There is no sharing tab in the Properties screen for SkyDrive.old.

Under the general tab > location is:
C:\Users\DeanZF1

Also DeanZF1 account may not have full administrator access. The account listed as DeanThomas is marked administrator, so that may be my problem.  I vaguely remember something about there being a problem with the first administrator account, so this was one created to get past that. I just assumed it was also an administrator account as I can add/remove programs.

Sorry..typo and no way to edit.

I meant to type

There is no location tab in the Properties screen for SkyDrive.old.

Thankyou so much for helping me and being so patient with my computer illiteracy.

QuoteScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2022
Ran by DeanZF1 (administrator) on DEANZF (LENOVO 20238) (18-07-2022 15:25:53)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Loaded Profiles: DeanZF1

The above from the FRST report in the first reply shows the FRST program running from a desktop connected to SkyDrive.  Wut?  How did that happen? I gave the browser instructions to download files to desktop, and the FRST files are sitting on the desktop I'm viewing.

I found a thread where this computer was fixed previously, and it has a normal desktop path for running the tool.  Somewhere in between, it appears something has gotten messed up.  No wonder all those file path questions were confusing both of us.

The former topic from 2015 is here: https://www.landzdown.com/index.php?topic=56110.0 
Maybe it has a clue to the mystery.  thats likely the last time any kind of maintenance was performed on Windows.

If none of this matters, and doesn't need to be fixed, that's ok.  The laptop is only being used as a backup computer currently.

QuoteWut?  How did that happen? I gave the browser instructions to download files to desktop, and the FRST files are sitting on the desktop I'm viewing.

:D  Yes, now you see that too. That is what we are trying to fix. We can ignore it, yes, but in the future it may cause issues having to do with syncing across your devices.

So, we have two instances of OneDrive. The one is old (SkyDrive related), the other one is new.

Let's see if we can fix the mess.

1. OneDrive folders

• Click on the OneDrive icon on the Taskbar, then on the little gear at the top, and choose Settings.
• Select the Account tab, and then Choose folders.
• UN-check everything (perhaps you can't un-check the Personal Vault, but give it a try)
• OK

2. Unlink this PC

• Click on the OneDrive icon on the Taskbar, then on the little gear at the top, and choose Settings.
• Select the Account tab, and then Unlink this PC.
• Follow the prompts and OK
• RESTART

3. FRST logs

Run the FRST tool and give me the two fresh logs to check, FRST and Addition.


In your next reply please post:

• If everything went fine with deselecting the OneDrive folders and un-linking the computer.
• The fresh FRST logs, FRST and Addition.

It would only let me uncheck the two folders that had nothing in them.  Files without folders, and Public.

I unsynced as instructed, but when the computer rebooted, OneDrive resynced all the files and the two folders boxes I unchecked were checked again.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2022
Ran by DeanZF1 (administrator) on DEANZF (LENOVO 20238) (20-07-2022 09:46:45)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Loaded Profiles: DeanZF1
Platform: Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(explorer.exe ->) (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(explorer.exe ->) (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(explorer.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\DeanZF1\AppData\Local\Microsoft\OneDrive\22.131.0619.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-02-14] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-02-14] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink -> CyberLink Corp.)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [cdloader] => C:\Users\DeanZF1\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [254840 2017-03-17] (TomTom International BV -> TomTom)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1986280 2017-08-04] (TomTom International BV -> TomTom)
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [121608064 2022-07-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [53160 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Windows x64\Print Processors\xp3215pp: C:\Windows\System32\spool\prtprocs\x64\xp3215pp.dll [128912 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-19] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\Lenovo\Bluetooth Software\\BtwCP.dll [2013-09-25] (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-09]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]
Startup: C:\Users\DeanZF1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-06-03]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B335E57-5CA6-400E-9075-227B8B0A7938} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0BF17E1C-6ED3-4995-8B6C-D123216FDC45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11182569-C275-4F85-A65E-73A77EABFD34} - System32\Tasks\{F67749E8-8910-4749-8654-589901F9E9E0} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {16D48D49-4318-4EC6-975D-E38C9E9241B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2285289D-95F4-4B34-A31B-2A2242B674B8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No File)
Task: {25F70752-345A-4BE9-BB13-C7B2664DB5BE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {396625AF-5F02-42D2-9E5D-1F545189AE9D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EF6C0D3-6B6A-4323-834D-228475987269} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321608 2016-12-07] (LENOVO -> Lenovo)
Task: {40510434-5EE9-4F17-A51C-F43AB8BAF9ED} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {570D9DD6-A390-4ED0-A305-3A8A637292D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {59EB335A-EFB2-4AED-BE78-109D310F42CC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5CE1AC92-D172-4A01-95A0-8E205CD4F846} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {60FF31F2-6BDF-494B-B6D3-F2465E7A56A5} - System32\Tasks\{EB055ABA-B477-419E-B301-D5160002C46D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {62F29E74-610D-4E16-9BE6-897CAF86F5F8} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {66B243CE-0B4F-49A0-B38F-6B0442FFAF38} - System32\Tasks\{735BFA4D-88DE-4476-BCC8-639ED5DF36CB} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {79FCD25F-85F3-4DF1-A031-0F807606A89F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7B5E1C21-2642-4C1E-8562-E93DBE5E2D58} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {7C2C995C-A1DE-40D6-86B2-808AF17614A9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B9052B5-16DC-4CD0-8CA5-32840CAC51C1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (No File)
Task: {8C280DB7-755A-4F46-A879-7786087DC54B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {990E8D26-BE9E-4AE2-931B-7CAE2C482074} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9AE17186-4E4E-456B-BC39-1FE20D2F5E89} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A07F9968-1390-4370-AFC9-ED04D09EA601} - System32\Tasks\Microsoft\Windows\Windows Defender\DefenderScan => windows defender (No File)
Task: {B222B5E9-E1AF-491D-8D31-09573FCF295A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B6791981-C306-4184-96BC-F5E59A1FE134} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10165384 2016-12-07] (LENOVO -> Lenovo)
Task: {C0A096B6-455F-4F74-9FA7-9D85632CD2E7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C648E924-E78E-45EA-8F2C-C31F0CD76550} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.)
Task: {C9C3A79F-F987-46B9-B15F-168D8A454FBF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264328 2016-12-07] (LENOVO -> )
Task: {CA4349A7-1B4F-4451-A2D4-F17A55CF38C5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F1ECE186-F1BB-49D6-AACC-AFD2ED74227E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F5E509F9-C7B9-4DE2-ADA2-E1E62246DCED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {F7E80B7B-B78C-4AA5-ACFB-A393B2F783D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAD46F43-8D90-41A4-9D99-FF7AFC400DB9} - System32\Tasks\{275FA3AB-A5B6-4FD6-A80B-6BB53A05DBFC} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.60.103/en/eula

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d74f6f9e-6879-4b40-9741-86a89841e757}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fc461f4f-5f4c-4a00-b5c6-65a89768f055}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\DeanZF1\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-21]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-13]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: pm6972xb.default-1444513948129
FF ProfilePath: C:\Users\DeanZF1\AppData\Roaming\TomTom\HOME\Profiles\atgo9qgp.default [2017-04-24]
FF ProfilePath: C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 [2022-07-20]
FF DownloadDir: C:\Users\DeanZF1\SkyDrive\Desktop
FF Homepage: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> hxxps://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129 -> hxxps://us-mg6.mail.yahoo.com; hxxp://us-mg6.mail.yahoo.com; hxxps://www.instagram.com
FF Extension: (Lazarus: Form Recovery) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\lazarus@interclue.com.xpi [2016-04-30] [Legacy]
FF Extension: (Textarea Cache) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\textarea-cache-lite@wildsky.cc.xpi [2022-07-12]
FF Extension: (uBlock Origin) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\uBlock0@raymondhill.net.xpi [2022-07-12]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-07-11]
FF Extension: (Eno® from Capital One®) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2022-07-19]
FF Extension: (Textarea Cache) - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\pm6972xb.default-1444513948129\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi [2016-03-20] [Legacy]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default [2021-06-22]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Docs) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-25]
CHR Extension: (Google Drive) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-01]
CHR Extension: (YouTube) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-17]
CHR Extension: (Google Search) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-17]
CHR Extension: (Adobe Acrobat) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-22]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-22]
CHR Extension: (Gmail) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\DeanZF1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-22]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273544 2016-12-07] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-13] (Malwarebytes Inc. -> Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-20] (Malwarebytes Inc. -> Malwarebytes)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [14224 2021-04-01] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-20 09:28 - 2022-07-20 09:28 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-20 09:27 - 2022-07-20 09:28 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-20 09:27 - 2022-07-20 09:27 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-18 15:24 - 2022-07-20 09:49 - 000000000 ____D C:\FRST
2022-07-18 14:03 - 2022-07-18 14:03 - 000000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2022-07-18 14:02 - 2018-07-19 23:57 - 000420352 _____ C:\WINDOWS\system32\SaMinDrv.dll
2022-07-18 14:02 - 2018-07-19 23:57 - 000151040 _____ C:\WINDOWS\system32\SaImgFlt.dll
2022-07-18 14:02 - 2018-07-19 23:57 - 000068096 _____ C:\WINDOWS\system32\SaErHdlr.dll
2022-07-18 14:01 - 2022-03-23 01:51 - 000167712 _____ (SS) C:\WINDOWS\system32\xp3215ci.exe
2022-07-18 14:01 - 2022-03-23 01:51 - 000099240 _____ (SS) C:\WINDOWS\system32\xp3215ci.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-13 20:59 - 2022-07-13 20:59 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-13 20:59 - 2022-07-13 20:59 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-13 20:59 - 2022-07-13 20:59 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-13 20:59 - 2022-07-13 20:59 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-13 20:58 - 2022-07-13 20:58 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-13 20:58 - 2022-07-13 20:58 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-13 20:58 - 2022-07-13 20:58 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-13 20:57 - 2022-07-13 20:57 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-13 20:57 - 2022-07-13 20:57 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-13 20:13 - 2022-07-13 20:13 - 000000000 ___HD C:\$WinREAgent
2022-07-13 19:47 - 2022-07-13 19:47 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-12 14:51 - 2022-07-12 14:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-06-25 16:10 - 2022-06-25 16:09 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-06-25 13:58 - 2022-06-25 13:58 - 000000000 ____D C:\Users\DeanZF1\.ms-ad
2022-06-25 12:47 - 2022-06-25 12:47 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-25 12:46 - 2022-06-25 12:46 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-25 12:44 - 2022-06-25 12:44 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-20 09:46 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-20 09:45 - 2014-03-08 13:43 - 000000000 ___RD C:\Users\DeanZF1\SkyDrive
2022-07-20 09:30 - 2014-04-14 11:42 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-20 09:28 - 2015-08-07 00:30 - 000000000 __SHD C:\Users\DeanZF1\IntelGraphicsProfiles
2022-07-20 09:27 - 2022-01-21 11:48 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\IGDump
2022-07-20 09:27 - 2017-09-21 16:36 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-07-20 09:26 - 2021-03-16 01:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-20 09:26 - 2021-03-16 00:36 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-20 09:25 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-20 09:25 - 2016-11-19 12:28 - 000000000 ____D C:\Users\DeanZF1\AppData\LocalLow\Mozilla
2022-07-20 09:21 - 2021-03-16 00:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-19 18:19 - 2022-02-28 11:12 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-19 16:22 - 2014-04-14 11:43 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-19 16:22 - 2014-04-14 11:43 - 000002302 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-19 14:53 - 2014-04-18 15:33 - 000000000 ____D C:\ProgramData\Nero
2022-07-19 11:53 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-19 11:53 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-19 11:18 - 2017-12-07 16:31 - 000000000 ____D C:\Users\DeanZF1\AppData\Local\Packages
2022-07-19 10:59 - 2014-03-10 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-07-19 10:59 - 2014-03-10 00:03 - 000000000 ____D C:\ProgramData\InstallMate
2022-07-18 15:18 - 2018-07-12 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-07-18 14:55 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-18 14:05 - 2021-03-16 01:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Leader Technologies
2022-07-18 14:04 - 2016-04-09 19:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers
2022-07-18 14:04 - 2016-04-09 19:51 - 000000000 ____D C:\Program Files (x86)\Xerox
2022-07-18 14:03 - 2016-04-07 01:10 - 000000000 ____D C:\ProgramData\Xerox
2022-07-17 16:12 - 2014-10-27 14:38 - 000000000 ____D C:\Users\DeanZF1\AppData\Local\ElevatedDiagnostics
2022-07-16 12:59 - 2020-06-23 07:44 - 000002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-16 12:59 - 2020-06-23 07:44 - 000002318 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-14 08:56 - 2021-03-16 00:58 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-14 08:49 - 2021-03-16 00:36 - 000459320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-14 08:49 - 2016-09-24 14:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-07-14 08:49 - 2014-03-05 16:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-14 08:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-14 08:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-13 21:07 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-13 20:57 - 2021-03-16 00:40 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-13 20:05 - 2014-03-07 15:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-13 19:58 - 2014-03-07 15:50 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-12 14:51 - 2014-03-05 16:23 - 000001274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-12 13:48 - 2021-12-19 10:04 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2910419722-4152969464-3579386052-1001
2022-07-12 13:48 - 2021-03-16 01:16 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2910419722-4152969464-3579386052-1001
2022-07-12 13:48 - 2021-03-16 00:46 - 000002437 _____ C:\Users\DeanZF1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-11 12:22 - 2014-03-05 17:00 - 000000000 ____D C:\Users\DeanZF1\AppData\Roaming\Nitro PDF
2022-06-25 20:56 - 2014-06-03 14:00 - 000000000 ____D C:\Users\DeanZF1\SkyDrive\Documents\OneNote Notebooks
2022-06-25 16:11 - 2021-06-25 18:47 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-06-25 16:11 - 2020-08-21 12:00 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-06-25 16:11 - 2019-08-02 12:35 - 000002063 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-06-25 16:10 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-06-25 16:09 - 2019-08-02 12:35 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-25 16:08 - 2018-01-27 15:23 - 000000000 ____D C:\Program Files\Malwarebytes
2022-06-25 16:08 - 2014-03-16 20:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-06-25 16:03 - 2021-03-16 00:46 - 000000000 ____D C:\Users\DeanZF1
2022-06-25 13:49 - 2018-02-25 19:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-25 13:33 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-25 13:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-25 11:22 - 2018-07-18 17:01 - 000000000 ____D C:\ProgramData\Packages
2022-06-25 10:47 - 2021-04-13 13:10 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71a29478c6d0b
2022-06-25 10:47 - 2021-03-16 01:16 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

==================== Files in the root of some directories ========

2014-03-10 01:20 - 2017-04-11 02:59 - 000001334 _____ () C:\Users\DeanZF1\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2020-03-15 12:51 - 2020-03-15 12:51 - 000000000 _____ () C:\Users\DeanZF1\AppData\Local\{E4FEAFCA-B66A-417D-BE04-B925AA117C0E}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2022
Ran by DeanZF1 (20-07-2022 09:54:30)
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2021-03-16 06:17:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2910419722-4152969464-3579386052-500 - Administrator - Disabled)
DeanZF1 (S-1-5-21-2910419722-4152969464-3579386052-1001 - Administrator - Enabled) => C:\Users\DeanZF1
DefaultAccount (S-1-5-21-2910419722-4152969464-3579386052-503 - Limited - Disabled)
Guest (S-1-5-21-2910419722-4152969464-3579386052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2910419722-4152969464-3579386052-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2910419722-4152969464-3579386052-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\{63B5DA5A-477B-438D-A6A0-118787A4C71B}) (Version: 24.0.0.180 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\Amazon Kindle) (Version: 1.27.0.56109 - Amazon)
Band-in-a-Box Server (HKLM-x32\...\BBServer_is1) (Version:  - PG Music Inc.)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
CoyoteWT 1.1 (HKLM-x32\...\CoyoteWT_is1) (Version:  - Coyote Electronics Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{96714280-14E6-4DF7-BACD-F797C0F17C3D}) (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{89AFB053-A343-46EF-97E4-D593AD7184E6}) (Version: 1.28.487.1 - Intel Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version:  - LifeScan Inc)
magicJack (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Meter Drivers for OneTouch(R) Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan)
Microsoft Audio Enhancement Troubleshooter installer (HKLM\...\{6E0351FF-6A71-45C5-A041-D4D9D8067EAF}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version:  - )
PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG_DX_Plugins_is1) (Version:  - PG Music Inc.)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
RealTracks Shots and Holds 3 (HKLM-x32\...\BB_is1) (Version:  - PG Music Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version:  - Microsoft) Hidden
SetIP (HKLM-x32\...\Xerox_SetIP) (Version: 2.00.00.01 - Xerox Ltd.)
Skype version 8.86 (HKLM-x32\...\Skype_is1) (Version: 8.86 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.06.00 (5/12/2021) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.02(6/6/2021) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox OCR Software (HKLM-x32\...\Xerox OCR Software) (Version: 1.00.18 (4/14/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.10 (3/24/2022) - Xerox Corporation)
Zoom (HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\ZoomUMX) (Version: 5.2.3 (45120.0906) - Zoom Video Communications, Inc.)

Packages:
=========
*Solitaire Collection -> C:\Program Files\WindowsApps\12291raymond.li.SolitaireCollection_1.1.21.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Camera Man -> C:\Program Files\WindowsApps\E0469640.CameraMan_1.0.1929.30229_x86__5grkq8ppsgwt4 [2015-03-07] (LENOVO INC)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-07-11] (Dolby Laboratories)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-03-07] (eBay, Inc)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.40.9.0_x64__q4d96b2w5wcc2 [2022-07-11] (Evernote)
Lenovo Support -> C:\Program Files\WindowsApps\E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8 [2015-03-07] (Lenovo, INC.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2206.16.0_x64__k1h2ywk1493x8 [2022-06-27] (LENOVO INC.)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-11] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-29] (Microsoft Corporation)
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2015-03-07] (CYBERLINK COM CORPORATION)
Solitaire Collection+ -> C:\Program Files\WindowsApps\12291raymond.li.5987855B3B0BC_1.1.16.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Spider Solitaire++ -> C:\Program Files\WindowsApps\12291raymond.li.31631ED225837_1.1.16.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
Sudoku2 -> C:\Program Files\WindowsApps\12291raymond.li.Sudoku2_1.1.21.0_x64__szs6zaftcmqhc [2022-02-28] (raymond.li)
YouSendIt for Lenovo -> C:\Program Files\WindowsApps\YouSendIt.YouSendItForLenovo_1.0.5.1412_neutral__069rkrpjefrbc [2015-03-07] (YouSendIt)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2015-03-07] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-25] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.clmp3enc] => C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM [217088 2005-05-13] (CyberLink Corp.) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2014-09-11 10:05 - 2014-09-11 10:05 - 000036352 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 10:06 - 2014-09-11 10:06 - 000038912 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000032256 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000021504 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000027648 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000021504 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000381952 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 10:05 - 2014-09-11 10:05 - 000204800 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000218112 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 000015872 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 10:14 - 2014-09-11 10:14 - 000015360 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000307712 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000014848 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 10:15 - 2014-09-11 10:15 - 000252928 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
2014-09-11 10:06 - 2014-09-11 10:06 - 000878592 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2017-02-08 08:51 - 2017-02-08 08:51 - 004112384 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Core.dll
2014-09-11 09:56 - 2014-09-11 09:56 - 004350464 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Gui.dll
2014-09-11 09:54 - 2014-09-11 09:54 - 000850432 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Network.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 000203776 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Svg.dll
2014-09-11 10:00 - 2014-09-11 10:00 - 004372480 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Widgets.dll
2014-09-11 09:54 - 2014-09-11 09:54 - 000152064 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Xml.dll
2013-08-31 00:18 - 2013-08-31 00:18 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-08-31 00:18 - 2013-08-31 00:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2014-02-14 04:00 - 2014-02-14 04:00 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Lenovo\PowerDVD10\MSVCR71.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 023507968 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icudt52.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 001798656 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icuin52.dll
2014-01-15 03:44 - 2014-01-15 03:44 - 001304064 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\MyDrive Connect\icuuc52.dll
2016-11-29 05:00 - 2016-11-29 05:00 - 001184256 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\LIBEAY32.dll
2016-11-29 05:00 - 2016-11-29 05:00 - 000254976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\ssleay32.dll
2017-08-04 05:25 - 2017-08-04 05:25 - 000130048 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\DeviceNavEthernetCore.dll
2017-08-04 05:29 - 2017-08-04 05:29 - 000032768 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\UIController.dll
2014-05-16 01:48 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-09 20:03 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> DefaultScope {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Lenovo\Bluetooth Software\;C:\Program Files\Lenovo\Bluetooth Software\syswow64;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\...\StartupApproved\Run: => "cdloader"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{81A494CA-2629-4B91-B1F2-FD7FCECA7C39}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{01FDF7FD-EA42-4FBF-82C3-ADA2D5D2C332}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{EE6542DB-0674-4C4D-9EE8-3CB4F577C624}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{91730A7A-17FE-4B9E-A873-3DFDBC723FD8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{58ACF143-D724-466E-AF27-762F986AD2C1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe () [File not signed]
FirewallRules: [{55C1243C-049A-4AC0-8751-80A794543BF1}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{5919411A-9B29-463E-8944-3483AC8D46E9}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [UDP Query User{9D1A61E4-727F-438D-BFDC-597092DC25FA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3BD5F064-C45D-4669-B97B-4D7CBD4BE9BB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{92D90A2D-D1F5-4BD9-9B44-2743B73E7342}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{02525CE2-4CC0-428A-963D-E97659836911}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{5E92661E-4867-42ED-8BCF-9842AEFD4921}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{1AB7BFA6-DE51-4AE9-9891-3431883A3228}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BCCD3AA9-83A1-42F4-A087-B596FEEA429C}] => (Allow) C:\BB\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [File not signed]
FirewallRules: [{474AB47D-634B-43E5-A272-7B7D9D68BB55}] => (Allow) C:\BB\BBHelper\BandinaBoxServer.exe (PG Music Inc.) [File not signed]
FirewallRules: [UDP Query User{B5DBE26C-036E-4C9F-8EE4-A12D70434AD7}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{DB6FADE1-00C2-4B32-ABC2-25F85148E32A}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{903E534C-971D-4785-A511-009E8EC6F5F2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{CDAD3E55-4C2E-4D39-B143-12566DC3F78C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{1CB0D526-1F52-40D9-B11A-288320DE71A4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{E6E55DE7-A7E5-48F2-80F7-0CB61C39C068}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{FD3906D1-8F2E-4B59-8C71-6D34C1B3B87D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{E8C88A37-2F37-4B2D-9285-8D96C0555737}] => (Allow) C:\Users\DeanZF1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{BDF2441A-FAAA-416A-8B4A-5D245DBFF2BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe => No File
FirewallRules: [{EEA1A2C0-9150-4069-8C07-FD2C7DC04753}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F2C08020-E6A7-49FD-8BB1-DFA93FD4AF7D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B250C240-DAC7-46BC-BCE0-2CF86B1CA89A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{923B4769-353D-4825-A209-85BB949983C0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{1C2D0EEF-CB84-442A-82EF-E1BB4F2DDE92}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{71E97009-9091-40D5-9036-04CB5EC3C461}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{B9EDD51E-BF0A-467B-A6C7-E8CF72809848}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{6D2434DF-813D-48B7-A992-7EBC974FA7CE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{C45F6DA0-B877-460B-8E09-8A310996B30E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [TCP Query User{F1B953A7-3D93-4EE8-BC58-7080E2F49FD4}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [UDP Query User{5FC20A24-DA48-4821-8C4F-4FB3A4E74135}C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\deanzf1\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{2B91BD1E-1601-423E-8DBA-D07702E434CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D75DA94-9C04-46C5-A867-22567893DF74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8AAAECA2-AA48-46BF-90AA-74624CC43BF6}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [TCP Query User{FCDB7B71-EAC9-48E8-98D2-556D9698A2FB}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{EA57FBE9-C280-42B3-B471-F82D565B0484}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC44FBFA-6555-446E-8D7D-3646B46D78CC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{7C388480-EF9C-40C6-8B57-68626252E2C2}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{06D98C0E-C757-44FA-B442-6A1427F25C04}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{431DB7EE-49B6-4526-AE5E-6D403F5A77BC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{75E0915D-A199-400D-854A-B48BC7FF6052}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{8E6670EB-CE9D-4A4A-B37D-033B6102A626}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{769A0369-326F-4A84-BBF1-B1DB643C4929}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{A2FC424D-0D71-4129-8E49-B5CE2F672DC0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97849000-BF39-4F46-8CEE-492D89789EEC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{6F5BEDD7-0264-4F9E-A731-FA751201B595}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{82D7A728-112A-4EED-A978-EBFB3F55968E}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{B7E6DE97-2A7C-40D0-B562-7FB71B575A38}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{4242F9E2-3731-4CFB-A81A-E5E474FFA59C}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{7D2AE3CE-1F10-4D11-8505-323B92C4BAA4}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{28033CA3-E6A5-47A9-A361-52F4E9EC19AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23117FD6-D306-4371-89A0-EBF63FB6BEAE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4324068-CAE0-4626-979D-E3C82C87DE6E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{99D0F8F2-EEDB-4927-97FD-CEA5A8F39C5E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BD18CA44-9D1E-4A8D-A231-EC6B280A6DAD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B70BA22F-F5A2-4180-A356-1E7952274CF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A2E6820B-2B40-43CA-B4B2-71B9D13B5EE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-07-2022 20:11:31 Windows Modules Installer
18-07-2022 13:43:07 Windows Defender Checkpoint
19-07-2022 14:50:43 Removed Nero BurnLite 10.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/19/2022 02:55:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/19/2022 02:55:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/19/2022 02:55:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/19/2022 02:55:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/14/2022 08:48:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/14/2022 08:48:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/13/2022 09:39:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on LENOVO (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/13/2022 09:39:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows8_OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (07/20/2022 09:27:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/20/2022 09:27:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (07/20/2022 09:26:45 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error Code: 126

Error: (07/20/2022 09:26:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/19/2022 06:13:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.371.444.0).

Error: (07/19/2022 02:57:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/19/2022 02:57:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (07/19/2022 02:56:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
================
Date: 2022-07-19 16:20:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-19 15:11:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-19 14:41:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-18 13:39:15
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/PiriformBundler&threatid=311950&enterprise=0
Name: PUABundler:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; containerfile:_C:\Users\DeanZF1\Downloads\ccsetup551.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe->(nsis-instdata); file:_C:\Users\DeanZF1\Downloads\ccsetup551.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup551.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.371.334.0, AS: 1.371.334.0, NIS: 1.371.334.0
Engine Version: AM: 1.1.19400.3, NIS: 1.1.19400.3

Date: 2022-07-18 13:39:13
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/PiriformBundler&threatid=311950&enterprise=0
Name: PUABundler:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe; file:_C:\Users\DeanZF1\Downloads\ccsetup527.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.371.334.0, AS: 1.371.334.0, NIS: 1.371.334.0
Engine Version: AM: 1.1.19400.3, NIS: 1.1.19400.3
�Event

• :

Date: 2022-06-25 11:17:02
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.369.227.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19300.2
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-06-25 11:10:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.659.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-06-25 11:10:56
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.659.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-05-19 13:05:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.129.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

Date: 2022-05-19 13:05:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.129.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.

CodeIntegrity:
===============
Date: 2022-07-19 15:07:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-07-18 14:08:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-25 11:37:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-24 17:36:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 79CN46WW(V3.05) 12/23/2013
Motherboard: LENOVO INVALID
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 8104.27 MB
Available physical RAM: 4309.35 MB
Total Virtual: 10664.27 MB
Available Virtual: 6917.13 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.77 GB) (Free:330.83 GB) (Model: ST500LT012-1DG142) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.65 GB) (Model: ST500LT012-1DG142) NTFS
Drive e: (RED_REDO_RED_BOX_D1) (CDROM) (Total:4.13 GB) (Free:0 GB) UDF

\\?\Volume{6d7c4922-a9af-4d60-970c-ee5befe3a751}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.64 GB) NTFS
\\?\Volume{d6f0baf5-a3be-49d4-b1e9-9517d8b5287f}\ (PBR_DRV) (Fixed) (Total:11.66 GB) (Free:2.41 GB) NTFS
\\?\Volume{0c4ca7cc-6948-4bd8-adaa-034695a51669}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3AAC8861)

Partition: GPT.

==================== End of Addition.txt =======================

Hi, PWG.

I didn't find time to review your reply. I'll be back to you tomorrow.

Thanks. :)

Hi, PWG.

Let's run an FRST fix. At the same time, I will be asking you to do some things regarding the SkyDrive/OneDrive issue.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
Task: {0B335E57-5CA6-400E-9075-227B8B0A7938} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0BF17E1C-6ED3-4995-8B6C-D123216FDC45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {16D48D49-4318-4EC6-975D-E38C9E9241B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2285289D-95F4-4B34-A31B-2A2242B674B8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No File)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {396625AF-5F02-42D2-9E5D-1F545189AE9D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {40510434-5EE9-4F17-A51C-F43AB8BAF9ED} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {59EB335A-EFB2-4AED-BE78-109D310F42CC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7C2C995C-A1DE-40D6-86B2-808AF17614A9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B9052B5-16DC-4CD0-8CA5-32840CAC51C1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (No File)
Task: {990E8D26-BE9E-4AE2-931B-7CAE2C482074} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9AE17186-4E4E-456B-BC39-1FE20D2F5E89} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A07F9968-1390-4370-AFC9-ED04D09EA601} - System32\Tasks\Microsoft\Windows\Windows Defender\DefenderScan => windows defender (No File)
Task: {B222B5E9-E1AF-491D-8D31-09573FCF295A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CA4349A7-1B4F-4451-A2D4-F17A55CF38C5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {7B5E1C21-2642-4C1E-8562-E93DBE5E2D58} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F1ECE186-F1BB-49D6-AACC-AFD2ED74227E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
2022-07-19 10:59 - 2014-03-10 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-07-11 12:22 - 2014-03-05 17:00 - 000000000 ____D C:\Users\DeanZF1\AppData\Roaming\Nitro PDF
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> DefaultScope {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FirewallRules: [{81A494CA-2629-4B91-B1F2-FD7FCECA7C39}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{01FDF7FD-EA42-4FBF-82C3-ADA2D5D2C332}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{903E534C-971D-4785-A511-009E8EC6F5F2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{CDAD3E55-4C2E-4D39-B143-12566DC3F78C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{1CB0D526-1F52-40D9-B11A-288320DE71A4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{E6E55DE7-A7E5-48F2-80F7-0CB61C39C068}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{FD3906D1-8F2E-4B59-8C71-6D34C1B3B87D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{E8C88A37-2F37-4B2D-9285-8D96C0555737}] => (Allow) C:\Users\DeanZF1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{BDF2441A-FAAA-416A-8B4A-5D245DBFF2BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe => No File
FirewallRules: [{71E97009-9091-40D5-9036-04CB5EC3C461}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{B9EDD51E-BF0A-467B-A6C7-E8CF72809848}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{6D2434DF-813D-48B7-A992-7EBC974FA7CE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{C45F6DA0-B877-460B-8E09-8A310996B30E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::


• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  
• Press the Fix button once and wait.
  
• FRST will process fixlist.txt
  
• When finished, it will produce a log fixlog.txt on your Desktop.
  
• Post the log in your next reply.
  

2. Question

You said:

QuoteSky drive does come up in the search under Desktop, but clicking the result takes me to the One Drive (personal) folder.

Can you tell me to which OneDrive folder does it take you? The one with the recently modified folders or the other?

The File Explorer Desktop search is not bringing up any SkyDrive results now.

But if I put C:\Users\DeanZF1\SkyDrive\Desktop  in the windows search box, the file path that comes up is:
This PC >Windows8_OS (C:)>  Users > DeanZF1> OneDrive (Personal)> Desktop.

The files in there are current.


Fix result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by DeanZF1 (21-07-2022 13:17:19) Run:1
Running from C:\Users\DeanZF1\SkyDrive\Desktop
Loaded Profiles: DeanZF1
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Task: {0B335E57-5CA6-400E-9075-227B8B0A7938} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0BF17E1C-6ED3-4995-8B6C-D123216FDC45} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {16D48D49-4318-4EC6-975D-E38C9E9241B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2285289D-95F4-4B34-A31B-2A2242B674B8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No File)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {396625AF-5F02-42D2-9E5D-1F545189AE9D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {40510434-5EE9-4F17-A51C-F43AB8BAF9ED} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {59EB335A-EFB2-4AED-BE78-109D310F42CC} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7C2C995C-A1DE-40D6-86B2-808AF17614A9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B9052B5-16DC-4CD0-8CA5-32840CAC51C1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (No File)
Task: {990E8D26-BE9E-4AE2-931B-7CAE2C482074} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9AE17186-4E4E-456B-BC39-1FE20D2F5E89} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A07F9968-1390-4370-AFC9-ED04D09EA601} - System32\Tasks\Microsoft\Windows\Windows Defender\DefenderScan => windows defender (No File)
Task: {B222B5E9-E1AF-491D-8D31-09573FCF295A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CA4349A7-1B4F-4451-A2D4-F17A55CF38C5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {7B5E1C21-2642-4C1E-8562-E93DBE5E2D58} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F1ECE186-F1BB-49D6-AACC-AFD2ED74227E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
2022-07-19 10:59 - 2014-03-10 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-07-11 12:22 - 2014-03-05 17:00 - 000000000 ____D C:\Users\DeanZF1\AppData\Roaming\Nitro PDF
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> DefaultScope {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
SearchScopes: HKU\S-1-5-21-2910419722-4152969464-3579386052-1001 -> {5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FirewallRules: [{81A494CA-2629-4B91-B1F2-FD7FCECA7C39}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{01FDF7FD-EA42-4FBF-82C3-ADA2D5D2C332}] => (Allow) C:\Users\DeanZF1\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{903E534C-971D-4785-A511-009E8EC6F5F2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{CDAD3E55-4C2E-4D39-B143-12566DC3F78C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{1CB0D526-1F52-40D9-B11A-288320DE71A4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{E6E55DE7-A7E5-48F2-80F7-0CB61C39C068}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{FD3906D1-8F2E-4B59-8C71-6D34C1B3B87D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{E8C88A37-2F37-4B2D-9285-8D96C0555737}] => (Allow) C:\Users\DeanZF1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{BDF2441A-FAAA-416A-8B4A-5D245DBFF2BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe => No File
FirewallRules: [{71E97009-9091-40D5-9036-04CB5EC3C461}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{B9EDD51E-BF0A-467B-A6C7-E8CF72809848}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{6D2434DF-813D-48B7-A992-7EBC974FA7CE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{C45F6DA0-B877-460B-8E09-8A310996B30E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B335E57-5CA6-400E-9075-227B8B0A7938}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B335E57-5CA6-400E-9075-227B8B0A7938}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BF17E1C-6ED3-4995-8B6C-D123216FDC45}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BF17E1C-6ED3-4995-8B6C-D123216FDC45}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16D48D49-4318-4EC6-975D-E38C9E9241B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16D48D49-4318-4EC6-975D-E38C9E9241B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2285289D-95F4-4B34-A31B-2A2242B674B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2285289D-95F4-4B34-A31B-2A2242B674B8}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{396625AF-5F02-42D2-9E5D-1F545189AE9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{396625AF-5F02-42D2-9E5D-1F545189AE9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40510434-5EE9-4F17-A51C-F43AB8BAF9ED}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40510434-5EE9-4F17-A51C-F43AB8BAF9ED}" => removed successfully
C:\WINDOWS\System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent E7CF176E110C211B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59EB335A-EFB2-4AED-BE78-109D310F42CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59EB335A-EFB2-4AED-BE78-109D310F42CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{602FD75D-1D0D-4CE4-AA19-A69C5C5FE95C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C2C995C-A1DE-40D6-86B2-808AF17614A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C2C995C-A1DE-40D6-86B2-808AF17614A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B9052B5-16DC-4CD0-8CA5-32840CAC51C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B9052B5-16DC-4CD0-8CA5-32840CAC51C1}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64 35" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{990E8D26-BE9E-4AE2-931B-7CAE2C482074}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{990E8D26-BE9E-4AE2-931B-7CAE2C482074}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AE17186-4E4E-456B-BC39-1FE20D2F5E89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AE17186-4E4E-456B-BC39-1FE20D2F5E89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A07F9968-1390-4370-AFC9-ED04D09EA601}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A07F9968-1390-4370-AFC9-ED04D09EA601}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\DefenderScan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\DefenderScan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B222B5E9-E1AF-491D-8D31-09573FCF295A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B222B5E9-E1AF-491D-8D31-09573FCF295A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA4349A7-1B4F-4451-A2D4-F17A55CF38C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4349A7-1B4F-4451-A2D4-F17A55CF38C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B5E1C21-2642-4C1E-8562-E93DBE5E2D58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B5E1C21-2642-4C1E-8562-E93DBE5E2D58}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1473CE4-7D78-46C8-ABFB-842BE8CC8D9F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1ECE186-F1BB-49D6-AACC-AFD2ED74227E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1ECE186-F1BB-49D6-AACC-AFD2ED74227E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol => moved successfully
C:\Users\DeanZF1\AppData\Roaming\Nitro PDF => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2910419722-4152969464-3579386052-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A9DBC8F-E6C1-4D48-A1C0-48AD1453A7D2} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81A494CA-2629-4B91-B1F2-FD7FCECA7C39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01FDF7FD-EA42-4FBF-82C3-ADA2D5D2C332}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{903E534C-971D-4785-A511-009E8EC6F5F2}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CDAD3E55-4C2E-4D39-B143-12566DC3F78C}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1CB0D526-1F52-40D9-B11A-288320DE71A4}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6E55DE7-A7E5-48F2-80F7-0CB61C39C068}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD3906D1-8F2E-4B59-8C71-6D34C1B3B87D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8C88A37-2F37-4B2D-9285-8D96C0555737}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDF2441A-FAAA-416A-8B4A-5D245DBFF2BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71E97009-9091-40D5-9036-04CB5EC3C461}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9EDD51E-BF0A-467B-A6C7-E8CF72809848}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D2434DF-813D-48B7-A992-7EBC974FA7CE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C45F6DA0-B877-460B-8E09-8A310996B30E}" => removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19044.1826


[==                         3.8%                           ]

[==                         3.8%                           ]

[==                         3.8%                           ]

[==                         3.9%                           ]

[==                         4.0%                           ]

[==                         4.0%                           ]

[==                         4.1%                           ]

[==                         4.2%                           ]

[==                         4.4%                           ]

[==                         4.5%                           ]

[==                         4.6%                           ]

[==                         4.7%                           ]

[==                         4.8%                           ]

[==                         4.9%                           ]

[==                         5.0%                           ]

[==                         5.1%                           ]

[==                         5.1%                           ]

[===                        5.2%                           ]

[===                        5.3%                           ]

[===                        5.4%                           ]

[===                        5.4%                           ]

[===                        5.5%                           ]

[===                        5.6%                           ]

[===                        5.7%                           ]

[===                        5.7%                           ]

[===                        5.9%                           ]

[===                        6.0%                           ]

[===                        6.1%                           ]

[===                        6.3%                           ]

[===                        6.3%                           ]

[===                        6.6%                           ]

[===                        6.8%                           ]

[====                       6.9%                           ]

[====                       7.1%                           ]

[====                       7.2%                           ]

[====                       7.2%                           ]

[====                       7.3%                           ]

[====                       7.5%                           ]

[====                       7.5%                           ]

[====                       7.7%                           ]

[====                       7.8%                           ]

[====                       7.8%                           ]

[====                       8.0%                           ]

[====                       8.2%                           ]

[====                       8.3%                           ]

[====                       8.5%                           ]

[=====                      8.7%                           ]

[=====                      8.8%                           ]

[=====                      9.1%                           ]

[=====                      9.3%                           ]

[=====                      9.4%                           ]

[=====                      9.5%                           ]

[=====                      9.7%                           ]

[=====                      9.9%                           ]

[=====                      10.0%                          ]

[=====                      10.0%                          ]

[=====                      10.1%                          ]

[=====                      10.2%                          ]

[=====                      10.3%                          ]

[======                     10.6%                          ]

[======                     10.7%                          ]

[======                     10.9%                          ]

[======                     11.0%                          ]

[======                     11.2%                          ]

[======                     11.3%                          ]

[======                     11.4%                          ]

[======                     11.6%                          ]

[======                     11.7%                          ]

[======                     11.8%                          ]

[======                     11.9%                          ]

[======                     12.0%                          ]

[=======                    12.2%                          ]

[=======                    12.2%                          ]

[=======                    12.3%                          ]

[=======                    12.5%                          ]

[=======                    12.6%                          ]

[=======                    12.8%                          ]

[=======                    13.0%                          ]

[=======                    13.1%                          ]

[=======                    13.2%                          ]

[=======                    13.3%                          ]

[=======                    13.5%                          ]

[=======                    13.5%                          ]

[=======                    13.7%                          ]

[========                   14.0%                          ]

[========                   14.1%                          ]

[========                   14.1%                          ]

[========                   14.4%                          ]

[========                   14.4%                          ]

[========                   14.6%                          ]

[========                   14.6%                          ]

[========                   14.8%                          ]

[========                   14.9%                          ]

[========                   15.0%                          ]

[========                   15.1%                          ]

[========                   15.2%                          ]

[========                   15.4%                          ]

[=========                  15.6%                          ]

[=========                  15.8%                          ]

[=========                  16.4%                          ]

[=========                  16.8%                          ]

[==========                 17.4%                          ]

[==========                 17.7%                          ]

[==========                 18.0%                          ]

[==========                 18.2%                          ]

[==========                 18.4%                          ]

[==========                 18.7%                          ]

[==========                 18.9%                          ]

[==========                 18.9%                          ]

[===========                19.1%                          ]

[===========                19.2%                          ]

[===========                19.2%                          ]

[===========                19.5%                          ]

[===========                19.8%                          ]

[===========                19.9%                          ]

[===========                20.2%                          ]

[===========                20.5%                          ]

[============               20.8%                          ]

[============               21.0%                          ]

[============               21.1%                          ]

[============               21.4%                          ]

[============               21.7%                          ]

[============               22.0%                          ]

[============               22.3%                          ]

[=============              22.4%                          ]

[=============              22.6%                          ]

[=============              22.7%                          ]

[=============              22.8%                          ]

[=============              23.1%                          ]

[=============              23.3%                          ]

[=============              23.4%                          ]

[=============              23.5%                          ]

[=============              23.5%                          ]

[=============              23.8%                          ]

[=============              23.9%                          ]

[=============              24.1%                          ]

[==============             24.3%                          ]

[==============             24.4%                          ]

[==============             24.5%                          ]

[==============             24.7%                          ]

[==============             24.8%                          ]

[==============             24.8%                          ]

[==============             24.8%                          ]

[==============             24.9%                          ]

[==============             24.9%                          ]

[==============             25.0%                          ]

[==============             25.0%                          ]

[==============             25.1%                          ]

[==============             25.3%                          ]

[==============             25.4%                          ]

[==============             25.5%                          ]

[==============             25.6%                          ]

[==============             25.7%                          ]

[===============            25.9%                          ]

[===============            26.0%                          ]

[===============            26.3%                          ]

[===============            26.4%                          ]

[===============            26.6%                          ]

[===============            26.7%                          ]

[===============            26.9%                          ]

[===============            27.1%                          ]

[===============            27.2%                          ]

[===============            27.4%                          ]

[===============            27.5%                          ]

[===============            27.5%                          ]

[================           27.6%                          ]

[================           27.8%                          ]

[================           27.9%                          ]

[================           28.1%                          ]

[================           28.2%                          ]

[================           28.3%                          ]

[================           28.5%                          ]

[================           28.5%                          ]

[================           28.5%                          ]

[================           28.6%                          ]

[================           28.8%                          ]

[================           29.1%                          ]

[================           29.2%                          ]

[=================          29.4%                          ]

[=================          29.6%                          ]

[=================          29.7%                          ]

[=================          29.7%                          ]

[=================          30.0%                          ]

[=================          30.3%                          ]

[=================          30.3%                          ]

[=================          30.4%                          ]

[=================          30.5%                          ]

[=================          30.6%                          ]

[=================          30.6%                          ]

[=================          30.9%                          ]

[=================          31.0%                          ]

[==================         31.1%                          ]

[==================         31.2%                          ]

[==================         31.2%                          ]

[==================         31.3%                          ]

[==================         31.4%                          ]

[==================         31.5%                          ]

[==================         31.5%                          ]

[==================         31.6%                          ]

[==================         31.7%                          ]

[==================         31.8%                          ]

[==================         31.9%                          ]

[==================         32.2%                          ]

[==================         32.2%                          ]

[==================         32.4%                          ]

[==================         32.4%                          ]

[==================         32.5%                          ]

[==================         32.7%                          ]

[===================        32.8%                          ]

[===================        32.9%                          ]

[===================        33.0%                          ]

[===================        33.1%                          ]

[===================        33.2%                          ]

[===================        33.4%                          ]

[===================        33.5%                          ]

[===================        33.6%                          ]

[===================        33.8%                          ]

[===================        33.9%                          ]

[===================        34.2%                          ]

[===================        34.3%                          ]

[===================        34.3%                          ]

[===================        34.3%                          ]

[===================        34.4%                          ]

[====================       34.5%                          ]

[====================       34.5%                          ]

[====================       34.6%                          ]

[====================       34.6%                          ]

[====================       34.7%                          ]

[====================       34.8%                          ]

[====================       35.0%                          ]

[====================       35.1%                          ]

[====================       35.5%                          ]

[====================       35.6%                          ]

[====================       35.7%                          ]

[====================       35.7%                          ]

[====================       35.8%                          ]

[====================       35.8%                          ]

[====================       35.8%                          ]

[====================       35.8%                          ]

[====================       35.8%                          ]

[====================       35.9%                          ]

[====================       36.0%                          ]

[====================       36.1%                          ]

[====================       36.1%                          ]

[====================       36.2%                          ]

[====================       36.2%                          ]

[=====================      36.2%                          ]

[=====================      36.3%                          ]

[=====================      36.3%                          ]

[=====================      36.3%                          ]

[=====================      36.4%                          ]

[=====================      36.4%                          ]

[=====================      36.4%                          ]

[=====================      36.5%                          ]

[=====================      36.5%                          ]

[=====================      36.5%                          ]

[=====================      36.6%                          ]

[=====================      36.7%                          ]

[=====================      36.7%                          ]

[=====================      36.7%                          ]

[=====================      36.8%                          ]

[=====================      36.8%                          ]

[=====================      36.8%                          ]

[=====================      36.8%                          ]

[=====================      36.8%                          ]

[=====================      36.9%                          ]

[=====================      37.0%                          ]

[=====================      37.0%                          ]

[=====================      37.0%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.1%                          ]

[=====================      37.2%                          ]

[=====================      37.3%                          ]

[=====================      37.3%                          ]

[=====================      37.3%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.4%                          ]

[=====================      37.5%                          ]

[=====================      37.6%                          ]

[=====================      37.6%                          ]

[=====================      37.6%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.8%                          ]

[=====================      37.9%                          ]

[=====================      37.9%                          ]

[=====================      37.9%                          ]

[======================     38.0%                          ]

[======================     38.0%                          ]

[======================     38.0%                          ]

[======================     38.1%                          ]

[======================     38.2%                          ]

[======================     38.3%                          ]

[======================     38.3%                          ]

[======================     38.4%                          ]

[======================     38.5%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.8%                          ]

[======================     38.8%                          ]

[======================     38.8%                          ]

[======================     38.9%                          ]

[======================     38.9%                          ]

[======================     39.2%                          ]

[======================     39.2%                          ]

[======================     39.2%                          ]

[======================     39.3%                          ]

[======================     39.4%                          ]

[======================     39.5%                          ]

[======================     39.5%                          ]

[======================     39.6%                          ]

[======================     39.6%                          ]

[=======================    39.7%                          ]

[=======================    39.8%                          ]

[=======================    39.8%                          ]

[=======================    39.8%                          ]

[=======================    39.9%                          ]

[=======================    39.9%                          ]

[=======================    40.0%                          ]

[=======================    40.1%                          ]

[=======================    40.2%                          ]

[=======================    40.3%                          ]

[=======================    40.5%                          ]

[=======================    40.6%                          ]

[=======================    40.6%                          ]

[=======================    40.7%                          ]

[=======================    40.7%                          ]

[=======================    40.8%                          ]

[=======================    40.9%                          ]

[=======================    40.9%                          ]

[=======================    41.0%                          ]

[=======================    41.1%                          ]

[=======================    41.1%                          ]

[=======================    41.3%                          ]

[=======================    41.4%                          ]

[========================   41.4%                          ]

[========================   41.5%                          ]

[========================   41.7%                          ]

[========================   41.7%                          ]

[========================   41.9%                          ]

[========================   42.0%                          ]

[========================   42.1%                          ]

[========================   42.3%                          ]

[========================   42.4%                          ]

[========================   42.6%                          ]

[========================   42.6%                          ]

[========================   42.7%                          ]

[========================   42.9%                          ]

[========================   42.9%                          ]

[========================   43.1%                          ]

[=========================  43.2%                          ]

[=========================  43.3%                          ]

[=========================  43.5%                          ]

[=========================  43.7%                          ]

[=========================  43.8%                          ]

[=========================  43.8%                          ]

[=========================  43.9%                          ]

[=========================  44.0%                          ]

[=========================  44.1%                          ]

[=========================  44.2%                          ]

[=========================  44.3%                          ]

[=========================  44.4%                          ]

[=========================  44.4%                          ]

[=========================  44.5%                          ]

[=========================  44.8%                          ]

[========================== 44.8%                          ]

[========================== 45.1%                          ]

[========================== 45.1%                          ]

[========================== 45.3%                          ]

[========================== 45.4%                          ]

[========================== 45.7%                          ]

[========================== 45.8%                          ]

[========================== 46.0%                          ]

[========================== 46.1%                          ]

[========================== 46.2%                          ]

[========================== 46.3%                          ]

[========================== 46.3%                          ]

[========================== 46.3%                          ]

[========================== 46.3%                          ]

[========================== 46.4%                          ]

[========================== 46.5%                          ]

[===========================46.6%                          ]

[===========================46.8%                          ]

[===========================46.9%                          ]

[===========================47.1%                          ]

[===========================47.2%                          ]

[===========================47.5%                          ]

[===========================47.5%                          ]

[===========================47.7%                          ]

[===========================47.8%                          ]

[===========================47.8%                          ]

[===========================47.9%                          ]

[===========================48.2%                          ]

[===========================48.4%                          ]

[===========================48.8%                          ]

[===========================49.1%                          ]

[===========================49.4%                          ]

[===========================49.7%                          ]

[===========================49.8%                          ]

[===========================50.3%                          ]

[===========================50.4%                          ]

[===========================50.6%                          ]

[===========================50.6%                          ]

[===========================50.9%                          ]

[===========================51.2%                          ]

[===========================51.3%                          ]

[===========================51.5%                          ]

[===========================51.7%                          ]

[===========================51.7%                          ]

[===========================51.7%                          ]

[===========================51.7%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.9%                          ]

[===========================51.9%                          ]

[===========================52.0%                          ]

[===========================52.1%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.3%                          ]

[===========================52.3%                          ]

[===========================52.3%                          ]

[===========================52.3%                          ]

[===========================52.4%                          ]

[===========================52.4%                          ]

[===========================52.4%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.6%                          ]

[===========================52.6%                          ]

[===========================52.7%                          ]

[===========================52.7%                          ]

[===========================52.7%                          ]

[===========================52.7%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.9%                          ]

[===========================52.9%                          ]

[===========================52.9%                          ]

[===========================53.0%                          ]

[===========================53.0%                          ]

[===========================53.0%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.2%                          ]

[===========================53.3%                          ]

[===========================53.3%                          ]

[===========================53.3%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.5%                          ]

[===========================53.5%                          ]

[===========================53.5%                          ]

[===========================53.6%                          ]

[===========================53.6%                          ]

[===========================53.6%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.8%                          ]

[===========================53.8%                          ]

[===========================53.8%                          ]

[===========================53.8%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.2%                          ]

[===========================54.2%                          ]

[===========================54.2%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.4%                          ]

[===========================54.4%                          ]

[===========================54.4%                          ]

[===========================54.4%                          ]

[===========================54.5%                          ]

[===========================54.5%                          ]

[===========================54.5%                          ]

[===========================54.5%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.7%                          ]

[===========================54.7%                          ]

[===========================54.8%                          ]

[===========================54.8%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================54.9%                          ]

[===========================55.0%                          ]

[===========================55.0%                          ]

[===========================55.1%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.3%                          ]

[===========================55.3%                          ]

[===========================55.3%                          ]

[===========================55.4%                          ]

[===========================55.4%                          ]

[===========================55.4%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.6%                          ]

[===========================55.6%                          ]

[===========================55.6%                          ]

[===========================55.6%                          ]

[===========================55.7%                          ]

[===========================55.7%                          ]

[===========================55.7%                          ]

[===========================55.8%                          ]

[===========================55.8%                          ]

[===========================56.0%                          ]

[===========================56.2%                          ]

[===========================56.4%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================57.0%=                         ]

[===========================57.0%=                         ]

[===========================57.0%=                         ]

[===========================57.1%=                         ]

[===========================57.2%=                         ]

[===========================57.6%=                         ]

[===========================57.7%=                         ]

[===========================57.7%=                         ]

[===========================57.8%=                         ]

[===========================58.8%==                        ]

[===========================59.2%==                        ]

[===========================59.5%==                        ]

[===========================59.6%==                        ]

[===========================59.7%==                        ]

[===========================59.9%==                        ]

[===========================60.1%==                        ]

[===========================62.3%====                      ]

[===========================84.9%=================         ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========


========= SFC /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 130174464 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 47510716 B
Edge => 833914 B
Chrome => 23465191 B
Firefox => 1285605892 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 312120462 B
DeanZF1 => 381478471 B

RecycleBin => 6357775804 B
EmptyTemp: => 8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:12:13 ====

Thank you. 8GB of temporary data were deleted!

Type SkyDrive in the Search area. Select Open file location and let me know if it is the one with the recently modified folders that opens or the other?

Most files are from 2021 and some from 2017. the only files with a current date is the second OneDrive file and the Downloads file.

In a previous post you wrote that the one folder has only a .ini file and Documents (they are the OneNote notebooks) and the other one has the files you posted there. Is that correct?

Please attach for me a screenshot of what you see when you do this:

Type SkyDrive in the Search area. Select Open file location.

QuoteIn a previous post you wrote that the one folder has only a .ini file and Documents (they are the OneNote notebooks) and the other one has the files you posted there. Is that correct?

Yes, that is correct.  Two One Drive folders. Second one is current.  First one is dated 2015 and contains just the .ini and Documents folder

In the SkyDrive.old file there is only one .ini fileYou cannot view this attachment.
You cannot view this attachment. 

I can't see the screenshots.

Last question for tonight, and it's the same as above:

Please attach for me a screenshot of what you see when you do this:

Type SkyDrive in the Search area. Select Open file location.

I don't want to see what the SkyDrive.old folder contains. I just want to see where the SkyDrive leads you.

The upload screen was strange, I'll try again. But its the same screen shot. Thats what I see when I click the Open File location.