Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Owner (02-03-2021 16:42:21)
Running from C:\Users\Owner\Desktop
Windows 10 Pro Version 20H2 19042.804 (X64) (2021-03-02 00:11:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1014905426-3769363605-1701117676-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1014905426-3769363605-1701117676-503 - Limited - Disabled)
Guest (S-1-5-21-1014905426-3769363605-1701117676-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1014905426-3769363605-1701117676-1003 - Limited - Enabled)
Owner (S-1-5-21-1014905426-3769363605-1701117676-1001 - Administrator - Enabled) => C:\Users\Owner
WDAGUtilityAccount (S-1-5-21-1014905426-3769363605-1701117676-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Amazon Music Importer (HKLM-x32\...\{3BAF1C25-33AA-AB09-0D89-1BAB227E5FB8}) (Version: 3.1.0 - Amazon Services LLC) Hidden
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.1.0 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
CyberLink DVD Menu Template Pack (HKLM-x32\...\{0C8EBB00-4909-459C-8347-B2068B7F0319}) (Version: 2.0 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3610 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 9.0.2410 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1203_33054 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2109i - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1202 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1018 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2325.01 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.2408 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2407 - CyberLink Corp.)
DisplayLink Graphics Driver (HKLM\...\{5ABC05B8-3675-4C55-AF38-C5B0A88DA025}) (Version: 8.5.3365.0 - DisplayLink Corp.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.190 - Google LLC)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
iTunes (HKLM\...\{79951B67-3DC8-45DF-A516-86F89DA95924}) (Version: 12.11.0.26 - Apple Inc.)
KeePass Password Safe 1.37 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.37 - Dominik Reichl)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1) (Version: 1.0.0.8 - Lenovo Group Limited)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
Samsung ML-1865W Series (HKLM-x32\...\Samsung ML-1865W Series) (Version: - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmartSound Quicktracks Plugin (HKLM-x32\...\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc)
Trendnet USBKVM Switcher (HKLM-x32\...\Trendnet USBKVM Switcher_is1) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
Packages:
=========
AV Cast -> C:\Program Files\WindowsApps\63429HDWProduction.AVCast_2018.1126.16.0_x64__vzjvkadhfn8tr [2018-11-28] (HDW Production)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.187.400.0_x86__kgqvnymyfvs32 [2021-03-01] (king.com)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_7.0.40.0_x64__a76a11dkgb644 [2021-03-01] (iHeartMedia.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-29] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-01] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-09] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-09] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-09] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0 [2021-02-21] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-04-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-01] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Owner\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl
==================== Loaded Modules (Whitelisted) =============
2015-08-11 15:32 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-11-18 13:57 - 2007-07-17 16:26 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Trendnet\USBKVM Switcher\kEYHOOK.dll
2015-08-05 12:15 - 2005-04-21 22:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2015-08-11 15:33 - 2012-04-23 14:03 - 000380928 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2015-08-11 15:33 - 2012-08-28 10:51 - 000155648 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2015-08-11 15:33 - 2012-07-06 12:33 - 000098304 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2015-08-11 15:33 - 2012-07-06 12:33 - 017694720 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2015-08-11 15:33 - 2012-07-17 12:36 - 000090112 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2015-08-05 12:15 - 2012-07-26 23:07 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2010-12-03 16:45 - 2010-12-03 16:45 - 000150624 _____ (CyberLink -> ) [File not signed] C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\WPDDM.dll
2021-03-01 18:03 - 2021-03-01 18:03 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2021-03-01 18:03 - 2021-03-01 18:03 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2021-03-01 18:03 - 2021-03-01 18:03 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2019-01-08 17:31 - 000000845 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1014905426-3769363605-1701117676-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3AD575BF-2AB2-425A-84D8-3ADCB88F30B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F9D37732-05BD-46C4-AE10-B5069CC5D3DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8A4598AC-55C0-4933-A56A-DCC2100190C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FA5DA722-9B64-437E-A786-B8DE61497B2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1E8CB704-867E-4844-83FF-894BFFA50E82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{078ECCBE-2E4D-4DB8-857B-7D5BD6A56BC8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6DECE11E-D24D-4993-9DA2-7CE65446ADB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F489BABA-E255-448D-880D-D0A730B19F46}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2FC7D826-C05D-4BDD-832E-B72E8B4B0A42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{50608695-6AAF-49F3-B577-EBD9765EE930}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5694F12C-76D5-4FB4-9720-2F249D3D68F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{59ADB011-D9DA-4190-B44E-6B563D7B1320}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AA5BE2D4-0F31-498C-8934-912AA774A6AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{96CCCC02-1466-4686-B024-B3712ED68015}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{375B3A70-0160-4DF6-970B-A89FF225ECCE}] => (Allow) LPort=5558
FirewallRules: [{7E54A6EE-FB66-4B87-AF21-0770E20C250E}] => (Allow) LPort=5556
FirewallRules: [{EC64A73F-9C15-4066-BBFC-80A58E246C2D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F22331B4-691C-4F0C-8675-8A4BDF00E39D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{D4799C1E-4693-4F64-B855-4DA5749DE500}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe (Amazon Services LLC -> )
FirewallRules: [TCP Query User{4CB13AE9-7084-4A83-BC12-848522DF60E8}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe (Amazon Services LLC -> )
FirewallRules: [{6227C5EA-E5F9-4C60-8D66-32D77F2E16EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{E3A6ED74-81F5-446A-957D-10E530C43644}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{BDC72FFF-6BF5-4EA4-A1C9-87615CF8650F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{B3F40DE2-8388-4CAE-8638-D6A2B4EFF453}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{0FB634A8-6EA7-43B2-A769-45454BE438C0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{38448C18-A688-49C7-8174-1B2BC24536EC}] => (Allow) LPort=54925
FirewallRules: [{E3D39E12-16A5-4746-8B99-19BD74822B66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B883ABCE-DF1A-4A0B-ABAE-8CA27CB83D1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4318DBDD-DDE1-463F-BCE7-258D6D028763}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{49A75FE9-C561-4677-8237-CBBBA6E4DDF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:118.06 GB) (Free:56.03 GB) (47%)
==================== Faulty Device Manager Devices ============
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: ========================
Application errors:
==================
Error: (03/02/2021 04:24:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local instead
Error: (03/02/2021 04:24:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Owner-PC.local. Addr 192.168.1.142
Error: (03/02/2021 04:24:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.142:5353 16 Owner-PC.local. AAAA 2601:0483:C400:0110:184B:A946:6DE0:264F
Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Owner-PC.local. AAAA FE80:0000:0000:0000:E817:E563:0AE0:1EE1
Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.142:5353 16 Owner-PC.local. AAAA 2601:0483:C400:0110:184B:A946:6DE0:264F
Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Owner-PC.local. AAAA 2601:0483:C400:0110:1409:8DA2
26A:B94D
Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.142:5353 16 Owner-PC.local. AAAA 2601:0483:C400:0110:184B:A946:6DE0:264F
Error: (03/02/2021 04:24:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Owner-PC.local. AAAA 2601:0483:C400:0110:E817:E563:0AE0:1EE1
System errors:
=============
Error: (03/02/2021 12:48:43 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.
Error: (03/02/2021 12:48:39 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.
Error: (03/02/2021 12:48:36 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.
Error: (03/02/2021 12:48:33 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.
Error: (03/02/2021 12:48:30 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.
Error: (03/02/2021 12:48:27 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.
Error: (03/02/2021 12:48:22 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.
Error: (03/01/2021 06:43:09 PM) (Source: DCOM) (EventID: 10005) (User: Owner-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Windows Defender:
================
Date: 2021-03-01 18:40:15
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2021-03-01 18:50:51
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.
==================== Memory info ===========================
BIOS: LENOVO FHKT48AUS 05/28/2014
Motherboard: LENOVO SHARKBAY
Processor: Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
Percentage of memory in use: 90%
Total physical RAM: 4002.3 MB
Available physical RAM: 378 MB
Total Virtual: 5602.3 MB
Available Virtual: 1578.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.06 GB) (Free:56.03 GB) NTFS
Drive f: (My Book) (Fixed) (Total:1862.98 GB) (Free:1763.82 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:7.59 GB) (Free:7.3 GB) FAT32
\\?\Volume{bd82434a-ce60-11e4-be66-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
\\?\Volume{71b5c2a1-0000-0000-0000-c0991d000000}\ () (Fixed) (Total:0.84 GB) (Free:0.4 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 71B5C2A1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=859 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=0C)
==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================