Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2023 Ran by Joao Paulo (24-01-2023 10:51:48) Running from C:\Users\Joao Paulo\Desktop Microsoft Windows 10 Home Version 22H2 19045.2486 (X64) (2022-12-09 21:06:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-967556649-2745294871-1311300776-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-967556649-2745294871-1311300776-503 - Limited - Disabled) defaultuser0 (S-1-5-21-967556649-2745294871-1311300776-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-967556649-2745294871-1311300776-501 - Limited - Disabled) Joao Paulo (S-1-5-21-967556649-2745294871-1311300776-1001 - Administrator - Enabled) => C:\Users\Joao Paulo WDAGUtilityAccount (S-1-5-21-967556649-2745294871-1311300776-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3uTools (HKLM-x32\...\3uTools) (Version: 2.60.022 - ShangHai ZhangZheng Network Technology Co., Ltd.) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 22.003.20310 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Apowersoft Heic Converter V1.2.5 (HKLM-x32\...\{56CE07AC-6221-496A-8762-39D4576560C1}_is1) (Version: 1.2.5 - Apowersoft LIMITED) aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink Power2Go 8 (HKLM-x32\...\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.) CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6929 - CyberLink Corp.) Dolby Audio X2 Windows API SDK (HKLM\...\{8738A898-221B-4279-BC87-FEF7938022C1}) (Version: 0.8.8.87 - Dolby Laboratories, Inc.) Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.75 - Google LLC) gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard) iMazing 2.16.4.0 (HKLM\...\iMazing_is1) (Version: 2.16.4.0 - DigiDNA) Intel Driver && Support Assistant (HKLM-x32\...\{578E6A4F-CA2B-42D1-BDA7-0890885BD753}) (Version: 22.7.44.6 - Intel) Hidden Intel(R) Chipset Device Software (HKLM\...\{81520FC5-3518-40E9-9803-70CE8A801D07}) (Version: 10.1.1.38 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Computing Improvement Program (HKLM\...\{848F0123-CF5D-4192-90EC-A6574D8B1796}) (Version: 2.4.06522 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1003 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{F3514E47-5EA1-4BBE-8080-B3489086F64B}) (Version: 16.8.3.1003 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000030-0210-1046-84C8-B8D95FA3C8C3}) (Version: 21.30.0.5 - Intel Corporation) Intel® Driver & Support Assistant (HKLM-x32\...\{27a1a209-4130-486f-a220-0f1495f7f325}) (Version: 22.7.44.6 - Intel) Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{4B3C56AB-963E-4F48-9747-05297683DB3B}) (Version: 16.8.3.1003 - Intel Corporation) iPod Support (HKLM\...\{DEC0F5DF-216B-4D66-B3DD-B1BDDC7A5BF8}) (Version: 12.11.3.7 - Apple Inc.) Lenovo App Explorer (HKU\S-1-5-21-967556649-2745294871-1311300776-1000\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION Lenovo Service Bridge (HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.13 - Lenovo) Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0140 - Lenovo) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.9.23.0 - Lenovo Group Ltd.) LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Microsoft .NET Core Host - 3.1.28 (x64) (HKLM\...\{26ECE92F-518E-40AF-9108-7B7B444A46DE}) (Version: 24.112.31513 - Microsoft Corporation) Hidden Microsoft .NET Core Host FX Resolver - 3.1.28 (x64) (HKLM\...\{CDEA72F4-1367-4E0A-AC5F-0EBAF7C6825A}) (Version: 24.112.31513 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM\...\{3691148D-EF42-4812-8956-AE11FC413B8D}) (Version: 24.112.31513 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM-x32\...\{231e3b76-4d0f-4e60-9d69-f11c9c448630}) (Version: 3.1.28.31513 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.61 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.61 - Microsoft Corporation) Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.15928.20216 - Microsoft Corporation) Microsoft Office Home and Student 2016 - pt-br (HKLM\...\HomeStudentRetail - pt-br) (Version: 16.0.15928.20216 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\OneDriveSetup.exe) (Version: 22.253.1204.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\Teams) (Version: 1.5.00.28361 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support (HKLM\...\{9D6CE289-E12C-38BB-9999-E2377EC118B7}) (Version: 16.0.28801 - Microsoft Corporation) Hidden Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support (HKLM-x32\...\{7C931D41-F302-3494-868C-320A4F4DD9F9}) (Version: 16.0.28801 - Microsoft Corporation) Hidden Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 103.0.1 (x64 pt-BR)) (Version: 103.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla) Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version: - ) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15928.20198 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden ReliaSoft Synthesis 11 (HKLM-x32\...\{2E90C5A3-1E14-4B7F-8EBD-CEA64015626A}) (Version: 11.1.2.11 - ReliaSoft) Revo Uninstaller 2.4.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.2 - VS Revo Group, Ltd.) Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.) Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.16.8 - TeamViewer) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation) Verificação de integridade do PC Windows (HKLM\...\{2AB46FF6-54A0-4BE1-BC61-18A3C28A55A1}) (Version: 3.3.2110.22002 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.582 - McAfee, LLC) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.1555 - Microsoft Corporation) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00004) (HKLM\...\BE156A27AFEAEA39D6A7C9D25CFA8DAFAF91756B) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. ) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) Wondershare Dr.Fone (Version 10.8.10) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 10.8.10.355 - Wondershare Technology Co.,Ltd.) Zoom (HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\ZoomUMX) (Version: 5.12.6 (10137) - Zoom Video Communications, Inc.) Packages: ========= Alto's Adventure -> C:\Program Files\WindowsApps\20200LooksLikeLemonade.AltosAdventure_1.1.96.0_x64__yqc0j44vp3h64 [2022-06-27] (Looks Like Lemonade) Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-19] (Autodesk Inc.) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.234.200.0_x64__kgqvnymyfvs32 [2023-01-20] (king.com) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa [2023-01-10] (Apple Inc.) [Startup Task] Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2018-02-25] (LENOVO INCORPORATED.) Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2022-06-27] (LENOVO INCORPORATED.) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2209.2.0_x64__k1h2ywk1493x8 [2022-10-17] (LENOVO INC.) Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2022-12-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2022-12-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-12-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-12-09] (Microsoft Corporation) [MS Ad] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-09] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0 [2023-01-20] (Spotify AB) [Startup Task] Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2022.1208.148.17_neutral__8wekyb3d8bbwe [2022-12-07] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-967556649-2745294871-1311300776-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Joao Paulo\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22234.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-967556649-2745294871-1311300776-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use] ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use] ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxDTCM.dll [2019-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed] ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2022-04-13 10:45 - 2022-03-03 14:52 - 002483712 _____ () [File not signed] C:\Program Files (x86)\Wondershare\drfone\Addins\Backup\SensorsSdk.dll 2019-07-15 10:20 - 2019-07-15 10:20 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll 2022-04-13 09:49 - 2022-02-11 16:17 - 003891712 _____ (wondershare) [File not signed] C:\Program Files (x86)\Wondershare\drfone\WsidClient.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-11-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-17] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\localhost -> localhost ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 08:47 - 2022-05-16 22:18 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2019-08-26 20:50 - 2022-01-08 00:21 - 000000514 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-967556649-2745294871-1311300776-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-967556649-2745294871-1311300776-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. Network Binding: ============= Wi-Fi: Diebold Network Monitor -> nt_wsddntf (enabled) Ethernet: Diebold Network Monitor -> nt_wsddntf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: 0228421638838850mcinstcleanup => 2 MSCONFIG\Services: AESMService => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: AxAutoMntSrv => 2 MSCONFIG\Services: AxVirtualAHCISrv => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: CCSDK => 2 MSCONFIG\Services: ClientAnalyticsService => 3 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: cplspcon => 2 MSCONFIG\Services: Dolby DAX2 API Service => 2 MSCONFIG\Services: DSAService => 2 MSCONFIG\Services: DSAUpdateService => 3 MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 2 MSCONFIG\Services: ETDService => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iaStorAfsService => 3 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: ImControllerService => 2 MSCONFIG\Services: Intel(R) SUR QC SAM => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LenovoVantageService => 2 MSCONFIG\Services: mccspsvc => 2 MSCONFIG\Services: McSecDashboardService => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: QcomWlanSrv => 2 MSCONFIG\Services: RstMwService => 2 MSCONFIG\Services: RtkAudioService => 2 MSCONFIG\Services: StarWindServiceAE => 2 MSCONFIG\Services: SUService => 3 MSCONFIG\Services: SystemUsageReportSvc_QUEENCREEK => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: USER_ESRV_SVC_QUEENCREEK => 3 HKLM\...\StartupApproved\Run: => "LenovoUtility" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run: => "DAX2_APP" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant" HKLM\...\StartupApproved\Run32: => "Backup" HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\StartupApproved\Run: => "AlcoholAutomount" HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_BF969105AA6EFC316474474FBDA0F7DB" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{19497D5B-4477-4DE1-993D-0DAA0FD1633C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{7C31A0A1-091B-4B3F-BE87-034BA523EE20}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{2EB1F218-0C1E-4877-94F9-447BC634314A}] => (Allow) LPort=27015 FirewallRules: [{4E6CCEE5-96A5-4373-A862-C55E7AF52A3C}] => (Allow) LPort=80 FirewallRules: [{C9252DB0-5472-4C4D-8D58-2BB607355A75}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{F902014A-419B-4A71-B3CA-466204EFC5D3}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{1E092AD2-982F-4BB3-AED2-6B7C24138D1D}] => (Allow) C:\Users\Joao Paulo\Downloads\whatsapp-transfer.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.) FirewallRules: [{63C2F417-5202-4861-A718-C738DE77FFE9}] => (Allow) C:\Users\Joao Paulo\Downloads\whatsapp-transfer.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.) FirewallRules: [{9B615FEC-C187-41D7-8857-F1A686214D3F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{80581B40-FCBA-4FBE-9FA2-2DD2096E85AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{5EBDB1D7-D70C-473A-B3F7-63379BDE6013}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{3FF84D04-3C0F-405A-B24E-6DE156B4D1DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{5E4DB87A-77F9-4191-B536-AAEFDF6A625A}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{F5A29497-AAED-4D3F-A55D-C1F2D8A1E490}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{76655DAC-6976-4356-A239-62BD06E8763F}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{994D32A0-E0D0-4F58-907B-0CE2C5133E9C}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> ) FirewallRules: [{761D9C68-71BF-4106-946C-E5B46DC0F3C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{DF13AD18-C175-40CA-ADE3-C2DC5798A270}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{3747BF3D-2E56-44DB-8EC3-E3E1E41F5FA5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{D5CFD3C0-B04F-4591-856E-1C04157A1566}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{66574CB0-803E-4C40-91C9-216BF2B68AC7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1C704A5C-5A92-4EAF-A6C6-83CFB3C1F8B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3255CC45-FA2F-4815-871A-4419312559A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{54C11E78-E24A-4C08-8374-5FD5E82ED0B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C0A69BDF-D69E-4D55-B7EA-B2F06BC1F39B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8ADDDDC0-4BDD-4882-9B4B-4BCEF9F7352D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{CCC45A1D-1621-46F9-A46E-021CD40522E4}C:\users\joao paulo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\joao paulo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{D9839336-88B1-472D-932D-48CAAF875F6F}C:\users\joao paulo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\joao paulo\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AC506192-0A0E-4942-BDAF-4582FAF2FCE1}] => (Allow) C:\Users\Joao Paulo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [TCP Query User{473D91F6-9908-42AB-920E-3848BA2EC44A}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{6EFAE5ED-454C-41F1-AED5-F81529E3B3D7}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{BBA60684-1748-4190-85CC-15B1B97D7AAB}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{3F3369EF-83AF-48AC-8B23-8FC5A3FE5E5A}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{BC4009F6-AEF9-4C60-A363-4232CA05932C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8BF3D428-CBEC-41E4-B03D-5B42E25D6D6C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7BBD2A5E-0ABE-4F99-9F16-4CA2BF6F729E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3B6368B8-7841-46A4-BCA2-1D29BF88C68A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{BDCE02C0-7ADE-4980-9132-876EF47CACFF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1B1BE00F-3F15-4A92-B011-7450F1335827}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4604AB39-C2BC-4B47-8358-102131EE1959}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{390DA456-F703-4A62-A0CF-510D012D982D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D98F25BB-7C06-4C9F-B5B3-70D5846D22EE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{11F504EE-E32E-4E6C-9233-6B777E7DBA0F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1BE4C75D-2FB8-40F1-B6EF-9C48B982A785}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D7B249BE-9FBA-4D8C-8DEF-C6110DCA4FAE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{81354B6B-FC27-45D2-9995-5B437A1ED224}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{A86BCB0B-4889-4102-8F09-A6DB47D9C2F8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9D426D9B-571D-4699-8D8A-470A8C603EC8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5C6E6E0D-4FC5-4B2F-9E83-2547A97B1960}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{25AD90D4-7942-4C59-966D-12C94725DC4C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{ACEFDC3F-60EA-4D96-842D-354D60943E7B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{52E0F813-5DF9-4481-A6A1-B51FD82B5A91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{37979D07-A573-4620-9D39-5F000D0C6826}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{DCC8954E-A551-44E5-B28B-F3B88B0025E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A950465C-7664-4AFF-88E6-4CF2D573D070}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 19-01-2023 05:51:10 Scheduled Checkpoint 21-01-2023 19:31:27 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (01/20/2023 04:51:50 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (01/20/2023 04:51:50 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (01/20/2023 04:51:50 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (01/20/2023 04:51:50 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (01/20/2023 03:22:15 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Error: (01/20/2023 03:22:07 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Error: (01/20/2023 03:22:05 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. Error: (01/20/2023 03:15:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: LAPTOP-G8GJENNS) Description: Installing the performance counter strings for service .NET CLR Data () failed. The first DWORD in the Data section contains the error code. System errors: ============= Error: (01/22/2023 09:29:25 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\JOAOPA~1\AppData\Local\Temp\ehdrv.sys Error: (01/22/2023 09:29:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (01/22/2023 09:29:24 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\JOAOPA~1\AppData\Local\Temp\ehdrv.sys Error: (01/22/2023 09:29:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (01/22/2023 09:29:24 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\JOAOPA~1\AppData\Local\Temp\ehdrv.sys Error: (01/22/2023 09:29:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (01/22/2023 09:29:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (01/22/2023 09:29:24 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\JOAOPA~1\AppData\Local\Temp\ehdrv.sys Windows Defender: ================ Date: 2023-01-20 15:22:03 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-01-18 18:12:39 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-12-29 10:40:27 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2023-01-19 02:37:31 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.381.2379.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19900.2 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2023-01-17 12:26:02 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.381.2171.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19900.2 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2023-01-17 12:26:02 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.381.2171.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19900.2 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2023-01-17 12:26:02 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.381.2171.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19900.2 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2023-01-17 12:22:25 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.381.2171.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.19900.2 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =============== Date: 2023-01-24 10:50:28 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2023-01-22 21:06:42 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: LENOVO 4WCN47WW 06/30/2020 Motherboard: LENOVO LNVNB161216 Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz Percentage of memory in use: 33% Total physical RAM: 16258.72 MB Available physical RAM: 10822.31 MB Total Virtual: 22914.72 MB Available Virtual: 17324.45 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:1836.77 GB) (Free:1135.33 GB) (Model: ST2000LM007-1R8174) NTFS Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.96 GB) (Model: ST2000LM007-1R8174) NTFS \\?\Volume{ddefef28-9512-4172-8298-ef37d0e11ead}\ () (Fixed) (Total:0.98 GB) (Free:0.38 GB) NTFS \\?\Volume{1234006f-3c50-4d7a-acfe-262cda273420}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 9FC69BF3) Partition: GPT. ==================== End of Addition.txt =======================