of the software, you turn on OPEP. To learn more about OPEP, see o15.officeredir.microsoft.com/r/rlidOfficeLegal?clid=1033.
3.   Online Features and Content. Features in the service and software can retrieve online content from Microsoft and provide it to you. Certain features may also permit you to search for and access information online. Examples of these features include clip art, templates, online training, online assistance and help, and Outlook Weather on the Calendar.  If you save a template provided by Office.com, information will be sent online to Microsoft, such as information that identifies the template, but no document you create using the template will be sent. This information is used to provide you with content you request and to improve our services and software. You may choose not to use these online features and content. See the Office 2013 Privacy Statement linked at the end of this agreement for more information.
4.   Cookies. If you choose to use online features in the service/software, such as online assistance and help, and templates, cookies may be set. To learn how to block, control and delete cookies, please read the cookies section of the Office 2013 Privacy Statement linked at the end of this agreement.
5.   Office Roaming Service.  If you choose to sign into the software/service with your Microsoft account, you turn on the Office Roaming Service.  Turning on the Office Roaming Service sends certain settings (including your list of Most Recently Used Documents, your custom dictionary, and your visual themes) online to Microsoft servers, where they are stored and downloaded to your computer or device the next time you sign into the service with your Microsoft account.  For more information about the Office Roaming Service, see the Office 2013 Privacy Statement linked at the end of this agreement.
6.   Office 2013 on Windows 8.  If you are running the software on a Windows 8 device and you have enabled the software's online features and content, signing into Windows 8 with a Microsoft account will automatically sign you into the software using the same Microsoft account. This allows you to store and access online files in SkyDrive and enjoy the Office Roaming Service without being asked to reenter your Microsoft account username and password.  For more information about signing into the service/software with a Microsoft account and the Office Roaming Service, see the Office 2013 Privacy Statement linked at the end of this agreement.
7.   Digital Certificates. The software uses digital certificates. These digital certificates confirm the identity of Internet users sending X.509 standard encrypted information. They also can be used to digitally sign files and macros to verify the integrity and origin of the file contents. The software retrieves certificates and updates certificate revocation lists using the Internet, when available.
8.   Automatic Update. Software with Click-to-Run technology may periodically check with Microsoft for updates and supplements to the software. If found, these updates and supplements might be automatically downloaded and installed on your licensed computer or licensed device.
9.   Use of Information. Microsoft may use the computer or device information, error reports, and malware reports to improve our software and services. We may also share it with others, such as hardware and software vendors. They may use the information to improve how their products run with Microsoft software.
10.   Misuse of Internet-Based Services. You may not use these services in any way that could harm them or impair anyone else's use of them. You may not use the services to try to gain unauthorized access to any service, data, account or network by any means.
11.   Information Rights Management. The software contains a feature that allows you to create content that cannot be printed, copied or sent to others without your permission. You may need to connect to Microsoft to use this feature for the first time, and you may need to reconnect to Microsoft periodically to update this feature. For more information, go to o15.officeredir.microsoft.com/r/rlidIRMHelp?clid=1033. You may choose not to use this feature.
D.      ADDITIONAL LICENSING RESTRICTIONS, REQUIREMENTS AND/OR USE RIGHTS
1.    Office 365 Military Subscription. You must be a "Qualified Military User" to subscribe to and use the service/software designated as "Military" subscription.  To be a Qualified Military User, in the United States of America, you must be an authorized patron of the Armed Services Exchanges in accordance with applicable U.S. Federal statutes and regulations.
2.      Canadian Forces Subscription.  You must be a "CANEX Authorized Patron" to subscribe to and use the service/software designated as "Canadian Forces" subscription. To be a CANEX Authorized Patron, you must be a
• Serving member of the Canadian Forces (CF) or their spouse;
• Member of the Canadian Forces Reserve Force;
• Retired Canadian Forces member or Department of National Defense (DND) civilian employee in receipt of a DND pension;
• Permanent full-time or part-time Non-Public Fund (NPF) or DND employee or and their spouse;
• CANEX Concessionaire (principals only);
• Qualifying foreign military personnel;
• Retired NPF employee in receipt of an NPF pension;
• Full time employee of Alternative Service Delivery contractors;
• Widow of CF personnel receiving a benefit under the Child Family Services Act, Defence Services Pension Contribution Act, or the Pension Act or the War Veterans Allowance Act;
• Member of the Canadian Corps of Commissionaires when residing or employed on a Base/Wing; or
• Member of the Royal Canadian Mounted Police.
3.      University Subscription.  You must be a Qualified Educational User to subscribe to and use the "University" edition service and software.  If you want to find out more about University subscription, or you want to find out if you are a Qualified Educational User, visit microsoft.com/education or contact the Microsoft affiliate serving your country for more information.
4.      Not for Resale Subscription.  Not for Resale subscription cards are distributed for limited purposes.  You may not sell subscription cards marked as "NFR" or "Not for Resale."
5.      Third Party Programs. The software may include third party programs that Microsoft, not the third party, licenses to you under this agreement. Notices, if any, for the third party program are included for your information only.
6.      Font Components.  While the software is running, you may use its fonts to display and print content.  You may temporarily download the fonts to a printer or other output device to print content, and you may embed fonts in content only as permitted by the embedding restrictions in the fonts.
7.      Media Elements.  Microsoft grants you a license to copy, distribute, perform and display media elements (images, clip art, animations, sounds, music, video clips, templates and other forms of content) included with the service/software in projects and documents, except that you may not: (i) sell, license or distribute copies of any media elements by themselves or as a product if the primary value of the product is the media elements; (ii) grant your customers rights to further license or distribute the media elements; (iii) license or distribute for commercial purposes media elements that include the representation of identifiable individuals, governments, logos, trademarks, or emblems or use these types of images in ways that could imply an endorsement or association with your product, entity or activity; or (iv) create obscene or scandalous works using the media elements.  Other media elements, which are accessible on other websites through Office features, are governed by the terms on those websites.
8.      Trial and Conversion. Some or all of the service/software may be licensed on a trial basis. Your rights to use trial service/software are limited to the trial period. The trial service/software and length of the trial subscription are set forth during the activation process. You may have the option to convert your trial rights to subscription or perpetual rights.  Conversion options will be presented to you at the expiration of your trial period. After the expiration of any trial period without conversion, most features of the trial service/software will stop running.
E.   GEOGRAPHIC AND EXPORT RESTRICTIONS
If there is a geographic region indicated on your subscription card packaging or the website where you sign up for the subscription service, then you may activate the service/software only in that region. Microsoft's software and services are subject to U.S. and other jurisdictions' export and technology laws and you agree to comply with all such applicable laws and regulations that apply to the software and/or services.  U.S. government permission is required to transfer these software and services to governments of any embargoed country or certain prohibited parties. (Please see treasury.gov/resource-center/Documents/soc_net.pdf for more information).  Additionally, paid services are subject to United States export laws and regulations with which you must comply.  These laws include restrictions on destinations, end users and end use.  For additional information, see www.microsoft.com/exporting.
F.      SUPPORT
Limited customer support for Office 365 Consumer Subscription is available at office.com/support (help/how to) and at support.microsoft.com/ph/13615 (technical support).
G.   ENTIRE AGREEMENT
This Supplement (together with terms accompanying any software supplements, updates, and services that are provided by Microsoft and that you use and any separate license that may be presented when installing and using the software on a licensed device), and the terms contained in web links listed in this Supplement, are the entire agreement for the service and software and any such supplements, updates, and services (unless Microsoft provides other terms with such supplements, updates, or services). You can review this Supplement after your software is running by going to the software Help screen and clicking on the Microsoft Software License Terms link. You can also review the terms at any of the links in this agreement by typing the URLs into your browser address bar, and you agree to do so. You understand that by using the service, you accept this Supplement and the linked terms. There are also informational links in this agreement. The links containing terms that bind you and us are:
·   r.office.microsoft.com/r/rlidOOPrivacyState15HighLight?clid=1033 (Office 2013 Privacy    Statement);
·   go.microsoft.com/fwlink/?LinkID=246338 (Microsoft Service Agreement)

EULAID:O15_RTM_SUB.1_RTM_EN
"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\StorageLibrary\ChangeTracking\Microsoft.Windows.Photos_8wekyb3d8bbwe\1]
"{E4965B43-B64D-4D31-B0F7-5A6F77582B0F}"="C:\Users\DeanZF1\SkyDrive\Pictures"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures"="C:\Users\DeanZF1\SkyDrive\Pictures"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop"="C:\Users\DeanZF1\SkyDrive\Desktop"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal"="C:\Users\DeanZF1\SkyDrive\Documents"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Desktop"="C:\Users\DeanZF1\SkyDrive\Desktop"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"My Pictures"="C:\Users\DeanZF1\SkyDrive\Pictures"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"="C:\Users\DeanZF1\SkyDrive\Documents"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"{0DDD015D-B06C-45D5-8C4C-F59713854639}"="C:\Users\DeanZF1\SkyDrive\Pictures"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"{F42EE2D3-909F-4907-8871-4C22FC0BF756}"="C:\Users\DeanZF1\SkyDrive\Documents"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Microsoft.SkyDrive.Desktop]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.SkyDrive.Desktop]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.SkyDrive.Desktop]
"wnsId"="Microsoft.SkyDrive.Desktop"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\MoSkyFileSync]
"wnsId"="windows.skydriveinboxcomponent_cw5n1h2txyewy"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\MoSkyQuotaStateChange]
"wnsId"="windows.skydriveinboxcomponent_cw5n1h2txyewy"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Namespace\Windows\SkyDriveRamps]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Namespace\Windows\SkyDriveSettings]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SkyDrive]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SkyDrive]
"LegacySkyDriveHandled"="1"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SkyDriveOptIn]

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\SkyDrive\Desktop\Xerox_WorkCentre_3215_Windows_Print_Drivers_Utilities_V1.10.exe"="0x5341435001000000000000000700000028000000C8F0A00F02E7A10F01000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000007D730600000000000300000003000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\DeanZF1\SkyDrive\Desktop\FRST64.exe"="0x534143500100000000000000070000002800000000282400C659240001000000000000000000000A0021000050BB64EDDDACD5010000000000000000"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveFileStorage/HighKeywords}"="buy;SkyDrive OneDrive;SkyDrive OneDrive;storage;Upgrade upgrades;usage usages"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SettingsPageOneDriveFileStorage/Keywords}"="cleanup;cloud;SkyDrive OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_IsOneDriveDefaultStorage/Keywords}"="document documents;file files;picture pictures;SkyDrive OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_OneDrive_ManageOneDrivePlan/HighKeywords}"="SkyDrive OneDrive;space spaces;storage;Upgrade upgrades;buy"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5Cwindows%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1cffc7f3fb01a3d\502b3ce7]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Personalize_LockScreenSlideshowSource_OneDrive/Keywords}"="library libraries;photo photos;picture pictures;picture pictures;SkyDrive OneDrive"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d897256af34fcc\326bcf6e]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SystemSettings_Personalize_LockScreenSlideshowSource_CloudBrandName/HighKeywords}"="folders;library;libraries;lockscreen;personalize;picture;pictures;SkyDrive;OneDrive;slideshows;lock screen settings"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\DeanZF1\SkyDrive\Desktop\Xerox_WorkCentre_3215_Windows_Print_Drivers_Utilities_V1.10.exe.FriendlyAppName"="Xerox_WorkCentre_3215_Windows_Print_Drivers_Utilities_V1.10"

[HKEY_USERS\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\DeanZF1\SkyDrive\Desktop\SamsungUniversalPrintDriver2.exe.FriendlyAppName"="Selft Extractor of CI 3"

====== End of Search ======
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 23, 2022, 04:58:07 PM
This is COMPLETELY WEIRD!

Running from C:\Users\DeanZF1\SkyDrive\Desktop
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 23, 2022, 05:09:53 PM
I know. Bizarre.

I wouldn't blame you if you gave up.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 23, 2022, 05:35:29 PM
Never give up, but I asked for suggestions and ideas. Perhaps someone else can give us a hand.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 23, 2022, 05:45:41 PM
I like your style. ^_^  I'm ready to go the whole distance.  I so appreciate the help!
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 23, 2022, 06:01:24 PM
You are welcome!

It's the first time I see such a strange issue, so ... it is a challenge. 🙂
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 23, 2022, 08:23:52 PM
PWG,

Let's enable the built-in Admin account and see what is happening from there. It seems that the Dean account contains items from both Windows 8 and 10 and this makes things more difficult.

1. Enable the built-in Admin account

Code (auto:0) Select
net user administrator /active:yes

2. Install Microsoft OneDrive


3. FRST scan

Run FRST and let me see the logs.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 23, 2022, 10:03:56 PM
That was a little scary.  Didn't know if I would need a password or how to get it if I did. Thankfully not. It took a while to set up the Administrator desktop.

How long should it take to install One Drive?  The installation screen disappears after a message that says "we're getting things ready for you"I can call it back up, but it shows the same message and the progress bar completes again but then the panel again disappears. Seems like something is not right.

Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 23, 2022, 10:55:01 PM
Just got a sign in screen. Never did see any prompts for anything else, so it apparently installed where it wanted. Not under any other file. Screenshot shows location.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by Administrator (administrator) on DEANZF (LENOVO 20238) (23-07-2022 17:39:55)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: DeanZF1 & Administrator
Platform: Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <2>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe <2>
(explorer.exe ->) (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe <2>
(explorer.exe ->) (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe <2>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <13>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe <2>
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe <2>
(explorer.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(explorer.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe <2>
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe <2>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe <2>
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <6>
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe <2>
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-02-14] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-02-14] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink -> CyberLink Corp.)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [cdloader] => C:\Users\DeanZF1\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [254840 2017-03-17] (TomTom International BV -> TomTom)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1986280 2017-08-04] (TomTom International BV -> TomTom)
HKU\S-1-5-21-2910419722-4152969464-3579386052-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2910419722-4152969464-3579386052-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [53160 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Windows x64\Print Processors\xp3215pp: C:\Windows\System32\spool\prtprocs\x64\xp3215pp.dll [128912 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-19] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\Lenovo\Bluetooth Software\\BtwCP.dll [2013-09-25] (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-09]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]
Startup: C:\Users\DeanZF1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-06-03]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11182569-C275-4F85-A65E-73A77EABFD34} - System32\Tasks\{F67749E8-8910-4749-8654-589901F9E9E0} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {25F70752-345A-4BE9-BB13-C7B2664DB5BE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {3EF6C0D3-6B6A-4323-834D-228475987269} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321608 2016-12-07] (LENOVO -> Lenovo)
Task: {570D9DD6-A390-4ED0-A305-3A8A637292D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CE1AC92-D172-4A01-95A0-8E205CD4F846} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {60FF31F2-6BDF-494B-B6D3-F2465E7A56A5} - System32\Tasks\{EB055ABA-B477-419E-B301-D5160002C46D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {62F29E74-610D-4E16-9BE6-897CAF86F5F8} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {66B243CE-0B4F-49A0-B38F-6B0442FFAF38} - System32\Tasks\{735BFA4D-88DE-4476-BCC8-639ED5DF36CB} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {79FCD25F-85F3-4DF1-A031-0F807606A89F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {8C280DB7-755A-4F46-A879-7786087DC54B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {B6791981-C306-4184-96BC-F5E59A1FE134} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {C0A096B6-455F-4F74-9FA7-9D85632CD2E7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C648E924-E78E-45EA-8F2C-C31F0CD76550} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.)
Task: {C9C3A79F-F987-46B9-B15F-168D8A454FBF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264328 2016-12-07] (LENOVO -> )
Task: {F5E509F9-C7B9-4DE2-ADA2-E1E62246DCED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {F7E80B7B-B78C-4AA5-ACFB-A393B2F783D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAD46F43-8D90-41A4-9D99-FF7AFC400DB9} - System32\Tasks\{275FA3AB-A5B6-4FD6-A80B-6BB53A05DBFC} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d74f6f9e-6879-4b40-9741-86a89841e757}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fc461f4f-5f4c-4a00-b5c6-65a89768f055}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-23]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-07-23]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 71hmfyak.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\71hmfyak.default [2022-07-23]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\97d1jue9.default-release [2022-07-23]
FF DownloadDir: C:\Users\Administrator\Desktop
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273544 2016-12-07] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-13] (Malwarebytes Inc. -> Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-23] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKslc0c21eef; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94293BA4-5558-463D-86D2-83BB776980A8}\MpKslDrv.sys [141576 2022-07-23] (Microsoft Windows -> Microsoft Corporation)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [14224 2021-04-01] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-23 17:39 - 2022-07-23 17:41 - 000021018 _____ C:\Users\Administrator\Desktop\FRST.txt
2022-07-23 17:33 - 2022-07-23 17:36 - 000056701 _____ C:\Users\Administrator\Desktop\AdditionNulll.txt
2022-07-23 17:29 - 2022-07-23 17:36 - 000035438 _____ C:\Users\Administrator\Desktop\FRSTnull.txt
2022-07-23 17:29 - 2022-07-23 17:29 - 000000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2022-07-23 17:28 - 2022-07-23 17:29 - 002369536 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2022-07-23 17:18 - 2022-07-23 17:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\OneDrive
2022-07-23 16:58 - 2022-07-23 16:58 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2022-07-23 16:57 - 2022-07-23 16:57 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2022-07-23 16:52 - 2022-07-23 16:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2022-07-23 16:39 - 2022-07-23 17:00 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2910419722-4152969464-3579386052-500
2022-07-23 16:38 - 2022-07-23 17:40 - 000000000 ___RD C:\Users\Administrator\OneDrive
2022-07-23 16:38 - 2022-07-23 17:00 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2910419722-4152969464-3579386052-500
2022-07-23 16:38 - 2022-07-23 17:00 - 000002435 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-23 16:38 - 2022-07-23 16:54 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2022-07-23 16:38 - 2022-07-23 16:38 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2022-07-23 16:37 - 2022-07-23 16:56 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Xerox
2022-07-23 16:37 - 2022-07-23 16:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2022-07-23 16:37 - 2022-07-23 16:37 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2022-07-23 16:37 - 2022-07-23 16:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2022-07-23 16:34 - 2022-07-23 16:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2022-07-23 16:33 - 2022-07-23 16:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2022-07-23 16:32 - 2022-07-23 17:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2022-07-23 16:32 - 2022-07-23 16:32 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2022-07-23 16:32 - 2022-07-23 16:32 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2022-07-23 16:32 - 2022-07-23 16:32 - 000000000 ___RD C:\Users\Administrator\3D Objects
2022-07-23 16:32 - 2022-07-23 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2022-07-23 16:32 - 2022-07-23 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2022-07-23 16:29 - 2022-07-23 16:38 - 000000000 ____D C:\Users\Administrator
2022-07-23 16:29 - 2022-07-23 16:29 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-23 16:29 - 2022-07-23 16:29 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-23 16:29 - 2022-07-23 16:29 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-23 16:29 - 2016-09-18 21:44 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2022-07-23 16:29 - 2016-09-18 21:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Pokki
2022-07-23 16:29 - 2016-09-18 21:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2022-07-23 16:29 - 2013-02-04 01:18 - 000000189 _____ C:\Users\Administrator\Desktop\Lenovo Telephony Start Now.url
2022-07-22 15:02 - 2022-07-22 16:07 - 000000000 ____D C:\Users\DeanZF1\SkyDrive
2022-07-22 13:10 - 2022-07-23 10:14 - 000000000 ___RD C:\Users\DeanZF1\OneDrive
2022-07-22 12:33 - 2022-07-22 12:38 - 000907892 _____ C:\WINDOWS\Minidump\072222-38265-01.dmp
2022-07-18 15:24 - 2022-07-23 17:40 - 000000000 ____D C:\FRST
2022-07-18 14:03 - 2022-07-18 14:03 - 000000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2022-07-18 14:02 - 2018-07-19 23:57 - 000420352 _____ C:\WINDOWS\system32\SaMinDrv.dll
2022-07-18 14:02 - 2018-07-19 23:57 - 000151040 _____ C:\WINDOWS\system32\SaImgFlt.dll
2022-07-18 14:02 - 2018-07-19 23:57 - 000068096 _____ C:\WINDOWS\system32\SaErHdlr.dll
2022-07-18 14:01 - 2022-03-23 01:51 - 000167712 _____ (SS) C:\WINDOWS\system32\xp3215ci.exe
2022-07-18 14:01 - 2022-03-23 01:51 - 000099240 _____ (SS) C:\WINDOWS\system32\xp3215ci.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-13 20:59 - 2022-07-13 20:59 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-13 20:59 - 2022-07-13 20:59 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-13 20:59 - 2022-07-13 20:59 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-13 20:58 - 2022-07-13 20:58 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-13 20:57 - 2022-07-13 20:57 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-13 20:13 - 2022-07-13 20:13 - 000000000 ___HD C:\$WinREAgent
2022-07-13 19:47 - 2022-07-13 19:47 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-12 14:51 - 2022-07-21 13:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-06-25 16:10 - 2022-06-25 16:09 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-06-25 13:58 - 2022-06-25 13:58 - 000000000 ____D C:\Users\DeanZF1\.ms-ad
2022-06-25 12:47 - 2022-06-25 12:47 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-25 12:46 - 2022-06-25 12:46 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-25 12:44 - 2022-06-25 12:44 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-23 17:38 - 2020-05-08 11:23 - 000000000 ___HD C:\OneDriveTemp
2022-07-23 17:15 - 2014-04-14 11:42 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-23 17:08 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-23 17:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-23 16:57 - 2018-07-18 17:01 - 000000000 ____D C:\ProgramData\Packages
2022-07-23 16:56 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-23 16:50 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-23 16:38 - 2022-02-28 11:12 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-23 16:37 - 2014-02-14 03:59 - 000001149 _____ C:\Users\Public\Desktop\Cyberlink Power2Go.lnk
2022-07-23 16:33 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-23 16:32 - 2014-03-05 16:04 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-07-23 16:29 - 2022-01-21 11:48 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\IGDump
2022-07-23 16:29 - 2015-08-07 00:30 - 000000000 __SHD C:\Users\DeanZF1\IntelGraphicsProfiles
2022-07-23 16:28 - 2021-03-16 01:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-23 16:28 - 2021-03-16 00:36 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-23 16:27 - 2019-12-07 04:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2022-07-23 16:26 - 2016-11-19 12:28 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\Mozilla
2022-07-23 16:22 - 2021-03-16 00:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-22 15:02 - 2021-03-16 00:46 - 000000000 ____D C:\Users\DeanZF1
2022-07-22 12:39 - 2021-03-23 18:50 - 000000000 ____D C:\WINDOWS\Minidump
2022-07-22 12:39 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-07-22 12:39 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-22 12:33 - 2019-10-07 22:06 - 691917578 _____ C:\WINDOWS\MEMORY.DMP
2022-07-21 14:11 - 2015-12-07 12:39 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\Temp
2022-07-21 13:56 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-21 13:18 - 2021-03-16 01:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2022-07-21 13:07 - 2021-03-16 01:16 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-19 16:22 - 2014-04-14 11:43 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-19 16:22 - 2014-04-14 11:43 - 000002302 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-19 14:53 - 2014-04-18 15:33 - 000000000 ____D C:\ProgramData\Nero
2022-07-19 11:18 - 2017-12-07 16:31 - 000000000 ____D C:\Users\DeanZF1\AppData\Local\Packages
2022-07-19 10:59 - 2014-03-10 00:03 - 000000000 ____D C:\ProgramData\InstallMate
2022-07-18 15:18 - 2018-07-12 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-07-18 14:05 - 2021-03-16 01:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Leader Technologies
2022-07-18 14:04 - 2016-04-09 19:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers
2022-07-18 14:04 - 2016-04-09 19:51 - 000000000 ____D C:\Program Files (x86)\Xerox
2022-07-18 14:03 - 2016-04-07 01:10 - 000000000 ____D C:\ProgramData\Xerox
2022-07-17 16:12 - 2014-10-27 14:38 - 000000000 ____D C:\Users\DeanZF1\AppData\Local\ElevatedDiagnostics
2022-07-16 12:59 - 2020-06-23 07:44 - 000002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-16 12:59 - 2020-06-23 07:44 - 000002318 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-14 08:56 - 2021-03-16 00:58 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-14 08:49 - 2021-03-16 00:36 - 000459320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-14 08:49 - 2016-09-24 14:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-07-14 08:49 - 2014-03-05 16:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-14 08:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-13 20:57 - 2021-03-16 00:40 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-13 20:05 - 2014-03-07 15:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-13 19:58 - 2014-03-07 15:50 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-12 14:51 - 2014-03-05 16:23 - 000001274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-06-25 16:11 - 2021-06-25 18:47 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-06-25 16:11 - 2020-08-21 12:00 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-06-25 16:11 - 2019-08-02 12:35 - 000002063 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-06-25 16:10 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-06-25 16:09 - 2019-08-02 12:35 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-25 16:08 - 2018-01-27 15:23 - 000000000 ____D C:\Program Files\Malwarebytes
2022-06-25 16:08 - 2014-03-16 20:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-06-25 13:49 - 2018-02-25 19:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-25 13:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by Administrator (23-07-2022 17:43:02)
Running from C:\Users\Administrator\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2021-03-16 06:17:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2910419722-4152969464-3579386052-500 - Administrator - Enabled) => C:\Users\Administrator
DeanZF1 (S-1-5-21-2910419722-4152969464-3579386052-1001 - Administrator - Enabled) => C:\Users\DeanZF1
DefaultAccount (S-1-5-21-2910419722-4152969464-3579386052-503 - Limited - Disabled)
Guest (S-1-5-21-2910419722-4152969464-3579386052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2910419722-4152969464-3579386052-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2910419722-4152969464-3579386052-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\{63B5DA5A-477B-438D-A6A0-118787A4C71B}) (Version: 24.0.0.180 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Amazon Kindle) (Version: 1.27.0.56109 - Amazon)
Band-in-a-Box Server (HKLM-x32\...\BBServer_is1) (Version:  - PG Music Inc.)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
CoyoteWT 1.1 (HKLM-x32\...\CoyoteWT_is1) (Version:  - Coyote Electronics Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{96714280-14E6-4DF7-BACD-F797C0F17C3D}) (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{89AFB053-A343-46EF-97E4-D593AD7184E6}) (Version: 1.28.487.1 - Intel Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version:  - LifeScan Inc)
magicJack (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Meter Drivers for OneTouch(R) Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan)
Microsoft Audio Enhancement Troubleshooter installer (HKLM\...\{6E0351FF-6A71-45C5-A041-D4D9D8067EAF}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2910419722-4152969464-3579386052-500\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version:  - )
PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG_DX_Plugins_is1) (Version:  - PG Music Inc.)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
RealTracks Shots and Holds 3 (HKLM-x32\...\BB_is1) (Version:  - PG Music Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
SetIP (HKLM-x32\...\Xerox_SetIP) (Version: 2.00.00.01 - Xerox Ltd.)
Skype version 8.86 (HKLM-x32\...\Skype_is1) (Version: 8.86 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.06.00 (5/12/2021) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.02(6/6/2021) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox OCR Software (HKLM-x32\...\Xerox OCR Software) (Version: 1.00.18 (4/14/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.10 (3/24/2022) - Xerox Corporation)
Zoom (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\ZoomUMX) (Version: 5.2.3 (45120.0906) - Zoom Video Communications, Inc.)

Packages:
=========
Camera Man -> C:\Program Files\WindowsApps\E0469640.CameraMan_1.0.1929.30229_x86__5grkq8ppsgwt4 [2022-07-23] (LENOVO INC)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.33.1.0_x64__6rarf9sa4v8jt [2022-07-23] (Disney)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2022-07-23] (eBay, Inc)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.40.9.0_x64__q4d96b2w5wcc2 [2022-07-23] (Evernote)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2022-07-23] (AMZN Mobile LLC)
Lenovo Support -> C:\Program Files\WindowsApps\E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8 [2022-07-23] (Lenovo, INC.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2206.16.0_x64__k1h2ywk1493x8 [2022-07-23] (LENOVO INC.)
Live TV -> C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716 [2022-07-23] (FilmOn TV Inc.)
McAfee® Central for Lenovo -> C:\Program Files\WindowsApps\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_5.0.173.1_x64__bq6yxensn79aw [2022-07-23] (McAfee_Inc)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-23] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2022-07-23] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2022-07-23] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2022-07-23] (Microsoft Corporation) [MS Ad]
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2022-07-23] (CYBERLINK COM CORPORATION)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-23] (Spotify AB) [Startup Task]
YouSendIt for Lenovo -> C:\Program Files\WindowsApps\YouSendIt.YouSendItForLenovo_1.0.5.1412_neutral__069rkrpjefrbc [2022-07-23] (YouSendIt)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2022-07-23] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-25] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.clmp3enc] => C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM [217088 2005-05-13] (CyberLink Corp.) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2014-09-11 10:05 - 2014-09-11 10:05 - 000036352 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 10:06 - 2014-09-11 10:06 - 000038912 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000032256 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000021504 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000027648 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000021504 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000381952 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000204800 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000218112 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 000015872 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000015360 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000307712 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000014848 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000252928 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
2014-09-11 10:06 - 2014-09-11 10:06 - 000878592 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2017-02-08 08:51 - 2017-02-08 08:51 - 004112384 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Core.dll
2014-09-11 09:56 - 2014-09-11 09:56 - 004350464 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Gui.dll
2014-09-11 09:54 - 2014-09-11 09:54 - 000850432 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Network.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 000203776 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Svg.dll
2014-09-11 10:00 - 2014-09-11 10:00 - 004372480 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Widgets.dll
2014-09-11 09:54 - 2014-09-11 09:54 - 000152064 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Xml.dll
2013-08-31 00:18 - 2013-08-31 00:18 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-08-31 00:18 - 2013-08-31 00:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2014-02-14 04:00 - 2014-02-14 04:00 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Lenovo\PowerDVD10\MSVCR71.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 023507968 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icudt52.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 001798656 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icuin52.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 001304064 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icuuc52.dll
2016-11-29 05:00 - 2016-11-29 05:00 - 001184256 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\LIBEAY32.dll
2016-11-29 05:00 - 2016-11-29 05:00 - 000254976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\ssleay32.dll
2017-08-04 05:25 - 2017-08-04 05:25 - 000130048 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\DeviceNavEthernetCore.dll
2017-08-04 05:29 - 2017-08-04 05:29 - 000032768 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\UIController.dll
2014-05-16 01:48 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Lenovo\Bluetooth Software\;C:\Program Files\Lenovo\Bluetooth Software\syswow64;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2910419722-4152969464-3579386052-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\StartupApproved\Run: => "cdloader"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EE6542DB-0674-4C4D-9EE8-3CB4F577C624}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{91730A7A-17FE-4B9E-A873-3DFDBC723FD8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{58ACF143-D724-466E-AF27-762F986AD2C1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{55C1243C-049A-4AC0-8751-80A794543BF1}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{5919411A-9B29-463E-8944-3483AC8D46E9}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [UDP Query User{9D1A61E4-727F-438D-BFDC-597092DC25FA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3BD5F064-C45D-4669-B97B-4D7CBD4BE9BB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{92D90A2D-D1F5-4BD9-9B44-2743B73E7342}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{02525CE2-4CC0-428A-963D-E97659836911}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{5E92661E-4867-42ED-8BCF-9842AEFD4921}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{1AB7BFA6-DE51-4AE9-9891-3431883A3228}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BCCD3AA9-83A1-42F4-A087-B596FEEA429C}] => (Allow) C:\BB\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [File not signed]
FirewallRules: [{474AB47D-634B-43E5-A272-7B7D9D68BB55}] => (Allow) C:\BB\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [File not signed]
FirewallRules: [UDP Query User{B5DBE26C-036E-4C9F-8EE4-A12D70434AD7}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{DB6FADE1-00C2-4B32-ABC2-25F85148E32A}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{EEA1A2C0-9150-4069-8C07-FD2C7DC04753}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F2C08020-E6A7-49FD-8BB1-DFA93FD4AF7D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B250C240-DAC7-46BC-BCE0-2CF86B1CA89A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{923B4769-353D-4825-A209-85BB949983C0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{1C2D0EEF-CB84-442A-82EF-E1BB4F2DDE92}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [TCP Query User{F1B953A7-3D93-4EE8-BC58-7080E2F49FD4}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [UDP Query User{5FC20A24-DA48-4821-8C4F-4FB3A4E74135}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{2B91BD1E-1601-423E-8DBA-D07702E434CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D75DA94-9C04-46C5-A867-22567893DF74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8AAAECA2-AA48-46BF-90AA-74624CC43BF6}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [TCP Query User{FCDB7B71-EAC9-48E8-98D2-556D9698A2FB}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{EA57FBE9-C280-42B3-B471-F82D565B0484}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC44FBFA-6555-446E-8D7D-3646B46D78CC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{7C388480-EF9C-40C6-8B57-68626252E2C2}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{06D98C0E-C757-44FA-B442-6A1427F25C04}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{431DB7EE-49B6-4526-AE5E-6D403F5A77BC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{75E0915D-A199-400D-854A-B48BC7FF6052}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{8E6670EB-CE9D-4A4A-B37D-033B6102A626}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{769A0369-326F-4A84-BBF1-B1DB643C4929}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{A2FC424D-0D71-4129-8E49-B5CE2F672DC0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97849000-BF39-4F46-8CEE-492D89789EEC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{6F5BEDD7-0264-4F9E-A731-FA751201B595}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{82D7A728-112A-4EED-A978-EBFB3F55968E}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{B7E6DE97-2A7C-40D0-B562-7FB71B575A38}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{4242F9E2-3731-4CFB-A81A-E5E474FFA59C}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{7D2AE3CE-1F10-4D11-8505-323B92C4BAA4}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{28033CA3-E6A5-47A9-A361-52F4E9EC19AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23117FD6-D306-4371-89A0-EBF63FB6BEAE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4324068-CAE0-4626-979D-E3C82C87DE6E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{99D0F8F2-EEDB-4927-97FD-CEA5A8F39C5E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BD18CA44-9D1E-4A8D-A231-EC6B280A6DAD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B70BA22F-F5A2-4180-A356-1E7952274CF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A2E6820B-2B40-43CA-B4B2-71B9D13B5EE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{54E70E12-CBF3-437D-B921-62BAE5C3F035}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5EC99619-EBA0-4A92-AE06-67DE5E4659A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{649938EB-4343-4239-92FF-7F0BC60F98A2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{41116142-95D8-4D65-A311-38E880903785}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B6D5C5FC-64B2-4349-AA63-6F87D103ADAD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AC478F49-C436-4DF4-98CA-5F6FD7AF7EB3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B1960774-B270-4F36-8535-A3BEF24A3434}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2DFB55E1-DFE6-47BE-941F-7C03C1857F2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

22-07-2022 14:54:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/23/2022 05:06:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DeanZF)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147024662

Error: (07/23/2022 04:57:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: biwinrt.dll, version: 10.0.19041.1566, time stamp: 0x77f34e41
Exception code: 0xc000027b
Fault offset: 0x00000000000053c5
Faulting process id: 0x1fd0
Faulting application start time: 0x01d89edf30c1e267
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: 17a9ad95-a50c-4801-b523-0e8177a776d1
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub

Error: (07/23/2022 04:34:59 PM) (Source: ESENT) (EventID: 522) (User: )
Description: StartMenuExperienceHost (10800,P,98) TILEREPOSITORYS-1-5-21-2910419722-4152969464-3579386052-500: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (07/21/2022 05:06:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on LENOVO (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/21/2022 05:06:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows8_OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/21/2022 02:26:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/21/2022 02:26:21 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/21/2022 02:26:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.


System errors:
=============
Error: (07/23/2022 04:28:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/23/2022 04:28:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error Code: 126

Error: (07/22/2022 03:04:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/22/2022 03:04:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error Code: 126

Error: (07/22/2022 03:02:51 PM) (Source: DCOM) (EventID: 10010) (User: DeanZF)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (07/22/2022 02:30:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/22/2022 02:30:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (07/22/2022 02:29:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
================
Date: 2022-07-23 17:18:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-23 11:44:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-23 08:44:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-22 16:05:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-22 15:46:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
�Event[0]:

Date: 2022-06-25 11:17:02
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.369.227.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19300.2
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-06-25 11:10:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.659.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-06-25 11:10:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.659.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-05-19 13:05:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.129.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2022-05-19 13:05:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.129.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2022-07-23 17:09:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-07-18 14:08:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-25 11:37:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 79CN46WW(V3.05) 12/23/2013
Motherboard: LENOVO INVALID
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 59%
Total physical RAM: 8104.27 MB
Available physical RAM: 3257.02 MB
Total Virtual: 10664.27 MB
Available Virtual: 5082.36 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.77 GB) (Free:345.81 GB) (Model: ST500LT012-1DG142) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.65 GB) (Model: ST500LT012-1DG142) NTFS
Drive e: (RED_REDO_RED_BOX_D1) (CDROM) (Total:4.13 GB) (Free:0 GB) UDF

\\?\Volume{6d7c4922-a9af-4d60-970c-ee5befe3a751}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.64 GB) NTFS
\\?\Volume{d6f0baf5-a3be-49d4-b1e9-9517d8b5287f}\ (PBR_DRV) (Fixed) (Total:11.66 GB) (Free:2.41 GB) NTFS
\\?\Volume{0c4ca7cc-6948-4bd8-adaa-034695a51669}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3AAC8861)

Partition: GPT.

==================== End of Addition.txt =======================
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 24, 2022, 07:44:55 AM
It seems that the issue with the double OneDrive/SkyDrive instances is account related.

What I would do: create another account with admin privileges, copy what I want from the Dean's account into the new one and then completely delete the Dean account. `

For now:

1. Files to sync


2. Uninstall McAfee app

Code (auto:0) Select
McAfee® Central for Lenovo

3. Create a new account with admin privileges

net user "Username" "password" /addnet localgroup administrators "Username" /add

I'll be waiting to hearing from you before I continue with a new set of instructions.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 24, 2022, 05:02:14 PM
1. Again, no Settings options in right click menu for OneDrive Personal.  However cloud icon was on taskbar, so got to settings that way and unticked specified boxes.

2.  There were no McAfee programs in the list to uninstall. No action.  But restarted anyway in case the OneDrive action also needed a restart.

3. Created new account as instructed.  CMD screen verified actions as successful.  However, when I restarted the computer, there was no option to use the new account.  As soon as the start up screen image appeared, the computer immediately began sign in to the built in Admin account. There was no chance to even click the image, which is how I usually bring up the sign in box.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 24, 2022, 05:15:16 PM
Sorry about McAfee.

Go to computer's Settings > Apps > McAfee® Central for Lenovo
Click on it and select Uninstall
Restart

You can't sign in to the new account, because the Administrator account has no password and it gets you in Windows directly.

Open an elevated command and type:
net user administrator *Type a password for the account
Restart and select the new account to sign in

As soon as you are signed in, go to OneDrive Settings, and do as you did before, by UNTICK the folders/files (not the Personal Vault) in the folder.

Give me a screenshot of the OneDrive folder after this.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 24, 2022, 05:32:39 PM
I do not understand how to do this:
QuoteOpen an elevated command and type:
Code Select
net user administrator *
Type a password for the account

Is this how to open an elevated command?
QuotePress Windows icon key on your keyboard, together with the letter R.
Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.

Am I replacing the * with the password? Or the account name?

I  am confused.  :(
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 24, 2022, 05:36:13 PM
Also confused about what account this is about. Am I adding a password to the built in Admin account?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 24, 2022, 05:36:35 PM
Hi and apologies for not giving you the specific information. 🙂

Yes, that is how we open an elevated command, and for a password, just replace the asterisk.

HOWEVER: Since we don't need the Administrator account anymore, it's good to just disable it. To do that:

Code (auto:0) Select
net user administrator /active:no

Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 24, 2022, 06:05:16 PM
Successful in signing into the new account this time.

One Drive folder has no settings options in right-click, and the folder is empty. (In fact, all folders are empty.)  I am being offered a sign in screen.   Should I sign into OneDrive?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 24, 2022, 06:08:11 PM
No.

Since you don't use it, not necessary to sign in. Just click Dismiss if Defender alerts you to set it up.

Well, now you set up the new account, you can transfer files/folders you need from the Dean account. When you are done, you can delete that account. What do you think about this?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 24, 2022, 06:12:16 PM
I think it would be great if I knew how to transfer the files. :)
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 24, 2022, 06:19:32 PM
By the old good way: copy and paste. 🙂

While you are signed in with the new account, go to C:\Users\DeanZF1

Navigate in to Documents, Pictures, Music, Videos, Downloads. Select what you need, and copy them. Not all at once of course.

Then go to C:\Users\NEW ACCOUNT

Navigate to the relevant folders and paste what you copied before. It is a good opportunity to make some tidiness on your laptop.

Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 24, 2022, 06:28:30 PM
OK.  That sounds simple enough.  It may be a long process of sorting.   Is there any harm if I don't delete the DeanZF1  acccount?
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 24, 2022, 06:34:12 PM
QuoteIs there any harm if I don't delete the DeanZF1  acccount?

I wouldn't say that. No harm. However, it contains items from Windows 8 installation and as you saw, it made things confusing enough to deal with, It's up to you, of course.

If you delete it, however, let me know, so I can give you correct instructions.

When you finish with the new account, let me also know, so I can give you instructions to remove the tools we used and create a new restore point.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 24, 2022, 06:53:38 PM
OK. I will think about it as I am sorting and moving files.  There are years of history there, but maybe it won't be as overwhelming to deal with as I imagine.   I hadn't anticipated that starting a fresh profile would be the answer to fixing the  tangled file paths, but it seems simple and logical now.

Many thanks for all your detective work, and especially for your patience with someone who is basically clueless to the inner workings of Windows.  At least I can follow directions (most of the time. ^_^ ) I will report back on my progress.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 24, 2022, 06:58:28 PM
Again, you are very welcome, and yes, you followed my instructions perfectly. And you can also thank Corrine, since she was watching the thread and suggested the creation of the new account. 🙂
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 24, 2022, 07:34:09 PM
Thankyou Corrine!
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: Corrine on July 24, 2022, 08:32:43 PM
You're welcome.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 30, 2022, 05:22:02 PM
So, have been sick all week and just starting the transfers and already have a couple issues.

When I search for the new account,  C:\users\Jax,   I get the old filepath
This PC > Windows8_OS (C:) > Users > Jax

I thought the point of of this was to get rid of the Windows8_OS file path, so this confuses me.

Before I proceed further, I wish to rename the new account Jake instead of Jax.  How do I rename the new account so it is actually renamed everywhere?  I tried it once from the control panel, and it it didn't rename the folder, only the signin page,  so I put it back for now.  If this is complicated, I'll just leave as is.






Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 31, 2022, 01:07:34 PM
Hi, PWG.

Sorry to hear that you have been ill. I hope you are better now.

QuoteWhen I search for the new account,  C:\users\Jax, I get the old filepath
This PC > Windows8_OS (C:) > Users > Jax

There is nothing wrong with the path. C: and Windows8_OS (C:) are the same thing. We never tried to change this. Instead, we tried to remove any linkage among your account and SkyDrive.

QuoteBefore I proceed further, I wish to rename the new account Jake instead of Jax.  How do I rename the new account so it is actually renamed everywhere?  I tried it once from the control panel, and it it didn't rename the folder, only the signin page,  so I put it back for now.  If this is complicated, I'll just leave as is.

You can't rename the folder in Users. You can leave it as is, and only you will see it anyway. However, if you want the folder name and the account name to be the same, you must create another account, do everything you did to transfer your files there and then remove the other account. Yes, it's complicated.


Title: Re: Lenovo laptop checkup and cleanup, please
Post by: pastywhitegurl on July 31, 2022, 04:15:52 PM
Ah, OK. Thank you.  I will leave all as is then, and check back in again when I have moved the files.  Thank you.    Sickness is on its way out now, so I should make some better progress soon.
Title: Re: Lenovo laptop checkup and cleanup, please
Post by: DR M on July 31, 2022, 04:18:28 PM
We will be here.

Get well soon.