Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Google's AI video maker Veo 3 is now available via $20 Gemini

Featured Deal: This beginner IT course bundle just dropped from $160 to $30

Latest Buyer's Guide: Best VPNs in 2025

Computer hangs, fan runs high, no network connection

Started by vogom95746 , Jun 01 2025 08:47 PM

Please log in to reply
Go to first unread post

34 replies to this topic

#1 vogom95746

Members
17 posts
ONLINE

Local time:09:31 PM

Posted 01 June 2025 - 08:47 PM

Hello, I am hoping I can get some help. My computer was running normally, but now when I boot it up, the fan runs at full power, it can't connect to the wifi connection, and each window I open hangs and doesn't load. If I try to restart, the hangs on the "restarting" screen. I have to manually shut it down by holding the power button. After rebooting a couple of times, things seem to run normally for a little while which is how I'm able to make this post. Then it goes back to behaving oddly. I've run windows security virus scanner, Malwarebytes, ESET Online scanner, AdwCleaner and no threats were found. I also ran sfc /scannow and DISM /Online / Cleanup-Image /RestoreHealth. Attached are FRST logs which I hope point out something that can be fixed.

Thanks for your help!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2025
Ran by admin (administrator) on LAPTOP-5USU85JC (LENOVO 20SM) (01-06-2025 19:29:42)
Running from C:\Users\admin\Desktop\FRST64.exe
Loaded Profiles: admin
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5854 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(GenericTelemetryAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(LenovoSystemUpdateAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_9ea30e7f88626f47\igfxCUIServiceN.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9ea30e7f88626f47\igfxEMN.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_925ded1d9428eaee\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~4.INF\DAX3API.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <61>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(services.exe ->) (Access Denied) [File not signed?] C:\Windows\System32\ApsInsMonSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_925ded1d9428eaee\DAX3API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_21306a77b30fd6e0\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_ece153ca769ec179\aesm_service.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9ea30e7f88626f47\igfxCUIServiceN.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_caa7639078e34732\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1d8c0a4a248c0ba9\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_4a7090a469e354f6\RstMwService.exe
(services.exe ->) (Intel® Trust Services -> Intel® Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Lenovo.) C:\Windows\System32\ApsInsSvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(svchost.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9ea30e7f88626f47\igfxextN.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141544 2020-09-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\Run: [MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141096 2025-05-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" [48701312 2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\RunOnce: [Uninstall 21.016.0124.0003\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\amd64" [0 2025-06-02] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\RunOnce: [Uninstall 21.016.0124.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.016.0124.0003" [0 2025-06-02] () <==== ATTENTION [zero byte File/Folder]
HKLM\...\Print\Monitors\Pantum P2500 Language Monitor: C:\WINDOWS\system32\pt2500lm.dll [338984 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\136.0.7103.114\Installer\chrmstp.exe [2025-05-17] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\137.1.79.118\Installer\chrmstp.exe [2025-05-29] (Brave Software, Inc. -> Brave Software, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06FEF118-1E47-4CD0-8CA1-3F23A5249FEF} - \OneDrive Standalone Update Task-S-1-5-21-2326634645-996202713-3136003770-500 -> No File <==== ATTENTION
Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION
Task: {9B560D91-86B9-49E2-8824-0B2EBBADC2DA} - \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance -> No File <==== ATTENTION
Task: {C5D067D5-EC9E-4B7E-95BF-976F7BCA83A5} - \LenovoUtility Startup -> No File <==== ATTENTION
Task: {C9D12534-24D4-4A67-9B9E-8E4BF096068D} - \Microsoft\Windows\SMB\UninstallSMB1ServerTask -> No File <==== ATTENTION
Task: {CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {EDFB5CA4-0633-40DD-A2A1-6B82624AD85B} - \Microsoft\Windows\SMB\UninstallSMB1ClientTask -> No File <==== ATTENTION
Task: {9432C56B-7875-4CF9-AD3C-B76430AC6709} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {26F44C86-DC9A-4266-80B1-A796AFE45B7D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{A9C1AF9E-CF1F-4B9A-BE94-EB89A530B0D2} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2025-03-15] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {5DEE7D02-9EC3-4158-BC76-F366F6E0A8CC} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{D8349071-D1DB-4A3C-9939-F86C873E4575} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2025-03-15] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {1CFCF161-A657-4C87-95E8-F095E5A3A171} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7194.0{58A6601F-2763-43DF-B724-7837B2EA2701} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe [7080032 2025-05-22] (Google LLC -> Google LLC)
Task: {EF4B4143-8CFC-49C8-8515-1A65E85EF7C3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {53331ABF-4EEE-4D3C-84DB-9B7634A4F37C} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {04085B98-E0F1-4975-8527-ED7B7BB5D6EB} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {CB7CFFE4-C242-4265-997F-884FA743512B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2d2c7b1e-74ed-4da6-b203-b2363c538e31 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {57A096CA-7D40-4E8D-ABBA-11B0B8D501F9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\65044bcf-e6b1-42be-9c13-569f74209b89 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {692824AE-5E2B-4C82-B761-8164ED141610} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\da11560d-6310-4fc6-882f-cc7f866d97fb => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {850AD3D3-65DE-469B-90A4-0A072CF13633} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {60742BC8-4F79-4621-9490-5586E6AED42E} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {12B7C48F-2BEE-4F31-B1F4-9CDADF300F86} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {EC7E23B4-F3DB-4736-B0E8-6602891FC199} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {53DD60DE-8DE7-4AFD-9CBF-A3F90199C382} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {A69AE1E5-D490-4A00-871B-71390C858746} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {CD85C85E-3CB4-4F06-A51C-54ADEDD87A06} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.SScan (No File)
Task: {A8EA672B-A380-4F4F-977D-AB121E6D617C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {E75F18C8-84B1-4694-9C47-50E60D5CF790} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {263E7266-1F6F-4E7F-B5DB-C7519ACBDABA} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)
Task: {200D39BE-3C98-4273-BCFB-88F7505EA83C} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {524C53ED-67C7-41DD-9B81-3BB46A4DDEA2} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {4AFA1365-B861-484B-8839-05C1CF89BB06} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {71597BA0-553E-418B-894C-5982F07DF1AA} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.0.0.190\x64\IdleScheduleEventAction.exe [143768 2025-02-03] (Lenovo -> )
Task: {5C9A064D-4F2A-47AF-A1E0-B8C69760F54C} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {9129F34D-B145-4BA7-92EA-D0A69DA64869} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {94312EE1-72C5-4858-B0C7-FA1BE4214A85} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {83F187B5-7509-4B6F-BB22-6B93B45F7AC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C2290B23-A627-4510-BF21-8C6C87C2552F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C2F45ECD-F944-45D6-8B9E-FD1CCD74DEAB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {46D0426E-CE66-48A9-ACFB-B6CD2887621D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9F69439D-D2A0-4BE8-8714-16C5B505D6A4} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2765374831-2570406690-475332977-1002 => C:\Users\Sara\AppData\Local\Microsoft\OneDrive\25.080.0427.0003\OneDriveLauncher.exe [679728 2025-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {1472B7A5-D0D8-4B79-9A05-22F0D82E47B4} - System32\Tasks\Remove AdwCleaner Application => C:\WINDOWS\system32\CMD.EXE [289792 2024-05-11] (Microsoft Windows -> Microsoft Corporation) -> /C DEL /F /Q "C:\Users\Joe\Desktop\adwcleaner.exe"
Task: {37D3EE0A-B307-405B-AFB2-A7B892508B99} - System32\Tasks\Uninstall AdwCleaner Application => C:\Users\Joe\Desktop\adwcleaner.exe [9568256 2025-06-01] (Malwarebytes Inc -> Malwarebytes)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3c5957ed-ef49-4c1d-9f49-66d2fb97dbfa}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3c5957ed-ef49-4c1d-9f49-66d2fb97dbfa}\7425946464359535: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{3c5957ed-ef49-4c1d-9f49-66d2fb97dbfa}\7596D26496025374: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3c5957ed-ef49-4c1d-9f49-66d2fb97dbfa}\E45445745414257303: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3c5957ed-ef49-4c1d-9f49-66d2fb97dbfa}\E45445745414257303D25374: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{92306f25-a08a-44e0-a033-2a98aa5770ed}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Edge:
=======
Edge Profile: C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default [2025-06-02]
Edge Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-02]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-06-02]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2025-06-02]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-23]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-23]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-23]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-23]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-06-02]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-23]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-23]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-23]
CHR HKU\S-1-5-21-2765374831-2570406690-475332977-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2765374831-2570406690-475332977-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R3 ApsInsMonitorSvc; C:\WINDOWS\system32\ApsInsMonSvc.exe [27624 2025-06-02] (Access Denied) [File not signed?]
R2 ApsInsSvc; C:\WINDOWS\System32\ApsInsSvc.exe [187768 2019-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Lenovo.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2025-03-15] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\137.1.79.118\elevation_service.exe [3205648 2025-05-29] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2025-03-15] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_925ded1d9428eaee\DAX3API.exe [2205144 2020-12-23] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [343928 2020-09-04] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe [34816 2025-02-21] (Lenovo -> Lenovo)
S3 LibreOfficeMaintenance; C:\Program Files\LibreOffice\program\update_service.exe [123320 2024-07-11] (The Document Foundation -> The Document Foundation)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1643688 2019-05-06] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9577376 2025-05-30] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2024-12-24] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe [2050904 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2025-03-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VSInstallerElevationService; C:\Program Files (x86)\Microsoft Visual Studio\Installer\VSInstallerElevationService.exe [42544 2025-04-08] (Microsoft Corporation -> Microsoft)
S3 wampapache64; c:\wamp64\bin\apache\apache2.4.46\bin\httpd.exe [29696 2020-08-02] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp64\bin\mysql\mysql8.0.21\bin\mysqld.exe [48581632 2020-06-17] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe [4525976 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe [278304 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_90beccc7e046abab\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_icl.inf_amd64_b535659b9405201a\iaLPSS2_UART2_ICL.sys [312600 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-11] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-03-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [242752 2025-05-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\ptusbews.sys [65520 2021-10-22] (WDKTestCert han.yu,130842677139774357 -> Zhuhai Pantum Electronics Co.,Ltd.)
R0 Shockprf; C:\WINDOWS\System32\drivers\ApsX64.sys [156536 2019-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Lenovo.)
R0 TPDIGIMN; C:\WINDOWS\System32\drivers\ApsHM64.sys [29048 2019-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Lenovo.)
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49152 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [19984 2025-05-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606568 2025-05-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100736 2025-05-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-06-01 19:29 - 2025-06-01 19:30 - 000029817 _____ C:\Users\admin\Desktop\FRST.txt
2025-06-01 19:29 - 2025-06-01 19:30 - 000000000 ____D C:\FRST
2025-06-01 19:28 - 2025-06-01 19:28 - 002405888 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2025-06-01 19:23 - 2025-06-01 19:23 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2765374831-2570406690-475332977-1001
2025-06-01 19:21 - 2025-06-01 19:21 - 000000000 ____D C:\Users\admin\AppData\Roaming\com.adobe.dunamis
2025-06-01 19:21 - 2025-06-01 19:21 - 000000000 ____D C:\Users\admin\AppData\Local\SolidDocuments
2025-06-01 19:21 - 2025-06-01 19:21 - 000000000 ____D C:\Users\admin\.ms-ad
2025-06-01 19:20 - 2025-06-01 19:20 - 000002406 _____ C:\Users\admin\Desktop\Brave.lnk
2025-06-01 19:20 - 2025-06-01 19:20 - 000000000 ____D C:\Users\admin\AppData\Local\BraveSoftware
2025-06-01 18:58 - 2025-06-01 18:58 - 000000000 ____D C:\WINDOWS\Minidump
2025-06-01 16:30 - 2025-06-01 19:00 - 000001328 _____ C:\Users\Joe\Desktop\ESET Online Scanner.lnk
2025-06-01 16:29 - 2025-06-01 19:01 - 000001434 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-06-01 16:29 - 2025-06-01 16:29 - 000000000 ____D C:\Users\Joe\AppData\Local\ESET
2025-06-01 16:24 - 2025-06-01 16:25 - 000000000 ____D C:\AdwCleaner
2025-06-01 16:19 - 2025-06-01 16:19 - 008412528 _____ (ESET) C:\Users\Joe\Desktop\esetonlinescanner.exe
2025-06-01 16:18 - 2025-06-01 16:18 - 009568256 _____ (Malwarebytes) C:\Users\Joe\Desktop\adwcleaner.exe
2025-06-01 15:37 - 2025-06-01 15:37 - 000000000 _____ C:\Users\Joe\AppData\Local\{CD5DDA91-0B3F-4DCE-A4CB-1672FFDEF55A}
2025-05-29 19:26 - 2025-05-29 19:26 - 000187696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2025-05-26 20:21 - 2025-05-26 20:21 - 000111715 _____ C:\Users\Joe\Downloads\1748190636_1117946468_4cf2da35d9d86fb3b6f312472860bcfc.pdf
2025-05-23 20:33 - 2025-05-23 20:33 - 000003298 _____ C:\WINDOWS\system32\Tasks\Remove AdwCleaner Application
2025-05-23 20:32 - 2025-05-23 20:32 - 000003280 _____ C:\WINDOWS\system32\Tasks\Uninstall AdwCleaner Application
2025-05-13 21:52 - 2025-05-13 21:52 - 000022680 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-13 21:51 - 2025-05-13 21:51 - 000022680 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-05-13 21:46 - 2025-05-13 21:46 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-06-01 19:30 - 2023-06-09 20:59 - 000000000 ____D C:\Users\admin\AppData\Local\Malwarebytes
2025-06-01 19:26 - 2021-02-23 13:30 - 000795742 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-06-01 19:26 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2025-06-01 19:25 - 2021-02-23 13:34 - 000000000 ____D C:\Users\admin\AppData\Local\Packages
2025-06-01 19:23 - 2021-02-23 13:36 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
2025-06-01 19:23 - 2021-02-23 13:35 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2765374831-2570406690-475332977-1001
2025-06-01 19:23 - 2021-02-23 13:32 - 000002436 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-06-01 19:22 - 2021-12-19 00:08 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-06-01 19:22 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-06-01 19:22 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-06-01 19:21 - 2021-04-16 23:05 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Adobe
2025-06-01 19:21 - 2021-04-04 14:04 - 000000000 ____D C:\Users\admin\AppData\Local\Adobe
2025-06-01 19:21 - 2021-02-23 13:34 - 000000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2025-06-01 19:21 - 2021-02-23 13:32 - 000000000 ____D C:\Users\admin
2025-06-01 19:20 - 2021-06-16 11:20 - 000027624 _____ C:\WINDOWS\system32\ApsInsMonSvc.exe
2025-06-01 19:20 - 2021-02-23 14:19 - 000008192 ___SH C:\DumpStack.log.tmp
2025-06-01 19:20 - 2021-02-23 14:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-06-01 19:20 - 2021-02-23 14:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-06-01 19:20 - 2021-02-23 14:19 - 000000000 ____D C:\Intel
2025-06-01 19:20 - 2021-02-23 13:34 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2025-06-01 19:20 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-06-01 19:20 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2025-06-01 19:20 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-06-01 19:15 - 2021-04-22 18:00 - 000000000 ____D C:\Users\Joe
2025-06-01 19:13 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-06-01 18:59 - 2023-04-21 20:25 - 000000000 ____D C:\Users\Joe\AppData\Local\Malwarebytes
2025-06-01 18:58 - 2021-04-22 18:00 - 000000000 __SHD C:\Users\Joe\IntelGraphicsProfiles
2025-06-01 18:58 - 2020-07-17 10:04 - 002421102 ____N C:\WINDOWS\Minidump\060125-9578-01.dmp
2025-06-01 16:02 - 2023-04-24 20:30 - 000000000 ____D C:\Users\Sara\AppData\Local\Malwarebytes
2025-06-01 16:02 - 2021-02-23 14:26 - 000000000 __SHD C:\Users\Sara\IntelGraphicsProfiles
2025-06-01 15:36 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-05-31 15:19 - 2021-02-23 14:26 - 000000000 ____D C:\Users\Sara\AppData\Local\Packages
2025-05-30 23:38 - 2021-05-17 17:41 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Code
2025-05-30 21:43 - 2025-04-26 14:59 - 000000000 ____D C:\Users\Joe\AppData\Local\gk
2025-05-30 21:43 - 2021-08-19 22:23 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Notepad++
2025-05-30 20:48 - 2021-04-22 18:00 - 000000000 ____D C:\Users\Joe\AppData\Local\Packages
2025-05-30 20:47 - 2021-02-23 14:20 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-05-29 13:52 - 2025-03-15 17:48 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2025-05-26 13:19 - 2025-02-17 12:06 - 000003570 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2765374831-2570406690-475332977-1002
2025-05-26 13:19 - 2021-12-13 19:52 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2765374831-2570406690-475332977-1002
2025-05-26 13:19 - 2021-02-23 14:27 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2765374831-2570406690-475332977-1002
2025-05-26 13:19 - 2021-02-23 14:25 - 000002436 _____ C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-05-22 20:59 - 2021-08-10 00:05 - 000000000 ____D C:\Users\Joe\AppData\Roaming\vlc
2025-05-22 20:59 - 2021-04-29 18:45 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2025-05-22 20:52 - 2021-02-23 14:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-05-22 20:50 - 2021-02-23 14:20 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-05-22 20:50 - 2021-02-23 14:20 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-05-16 19:01 - 2021-02-23 13:51 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-05-16 19:01 - 2021-02-23 13:51 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-05-16 19:00 - 2021-02-23 14:19 - 000597512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-05-13 23:46 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-05-13 23:46 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-05-13 23:46 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-05-13 23:46 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-05-13 23:46 - 2019-12-07 03:03 - 002359296 _____ C:\WINDOWS\system32\config\BBI
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-05-13 23:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-05-13 23:45 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2025-05-13 21:58 - 2021-02-23 13:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-05-13 21:56 - 2021-02-23 13:45 - 214836568 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-05-13 21:51 - 2021-02-23 14:21 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2021-03-20 14:40 - 2021-04-16 22:50 - 000000128 _____ () C:\Users\admin\AppData\Local\PUTTY.RND

==================== FLock ==============================

2025-06-01 19:20 C:\WINDOWS\system32\ApsInsMonSvc.exe
2021-10-31 21:52 C:\Users\Joe\AppData\Roaming\FileZilla
2021-06-03 23:05 C:\Users\Joe\AppData\Local\FileZilla

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2025
Ran by admin (01-06-2025 19:31:21)
Running from C:\Users\admin\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.5854 (X64) (2021-02-23 20:26:37)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

admin (S-1-5-21-2765374831-2570406690-475332977-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2765374831-2570406690-475332977-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2765374831-2570406690-475332977-503 - Limited - Disabled)
Guest (S-1-5-21-2765374831-2570406690-475332977-501 - Limited - Disabled)
Joe (S-1-5-21-2765374831-2570406690-475332977-1003 - Administrator - Enabled) => C:\Users\Joe
Sara (S-1-5-21-2765374831-2570406690-475332977-1002 - Limited - Enabled) => C:\Users\Sara
WDAGUtilityAccount (S-1-5-21-2765374831-2570406690-475332977-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 25.001.20474 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Application Verifier x64 External Package (HKLM\...\{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.19 - Arduino LLC)
Audacity 3.5.1 (HKLM\...\Audacity_is1) (Version: 3.5.1 - Audacity Team)
Blackmagic RAW Common Components (HKLM\...\{F4268583-A17F-43C8-AAAE-57CCA111273C}) (Version: 3.6.1 - Blackmagic Design)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 137.1.79.118 - Brave Software Inc)
Cyberduck (HKLM\...\{4FA801DC-E821-47F3-AD08-67DF41AA36DC}) (Version: 8.7.1.40770 - iterate GmbH) Hidden
Cyberduck (HKLM-x32\...\{79abd6f9-a16d-4e70-97d5-fd6e362d35a5}) (Version: 8.7.1.40770 - iterate GmbH)
DaVinci Resolve (HKLM\...\{D2BA5866-0754-4A50-B5D6-320A6D7CE7F8}) (Version: 19.0.30005 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{3739CA49-792F-4F1F-9B76-42DFBBBED27E}) (Version: 2.3.0.0 - Blackmagic Design)
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.15 - Blackmagic Design)
GIMP 2.10.36 (HKLM\...\GIMP-2_is1) (Version: 2.10.36 - The GIMP Team)
Git version 2.31.1 (HKLM\...\Git_is1) (Version: 2.31.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 136.0.7103.114 - Google LLC)
Kits Configuration Installer (HKLM-x32\...\{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 - Microsoft) Hidden
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.3.21.0 - Lenovo Group Ltd.)
LibreOffice 24.2.5.2 (HKLM\...\{7519E50A-1B31-4EAE-9AB3-DEB5C0F764F9}) (Version: 24.2.5.2 - The Document Foundation)
Logitech Unifying Software 2.52 (HKLM\...\Logitech Unifying) (Version: 2.52.33 - Logitech)
Malwarebytes version 5.3.2.195 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.3.2.195 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 137.0.3296.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.92 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2765374831-2570406690-475332977-1002\...\OneDriveSetup.exe) (Version: 25.080.0427.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2765374831-2570406690-475332977-1002\...\Teams) (Version: 1.5.00.9163 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Debug Runtime - 14.29.30157 (HKLM\...\{B2D2DB83-DEF0-4638-A634-025F645DFBDB}) (Version: 14.29.30157 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Debug Runtime - 14.29.30157 (HKLM-x32\...\{C45C7D61-1241-4033-BF55-3F7A99E06DCA}) (Version: 14.29.30157 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2765374831-2570406690-475332977-1003\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.100.2 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.13.2069.59209 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{6AC5612A-D067-44B9-9C8E-2C1B3473B429}) (Version: 3.7.2182.35401 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{E281F6E2-136B-4AF0-895B-253279711697}) (Version: 3.7.2182.35401 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{EA4A8E4A-F5BF-454F-B107-666BE3F30608}) (Version: 22.14.0 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.6 - Notepad++ Team)
Pantum P2500W Series (HKLM\...\Pantum P2500W Series) (Version: 5.1.1.23 - Zhuhai Pantum Electronics Co.,Ltd.)
PuTTY release 0.74 (64-bit) (HKLM\...\{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 - Simon Tatham)
Python 3.13.2 (64-bit) (HKU\S-1-5-21-2765374831-2570406690-475332977-1003\...\{2f6912bf-a96d-496e-9d97-7d9b771df28d}) (Version: 3.13.2150.0 - Python Software Foundation)
Python 3.13.2 Add to Path (64-bit) (HKLM\...\{357DC719-9244-4148-8819-5C009C36283D}) (Version: 3.13.2150.0 - Python Software Foundation) Hidden
Python 3.13.2 Core Interpreter (64-bit) (HKLM\...\{6B2067F5-FABB-4E5D-9769-ACF1886A7281}) (Version: 3.13.2150.0 - Python Software Foundation) Hidden
Python 3.13.2 Development Libraries (64-bit) (HKLM\...\{7864E49A-A67D-4FA4-A3A6-E5049FCBBBF0}) (Version: 3.13.2150.0 - Python Software Foundation) Hidden
Python 3.13.2 Documentation (64-bit) (HKLM\...\{78405CCF-67BD-4630-ADE2-ADB5D09AC347}) (Version: 3.13.2150.0 - Python Software Foundation) Hidden
Python 3.13.2 Executables (64-bit) (HKLM\...\{5EEECB0A-2BEA-4A17-8F52-33853A198059}) (Version: 3.13.2150.0 - Python Software Foundation) Hidden
Python 3.13.2 pip Bootstrap (64-bit) (HKLM\...\{5E8E4228-121B-49EA-9CC2-B8E3CBED5080}) (Version: 3.13.2150.0 - Python Software Foundation) Hidden
Python 3.13.2 Standard Library (64-bit) (HKLM\...\{89609059-34FF-4C34-8D70-2FF7FA4B2490}) (Version: 3.13.2150.0 - Python Software Foundation) Hidden
Python 3.13.2 Tcl/Tk Support (64-bit) (HKLM\...\{A8BA555F-4CCF-4B73-8205-C9529D178E57}) (Version: 3.13.2150.0 - Python Software Foundation) Hidden
Python 3.13.2 Test Suite (64-bit) (HKLM\...\{E77A600D-F93D-4182-A270-FFBEC7D476B9}) (Version: 3.13.2150.0 - Python Software Foundation) Hidden
Python 3.9.4 (64-bit) (HKU\S-1-5-21-2765374831-2570406690-475332977-1003\...\{e300c142-10a9-46f4-a195-bd40cb90a84f}) (Version: 3.9.4150.0 - Python Software Foundation)
Python 3.9.4 Add to Path (64-bit) (HKLM\...\{D5076D33-101B-4402-AAC0-001C6D74D9AB}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Core Interpreter (64-bit) (HKLM\...\{DE09AD3C-F617-4EAF-B4F5-943473CB00DA}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Development Libraries (64-bit) (HKLM\...\{CCD8CD39-7BDE-46B9-9222-336226D0C346}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Documentation (64-bit) (HKLM\...\{C625291F-C4B5-45A7-B946-FFAB8535A64A}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Executables (64-bit) (HKLM\...\{A8C63C1D-BCF8-4446-AFAA-AE21DDA1DBEF}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 pip Bootstrap (64-bit) (HKLM\...\{2E65BC05-C532-4BD6-ACDD-3CFDE86F5E36}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Standard Library (64-bit) (HKLM\...\{D8D430E7-0DCE-418C-A937-735F329C1AD8}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Tcl/Tk Support (64-bit) (HKLM\...\{E4228F0E-C40C-403A-9533-29BA5A9F9E99}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Test Suite (64-bit) (HKLM\...\{86FD19A0-F018-465C-B8C9-02EA01D35A4B}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Utility Scripts (64-bit) (HKLM\...\{0C0FBC09-C0AA-4B66-92BF-E321BC8C9FA5}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C7213DDA-56FA-4C9E-BA0C-1C907366F456}) (Version: 3.13.2150.0 - Python Software Foundation)
SDK ARM Additions (HKLM-x32\...\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{253D6AD3-5786-4B3B-B4E1-E082482A1F26}) (Version: 14.16.27033 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{E2121340-F05B-48E1-BE1D-175FA97B2FC0}) (Version: 14.29.30157 - Microsoft Corporation) Hidden
Visual Studio Build Tools 2017 (HKLM-x32\...\83857489) (Version: 15.9.28307.1500 - Microsoft Corporation)
Visual Studio Build Tools 2019 (HKLM-x32\...\3d39b769) (Version: 16.11.45 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{375AFBC1-2264-470C-9ADE-2C0BF23328A2}) (Version: 16.11.34930 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{102E83BD-B6A0-4C74-AD22-7D594A3435D3}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{6CBDE7BE-E956-4E0E-81FB-2CB79190C924}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{AB0010C0-CA62-40C7-BDED-DB2514BDCF19}) (Version: 16.11.34827 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{C1337DAC-D78B-4435-B795-29E8B7D5E75C}) (Version: 16.11.34902 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
Wampserver64 3.2.3 (HKLM\...\{wampserver64}_is1) (Version: 3.2.3 - Dominique Ottello aka Otomatic)
WhatsApp (HKU\S-1-5-21-2765374831-2570406690-475332977-1002\...\WhatsApp) (Version: 2.2134.10 - WhatsApp)
WinAppDeploy (HKLM-x32\...\{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows App Certification Kit Native Components (HKLM\...\{D2886D0B-F38D-EB07-2108-B6218761F8F9}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows App Certification Kit SupportedApiList x86 (HKLM-x32\...\{26D02D07-8007-2FD2-6DFE-14B29D09B5FD}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (HKLM-x32\...\{6487BFDF-6FA4-7CC5-0341-AA5D1AB69856}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Desktop Extension SDK (HKLM-x32\...\{D3B54AAA-2B64-5DE2-EA64-9900152E5282}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Desktop Extension SDK (HKLM-x32\...\{EC74C9E5-A88F-D4DF-1DD0-FA42FFBB298D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows Desktop Extension SDK Contracts (HKLM-x32\...\{942262C5-DA88-830D-7140-C5BCC896DD60}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows Desktop Extension SDK Contracts (HKLM-x32\...\{A34A6580-86EF-A26A-33A5-80E1919B7F75}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows IoT Extension SDK (HKLM-x32\...\{084094EF-6AC9-480A-7CC1-04199047BBDD}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows IoT Extension SDK (HKLM-x32\...\{110B5402-97D4-DDA2-7B42-665D8325A44F}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows IoT Extension SDK Contracts (HKLM-x32\...\{497B2D49-F5C2-CA3B-05FF-22ABF39F2873}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows IoT Extension SDK Contracts (HKLM-x32\...\{AC8F20B3-36BB-DE22-CA37-43BC967B3F47}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows Mobile Extension SDK (HKLM-x32\...\{718C25EB-084C-6341-1C3E-589DA641C28F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Mobile Extension SDK (HKLM-x32\...\{B38CF8FF-C0D9-B11D-6484-B95A81C72DDC}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows Mobile Extension SDK Contracts (HKLM-x32\...\{6FF4EDB8-56EA-640C-47CA-54C845F7D273}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows Mobile Extension SDK Contracts (HKLM-x32\...\{7A9E937D-9757-80CB-A6E3-F4AB6081AEA6}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows SDK (HKLM-x32\...\{7B891B74-6BE8-1581-357C-72DD8A82F0F7}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows SDK ARM Desktop Tools (HKLM-x32\...\{940042ED-CB90-8E03-BE68-DF8A76E661FD}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK ARM Desktop Tools (HKLM-x32\...\{EA15DC17-4379-6850-16FA-D6527641A8DD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers arm (HKLM-x32\...\{4BD2B107-B0D3-850C-7135-ACA153D30C78}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers arm (HKLM-x32\...\{BFC2CA21-326B-90D1-B0E5-F1327411D4A5}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers arm64 (HKLM-x32\...\{441FA049-A2AB-7E8D-375D-5C9720CD3325}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers arm64 (HKLM-x32\...\{C88797F9-0AD8-E022-5BBB-596BC78D4C76}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers x64 (HKLM-x32\...\{492AAE4A-619E-64BF-6173-DB4E25D67533}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers x64 (HKLM-x32\...\{C81D239D-863A-D4B4-3562-BC8D3D7C271E}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers x86 (HKLM-x32\...\{3D5981B5-ABF0-1495-7FC3-102D1C75B9C8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers x86 (HKLM-x32\...\{C971A14A-F045-BD6A-C670-05C7B74A37FE}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs arm (HKLM-x32\...\{2AC29D7B-F29F-34FA-4434-C5DF1F086264}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs arm (HKLM-x32\...\{323350A8-D3DC-2F8C-2976-E59E2C132B74}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs arm64 (HKLM-x32\...\{51ACC3C5-D131-0916-3F0C-59455F32E6B0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs arm64 (HKLM-x32\...\{9555AB64-6A00-776F-CA44-568E0E7B9632}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs x64 (HKLM-x32\...\{170B023D-7C1B-2EF4-D3E9-B974A26752AC}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs x64 (HKLM-x32\...\{AE5CE40F-6C6D-C95F-FD37-D9EF7093CA99}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs x86 (HKLM-x32\...\{7DD1F495-F1BF-6A30-620F-AC064DD302D8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs x86 (HKLM-x32\...\{D5B8B2F7-680B-B6D4-6353-377C73C0F8A8}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools arm64 (HKLM-x32\...\{06E580FA-F3B2-08E9-4DC0-0AB55D985CBB}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools arm64 (HKLM-x32\...\{9D5486B4-7458-1A53-E92F-8CFD4AF85D4B}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools x64 (HKLM-x32\...\{8308EFA9-D647-6BF4-6525-349091FBD528}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools x64 (HKLM-x32\...\{F9BDEC71-9E56-CFBF-0AE8-E7AF032D07C7}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools x86 (HKLM-x32\...\{1C966E96-8553-EF1E-A06F-A8174B3CAA60}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools x86 (HKLM-x32\...\{F770E8F3-139B-0373-8692-BF619445B8C2}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK DirectX x64 Remote (HKLM\...\{EBD149F6-9F46-49E4-ED99-25D2A0ECDBBD}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK DirectX x86 Remote (HKLM-x32\...\{313B416A-97E7-F3EF-EDFC-A903A8CA4BC2}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK EULA (HKLM-x32\...\{2DD06060-C61D-7C3A-AA55-6E3FD9493D61}) (Version: 10.1.17763.132 - Microsoft Corporations) Hidden
Windows SDK EULA (HKLM-x32\...\{A50A075D-973C-1867-4228-738205D555C8}) (Version: 10.1.19041.685 - Microsoft Corporations) Hidden
Windows SDK Facade Windows WinMD Versioned (HKLM-x32\...\{2D296649-CFBE-CF23-EA8E-E24554187B3F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Facade Windows WinMD Versioned (HKLM-x32\...\{CA7A8A65-AB2E-43AA-4110-10C50115E211}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps (HKLM-x32\...\{A5E4C2C0-D963-40D6-8E5F-60A4DD995331}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Contracts (HKLM-x32\...\{2A8533B3-8D16-67E4-E729-5BB04EDD2FE4}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Contracts (HKLM-x32\...\{36AA7E63-76E9-E591-C985-272415268810}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps DirectX x86 Remote (HKLM-x32\...\{0E2FEA3B-C853-DE2A-8A04-BB7D5BF010E0}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps DirectX x86 Remote (HKLM-x32\...\{929C5E30-584A-9E44-2C03-08AA27927317}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Headers (HKLM-x32\...\{785711EA-DD49-D232-BB29-D48350CC458F}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Headers (HKLM-x32\...\{8E9DD3FE-3338-8012-81C5-F3AA9B617BAE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Libs (HKLM-x32\...\{1FBBD022-F751-FE7B-54DF-9FED23892B2F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Libs (HKLM-x32\...\{DAED8629-A799-B67F-9751-F3A1C60EE335}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Metadata (HKLM-x32\...\{2CFB2180-7C20-5470-4B8A-747512A6AB70}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Metadata (HKLM-x32\...\{A128C4CE-88C8-8BDF-FBE9-A517979E0BDD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Tools (HKLM-x32\...\{4AC6C7FB-D848-9D68-DCB0-1376083FEA3A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Tools (HKLM-x32\...\{BA610F2C-C1FA-0A65-2B4D-8272223AC061}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Managed Apps Libs (HKLM-x32\...\{9A0DC6A1-E91D-EB94-FB4D-41DDDE8A225D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Managed Apps Libs (HKLM-x32\...\{FF7D4409-CF59-34AE-BDC7-8A6146A9BA36}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Modern Non-Versioned Developer Tools (HKLM-x32\...\{43AA42C2-D292-CF91-6264-63B7A99CDE99}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Modern Versioned Developer Tools (HKLM-x32\...\{C1C8121A-6BDE-478E-3685-C09F9287D6F0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Modern Versioned Developer Tools (HKLM-x32\...\{FC5A59F8-6BEE-FBB4-C720-47C565A92798}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Redistributables (HKLM-x32\...\{43B3CDF5-CD8F-9A5E-4598-765F8CB27170}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Signing Tools (HKLM-x32\...\{58770E7F-37C0-70F9-6CBF-2B18503B0EE0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK Signing Tools (HKLM-x32\...\{B62A26BB-90A0-82FB-2DDC-3157ADF07833}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.19041.685 (HKLM-x32\...\{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 - Microsoft Corporation)
Windows Team Extension SDK (HKLM-x32\...\{A8B548F5-D495-BB71-F673-2D48FD7E764C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows Team Extension SDK (HKLM-x32\...\{CE7E4A6A-45A2-2968-4B34-D0D4CFCC0E1D}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Team Extension SDK Contracts (HKLM-x32\...\{5F616EBF-DF09-A2DA-AB66-3A5341FA611C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Team Extension SDK Contracts (HKLM-x32\...\{F57D8118-1428-ECB8-0729-A577A9A1DEA8}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Zoom (HKU\S-1-5-21-2765374831-2570406690-475332977-1002\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-06-02] ()
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2022-04-30] (Canon Inc.)
Dolby Audio -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaudio_3.20800.804.0_x64__rz1tebttyb220 [2021-04-23] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2025-06-02] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1042.0_x64__8j3eq9eme6ctt [2025-06-02] (INTEL CORP)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2501.20.0_x64__k1h2ywk1493x8 [2025-06-02] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.4.12.0_x64__5grkq8ppsgwt4 [2023-06-10] (LENOVO INC) [Startup Task]
Microsoft Edge Game Assist -> C:\Program Files\WindowsApps\Microsoft.Edge.GameAssist_1.0.3336.0_x64__8wekyb3d8bbwe [2025-06-02] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2021-04-24] (Realtek Semiconductor Corp)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.150.3125.0_x64__kzf8qxf38zg5c [2025-06-02] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0 [2022-03-12] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2765374831-2570406690-475332977-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\contextMenu\NppShell.dll [2023-11-23] (Notepad++ -> Bjarke I. Pedersen gurli@gurlinet.dk)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-05-23] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-05-23] (Malwarebytes Inc -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKU\S-1-5-21-2765374831-2570406690-475332977-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-2765374831-2570406690-475332977-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-2765374831-2570406690-475332977-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 22:49 - 2021-09-14 21:04 - 000000039 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python313\Scripts\;C:\Python313\;C:\Python39\Scripts\;C:\Python39\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\ProgramData\chocolatey\bin;C:\Program Files\Git\cmd;C:\Program Files\nodejs\
HKU\S-1-5-21-2765374831-2570406690-475332977-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\DesktopSpotlight\Assets\Images\image_1.jpg
HKU\S-1-5-21-2765374831-2570406690-475332977-1002\Control Panel\Desktop\\Wallpaper -> c:\users\Sara\pictures\dog.jpg
HKU\S-1-5-21-2765374831-2570406690-475332977-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi: Intel® Wireless-AC 9560 -> Netwtw10.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2765374831-2570406690-475332977-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_5D0B9B32D58562F96A246E8A9F526450"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C5C3CA52-5649-4361-9DD3-444CC0A8D64E}] => (Allow) C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{31EBA2D4-8D34-49DC-B881-8F805AA20652}] => (Allow) C:\Users\admin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{14A74129-67A4-4B94-AE26-967D6F69D7D8}] => (Allow) C:\Users\admin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{16ACC292-D34F-4695-B301-69BD89F0A816}C:\users\Sara\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\Sara\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{B27C41AF-0659-47CE-A699-5E3CB07C90E7}C:\users\Sara\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\Sara\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{7263E10F-0166-4A97-AA4B-57F09A0C986A}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [UDP Query User{BE3BCF14-AAD5-46FC-B41B-CEDF0CCF88F5}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [TCP Query User{A52D419B-DC05-4839-A03D-765F028C5428}C:\users\Sara\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\Sara\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{B25E4922-61BB-4C9E-8CB6-79CEE7FA3E58}C:\users\Sara\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\Sara\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E91F2801-5F37-495B-A155-83F6C4DB65FA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{06A45ED2-40DE-4CB7-878E-B9FE263AC930}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF294A04-DB48-4EF0-9522-EA69B8A6E0C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{47C02FC2-430F-43EC-A483-574B225CCA01}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{8BBD7238-89D4-42F6-9B28-26B04B2DA37F}C:\program files\ibm\spss statistics\stats.exe] => (Allow) C:\program files\ibm\spss statistics\stats.exe => No File
FirewallRules: [UDP Query User{662ED10F-3209-431F-BFFE-AAAA02CE9D89}C:\program files\ibm\spss statistics\stats.exe] => (Allow) C:\program files\ibm\spss statistics\stats.exe => No File
FirewallRules: [{520FE008-D534-4C04-A805-C4FBDB6F86A3}] => (Block) C:\program files\ibm\spss statistics\stats.exe => No File
FirewallRules: [{216C86BC-0C4A-4675-9F6C-4CBF4070F1C2}] => (Block) C:\program files\ibm\spss statistics\stats.exe => No File
FirewallRules: [{662FF126-8F50-4E87-B350-229A94401575}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B5A11635-4548-4618-AA77-FFD83B0D6702}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4D8B2706-09F3-4765-8F7E-66E232C8B8B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{168F6073-A3E4-4201-8D64-D6BD349276CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BD11BCC4-3E01-44D6-B122-85563140CF90}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0BBFF3AB-B54A-4DD0-A52A-92069ECAF7AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{05D17F01-11C4-4514-8BEF-BA5A6B883BBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{02880245-689D-442E-B9D5-8CD10F92FEB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [TCP Query User{F20A17AD-16ED-4503-B5A6-C97B4D736EDE}C:\users\Joe\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\Joe\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{495D090B-E1ED-4376-8FB8-4DFCEAF4E0B7}C:\users\Joe\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\Joe\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B847AA8-8B7E-47D3-AB67-26A587ABE2F5}] => (Block) C:\users\Joe\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5C59E89D-AB76-4F74-B41B-4D443CD44768}] => (Block) C:\users\Joe\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{AAB1A24B-A7B0-4461-9CDD-6166653BA5AA}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{A35DABCD-BFC4-42E0-A889-A8A0F6534CE4}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{556EBD96-0CE3-49C1-BD96-6ED6DC6D41F3}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Block) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{295C2730-7474-478C-9AEF-656C2A57CC58}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Block) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{6F4D8F34-6271-4D8A-A77E-2A4EED3A4292}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{ECAFE0F3-9221-49BE-B5BA-FE58FEFBD320}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{66FE1848-243B-4779-BE22-D6AEA7381D47}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7488CC6C-9270-4BDD-AD45-AB86FFCE9D36}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C3B6360E-4997-4F3D-9BB8-DEC47CCECA29}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{AF33A62C-E880-49CE-BF89-A474C6A4AD4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7C2AF5FF-9572-4A39-B24A-475615FE18E0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9A67B537-609E-46FA-A13B-A16363F99524}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [TCP Query User{9CB6BDAE-F926-4208-AABA-315DA0950009}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{E8D14CE3-D9D8-4538-8C83-761010F5AC73}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{A792DAFA-9113-4CA5-BFC8-DE591D783B40}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Block) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [UDP Query User{F59F7CD5-9474-4FC3-9543-71CF15372705}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Block) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{C91863DB-A6EC-4369-A193-DF60D16651AA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FFD6DC57-3CC7-4C82-A66A-C5512024F571}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{81AFBD27-0476-43C7-9384-1B32AAB63909}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{433DADA8-30D4-4692-9B73-B6A125D3FF90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C0412918-5F77-4A17-A406-7824C9FC2D72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{A73C0B06-F216-4B08-A5CF-1C4289BE58B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{D8201F3A-79E3-4E8C-9582-0D6F2B8EBEE3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{5B20254A-5E25-454A-B4BB-0386D50B75BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{751D3BD2-D73F-4B67-BBFA-C6A20AB1E778}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{B5549780-0FA5-4DAF-8A50-05DF69982DED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{ED4A6D48-AAA4-415E-B419-AABEF0C2B084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{A457E57C-0447-4C78-AA06-BB5CF7B255CC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C07A4716-F9AF-4837-9962-442FADCBF89C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8D73836B-DB92-409B-9344-06C03B503E3B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{E54BEB06-3439-495D-BC01-E7CF6BFEF4B4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{E1A9526E-1B2F-4F21-8B96-8CA3C9031B66}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3CFD912D-1BF6-468E-B4E9-AE95DF4ACE1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{367EAACC-F12D-4B12-B90F-3D615C511463}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F5DF806C-FF06-441F-AE96-CFD949D1FA85}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F231D2DD-7FED-428F-B75D-5DCC3EC73240}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{CA211FA1-8904-4656-B5EE-F55FFD8A2A2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FCB6BE00-417D-4B08-8324-89785F856B7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{250C8E3D-633C-489A-B8AC-A813D3545768}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{5D288EAB-71B0-40F6-874C-B8135CF12182}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{587FBD13-0EB4-48EE-9165-A377649B3709}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{C8A112AB-BB90-4F83-9BC5-309B529E695C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{22F668A0-6104-4A0A-B532-0F40042E1095}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{4909FCDD-3693-44FA-9C35-1509E6994496}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{78BC6F28-F48A-4666-B0B2-488E0C23A180}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{414B2DA6-FDA4-4CFA-903F-CE959FF7020B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{A5958A53-3892-4EBC-87AE-1D8F6E6718AF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{2EABE091-4809-482D-ABA5-9BDCBEE08ED3}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{5C4210D7-FC55-4F19-9623-6D3522AB26A5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9ED77722-E37B-472F-800D-49D70B10BD3F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{DAA4CDC4-AC17-415E-AF09-C6786504A98F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{91C1EB79-4B43-438A-AFBF-4FAF5415E76F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [TCP Query User{ABDE8EED-BC4F-4C6E-A15E-DCF7D2C60D05}C:\program files\nodejs\node.exe] => (Block) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [UDP Query User{F42EFF63-C73A-4D81-B779-1B99AD84F13B}C:\program files\nodejs\node.exe] => (Block) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [{4E1627D3-A2B7-4EC1-BA68-5DAE8C44CA15}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{18C23D54-3900-4AAE-8774-2B46EBFADFD9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F04D702B-5658-433E-88D0-F49AF1AB09F9}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{FD48F91C-0399-49AD-BA90-5CEB55C03953}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.264.408.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BD5366E8-AA5F-4824-9026-F77FC1D2B806}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.264.408.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AF779B04-AD18-4FB2-BC93-28C902A5CEA6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.264.408.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{61610257-67D5-4ED7-B672-7219312AA580}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.264.408.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6C9AF27F-9632-4122-863C-5A92A3455C05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.264.408.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{862887C6-6DFA-4C1D-89CA-D6FD0C66C59E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.264.408.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{850230CA-6512-4E79-88E0-379CAC87FC04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.264.408.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E1073D86-EBBB-446B-9947-3CA1C3280FF9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.264.408.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0B63E255-F1D0-4747-A405-73367E313477}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.264.408.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EDE1941E-BA14-49A6-BC65-93AAF137F41D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.264.408.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

==================== Restore Points =========================

23-05-2025 22:36:07 Scheduled Checkpoint
01-06-2025 16:45:36 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (06/01/2025 06:43:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 243375

Error: (06/01/2025 06:43:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 243375

Error: (06/01/2025 06:43:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/01/2025 06:43:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 223016

Error: (06/01/2025 06:43:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 223016

Error: (06/01/2025 06:43:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/01/2025 06:42:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 202578

Error: (06/01/2025 06:42:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 202578

System errors:
=============
Error: (06/01/2025 07:20:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:58:34 PM on ‎6/‎1/‎2025 was unexpected.

Error: (06/01/2025 07:18:51 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5USU85JC)
Description: The server {284CACFE-B6F2-461A-90C3-A7ACC8353816} did not register with DCOM within the required timeout.

Error: (06/01/2025 07:16:51 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5USU85JC)
Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout.

Error: (06/01/2025 07:14:51 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5USU85JC)
Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout.

Error: (06/01/2025 07:12:51 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5USU85JC)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (06/01/2025 07:10:51 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5USU85JC)
Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout.

Error: (06/01/2025 07:08:51 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5USU85JC)
Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout.

Error: (06/01/2025 07:06:51 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5USU85JC)
Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout.

Windows Defender:
================
Date: 2025-06-01 16:40:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown

Date: 2025-05-30 21:08:56
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2025-05-29 21:14:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2025-05-29 15:01:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days

Date: 2025-05-26 22:29:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days
Event[0]:

Date: 2024-08-07 12:19:08
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2024-08-07 12:19:08
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2024-08-07 12:19:08
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2024-08-07 12:19:08
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2024-08-07 12:19:08
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2025-06-01 19:30:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO DJCN29WW 09/05/2022
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core™ i7-1065G7 CPU @ 1.30GHz
Percentage of memory in use: 48%
Total physical RAM: 16086.81 MB
Available physical RAM: 8275.02 MB
Total Virtual: 32470.81 MB
Available Virtual: 24042.54 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:249.02 GB) (Model: SAMSUNG MZALQ512HALU-000L2) (Protected) NTFS

\\?\Volume{f0fbc5e2-def5-4d27-a998-56646898f974}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.34 GB) NTFS
\\?\Volume{9be9378a-ebb3-495c-94cc-e901a3646d6e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 7AEF14EC)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files

FRST.txt 38.85KB 2 downloads
Addition.txt 61.73KB 2 downloads

Edited by Oh My!, 01 June 2025 - 08:58 PM.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
60,691 posts
ONLINE

Gender:Male
Location:California
Local time:08:31 PM

Posted 01 June 2025 - 08:56 PM

Greetings and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please copy and paste all logs into your post unless otherwise requested.
When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.[/b]
John 6:68-69

#3 vogom95746

Topic Starter

Members
17 posts
ONLINE

Local time:09:31 PM

Posted 01 June 2025 - 09:03 PM

Hi Oh My! Thanks for helping me!

#4 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
60,691 posts
ONLINE

Gender:Male
Location:California
Local time:08:31 PM

Posted 01 June 2025 - 09:38 PM

My pleasure.

I am ending for the evening so I will be reviewing your reply in the morning.

Let's start with this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
CreateRestorePoint:
CloseProcesses:
Zip: C:\WINDOWS\Minidump
Folder: C:\Users\admin\AppData\Local\SolidDocuments
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
2025-06-01 15:37 - 2025-06-01 15:37 - 000000000 _____ C:\Users\Joe\AppData\Local\{CD5DDA91-0B3F-4DCE-A4CB-1672FFDEF55A}
HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) 
Task: {06FEF118-1E47-4CD0-8CA1-3F23A5249FEF} - \OneDrive Standalone Update Task-S-1-5-21-2326634645-996202713-3136003770-500 -> No File <==== ATTENTION 
Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION 
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION 
Task: {9B560D91-86B9-49E2-8824-0B2EBBADC2DA} - \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance -> No File <==== ATTENTION 
Task: {C5D067D5-EC9E-4B7E-95BF-976F7BCA83A5} - \LenovoUtility Startup -> No File <==== ATTENTION 
Task: {C9D12534-24D4-4A67-9B9E-8E4BF096068D} - \Microsoft\Windows\SMB\UninstallSMB1ServerTask -> No File <==== ATTENTION 
Task: {CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION 
Task: {EDFB5CA4-0633-40DD-A2A1-6B82624AD85B} - \Microsoft\Windows\SMB\UninstallSMB1ClientTask -> No File <==== ATTENTION 
Task: {CD85C85E-3CB4-4F06-A51C-54ADEDD87A06} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe  Lenovo.Vantage.SmartPerformance.SScan (No File) 
Task: {263E7266-1F6F-4E7F-B5DB-C7519ACBDABA} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe  NotificationCenter (No File) 
Task: {9129F34D-B145-4BA7-92EA-D0A69DA64869} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe  VantageTelemetryAddinTask (No File) 
Task: {94312EE1-72C5-4858-B0C7-FA1BE4214A85} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe  /repair (No File) 
FirewallRules: [{C5C3CA52-5649-4361-9DD3-444CC0A8D64E}] => (Allow) C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe => No File 
FirewallRules: [{31EBA2D4-8D34-49DC-B881-8F805AA20652}] => (Allow) C:\Users\admin\AppData\Roaming\Zoom\bin\airhost.exe => No File 
FirewallRules: [{14A74129-67A4-4B94-AE26-967D6F69D7D8}] => (Allow) C:\Users\admin\AppData\Roaming\Zoom\bin\airhost.exe => No File 
FirewallRules: [TCP Query User{8BBD7238-89D4-42F6-9B28-26B04B2DA37F}C:\program files\ibm\spss statistics\stats.exe] => (Allow) C:\program files\ibm\spss statistics\stats.exe => No File 
FirewallRules: [UDP Query User{662ED10F-3209-431F-BFFE-AAAA02CE9D89}C:\program files\ibm\spss statistics\stats.exe] => (Allow) C:\program files\ibm\spss statistics\stats.exe => No File 
FirewallRules: [{520FE008-D534-4C04-A805-C4FBDB6F86A3}] => (Block) C:\program files\ibm\spss statistics\stats.exe => No File 
FirewallRules: [{216C86BC-0C4A-4675-9F6C-4CBF4070F1C2}] => (Block) C:\program files\ibm\spss statistics\stats.exe => No File 
FirewallRules: [{6F4D8F34-6271-4D8A-A77E-2A4EED3A4292}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{ECAFE0F3-9221-49BE-B5BA-FE58FEFBD320}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{66FE1848-243B-4779-BE22-D6AEA7381D47}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{7488CC6C-9270-4BDD-AD45-AB86FFCE9D36}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{C3B6360E-4997-4F3D-9BB8-DEC47CCECA29}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{AF33A62C-E880-49CE-BF89-A474C6A4AD4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{7C2AF5FF-9572-4A39-B24A-475615FE18E0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{9A67B537-609E-46FA-A13B-A16363F99524}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{C91863DB-A6EC-4369-A193-DF60D16651AA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{FFD6DC57-3CC7-4C82-A66A-C5512024F571}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{81AFBD27-0476-43C7-9384-1B32AAB63909}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{433DADA8-30D4-4692-9B73-B6A125D3FF90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{C0412918-5F77-4A17-A406-7824C9FC2D72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{A73C0B06-F216-4B08-A5CF-1C4289BE58B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{D8201F3A-79E3-4E8C-9582-0D6F2B8EBEE3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{5B20254A-5E25-454A-B4BB-0386D50B75BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{751D3BD2-D73F-4B67-BBFA-C6A20AB1E778}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{B5549780-0FA5-4DAF-8A50-05DF69982DED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{ED4A6D48-AAA4-415E-B419-AABEF0C2B084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{A457E57C-0447-4C78-AA06-BB5CF7B255CC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{C07A4716-F9AF-4837-9962-442FADCBF89C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{8D73836B-DB92-409B-9344-06C03B503E3B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{E54BEB06-3439-495D-BC01-E7CF6BFEF4B4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{E1A9526E-1B2F-4F21-8B96-8CA3C9031B66}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{3CFD912D-1BF6-468E-B4E9-AE95DF4ACE1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{367EAACC-F12D-4B12-B90F-3D615C511463}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{F5DF806C-FF06-441F-AE96-CFD949D1FA85}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{F231D2DD-7FED-428F-B75D-5DCC3EC73240}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{CA211FA1-8904-4656-B5EE-F55FFD8A2A2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{FCB6BE00-417D-4B08-8324-89785F856B7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{250C8E3D-633C-489A-B8AC-A813D3545768}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{5D288EAB-71B0-40F6-874C-B8135CF12182}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{A5958A53-3892-4EBC-87AE-1D8F6E6718AF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File 
FirewallRules: [{5C4210D7-FC55-4F19-9623-6D3522AB26A5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{9ED77722-E37B-472F-800D-49D70B10BD3F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{DAA4CDC4-AC17-415E-AF09-C6786504A98F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{91C1EB79-4B43-438A-AFBF-4FAF5415E76F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\RunOnce: [Uninstall 21.016.0124.0003\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\amd64" [0 2025-06-02] () <==== ATTENTION [zero byte File/Folder] 
HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\RunOnce: [Uninstall 21.016.0124.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.016.0124.0003" [0 2025-06-02] () <==== ATTENTION [zero byte File/Folder] 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
The tool will create a zipped folder on the Desktop with today's date. Please upload the file here.
A SystemSummary file will be created on your Desktop. Please zip and upload the file here.

===================================================

Farbar MiniToolBox

--------------------

Please download MiniToolBox and download it to your desktop
Close any browsers you may have open
Right click the icon and select Run as administrator
Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List Devices - Only Problems

Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
Please copy and paste the contents in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog
Uploaded zip files
MTB.txt

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.[/b]
John 6:68-69

#5 vogom95746

Topic Starter

Members
17 posts
ONLINE

Local time:09:31 PM

Posted 01 June 2025 - 10:25 PM

I was able to run everything while the computer wasn't hanging. So hopefully the logs still reveal what the problem is. The two zipped files have been uploaded. Thanks again for helping me. I'm looking forward to any next steps.

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-06-2025

Ran by admin (01-06-2025 20:56:54) Run:1

Running from C:\Users\admin\Desktop

Loaded Profiles: admin & Sara & Joe

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start::

CreateRestorePoint:

CloseProcesses:

Zip: C:\WINDOWS\Minidump

Folder: C:\Users\admin\AppData\Local\SolidDocuments

cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary

2025-06-01 15:37 - 2025-06-01 15:37 - 000000000 _____ C:\Users\Joe\AppData\Local\{CD5DDA91-0B3F-4DCE-A4CB-1672FFDEF55A}

HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)

Task: {06FEF118-1E47-4CD0-8CA1-3F23A5249FEF} - \OneDrive Standalone Update Task-S-1-5-21-2326634645-996202713-3136003770-500 -> No File <==== ATTENTION

Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION

Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION

Task: {9B560D91-86B9-49E2-8824-0B2EBBADC2DA} - \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance -> No File <==== ATTENTION

Task: {C5D067D5-EC9E-4B7E-95BF-976F7BCA83A5} - \LenovoUtility Startup -> No File <==== ATTENTION

Task: {C9D12534-24D4-4A67-9B9E-8E4BF096068D} - \Microsoft\Windows\SMB\UninstallSMB1ServerTask -> No File <==== ATTENTION

Task: {CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION

Task: {EDFB5CA4-0633-40DD-A2A1-6B82624AD85B} - \Microsoft\Windows\SMB\UninstallSMB1ClientTask -> No File <==== ATTENTION

Task: {CD85C85E-3CB4-4F06-A51C-54ADEDD87A06} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.SScan (No File)

Task: {263E7266-1F6F-4E7F-B5DB-C7519ACBDABA} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)

Task: {9129F34D-B145-4BA7-92EA-D0A69DA64869} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)

Task: {94312EE1-72C5-4858-B0C7-FA1BE4214A85} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)

FirewallRules: [{C5C3CA52-5649-4361-9DD3-444CC0A8D64E}] => (Allow) C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe => No File

FirewallRules: [{31EBA2D4-8D34-49DC-B881-8F805AA20652}] => (Allow) C:\Users\admin\AppData\Roaming\Zoom\bin\airhost.exe => No File

FirewallRules: [{14A74129-67A4-4B94-AE26-967D6F69D7D8}] => (Allow) C:\Users\admin\AppData\Roaming\Zoom\bin\airhost.exe => No File

FirewallRules: [TCP Query User{8BBD7238-89D4-42F6-9B28-26B04B2DA37F}C:\program files\ibm\spss statistics\stats.exe] => (Allow) C:\program files\ibm\spss statistics\stats.exe => No File

FirewallRules: [UDP Query User{662ED10F-3209-431F-BFFE-AAAA02CE9D89}C:\program files\ibm\spss statistics\stats.exe] => (Allow) C:\program files\ibm\spss statistics\stats.exe => No File

FirewallRules: [{520FE008-D534-4C04-A805-C4FBDB6F86A3}] => (Block) C:\program files\ibm\spss statistics\stats.exe => No File

FirewallRules: [{216C86BC-0C4A-4675-9F6C-4CBF4070F1C2}] => (Block) C:\program files\ibm\spss statistics\stats.exe => No File

FirewallRules: [{6F4D8F34-6271-4D8A-A77E-2A4EED3A4292}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{ECAFE0F3-9221-49BE-B5BA-FE58FEFBD320}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{66FE1848-243B-4779-BE22-D6AEA7381D47}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{7488CC6C-9270-4BDD-AD45-AB86FFCE9D36}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3408.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{C3B6360E-4997-4F3D-9BB8-DEC47CCECA29}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{AF33A62C-E880-49CE-BF89-A474C6A4AD4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{7C2AF5FF-9572-4A39-B24A-475615FE18E0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{9A67B537-609E-46FA-A13B-A16363F99524}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{C91863DB-A6EC-4369-A193-DF60D16651AA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{FFD6DC57-3CC7-4C82-A66A-C5512024F571}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{81AFBD27-0476-43C7-9384-1B32AAB63909}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{433DADA8-30D4-4692-9B73-B6A125D3FF90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{C0412918-5F77-4A17-A406-7824C9FC2D72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{A73C0B06-F216-4B08-A5CF-1C4289BE58B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{D8201F3A-79E3-4E8C-9582-0D6F2B8EBEE3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{5B20254A-5E25-454A-B4BB-0386D50B75BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{751D3BD2-D73F-4B67-BBFA-C6A20AB1E778}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{B5549780-0FA5-4DAF-8A50-05DF69982DED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{ED4A6D48-AAA4-415E-B419-AABEF0C2B084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{A457E57C-0447-4C78-AA06-BB5CF7B255CC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{C07A4716-F9AF-4837-9962-442FADCBF89C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{8D73836B-DB92-409B-9344-06C03B503E3B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{E54BEB06-3439-495D-BC01-E7CF6BFEF4B4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{E1A9526E-1B2F-4F21-8B96-8CA3C9031B66}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{3CFD912D-1BF6-468E-B4E9-AE95DF4ACE1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{367EAACC-F12D-4B12-B90F-3D615C511463}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{F5DF806C-FF06-441F-AE96-CFD949D1FA85}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{F231D2DD-7FED-428F-B75D-5DCC3EC73240}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{CA211FA1-8904-4656-B5EE-F55FFD8A2A2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{FCB6BE00-417D-4B08-8324-89785F856B7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{250C8E3D-633C-489A-B8AC-A813D3545768}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{5D288EAB-71B0-40F6-874C-B8135CF12182}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{A5958A53-3892-4EBC-87AE-1D8F6E6718AF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File

FirewallRules: [{5C4210D7-FC55-4F19-9623-6D3522AB26A5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{9ED77722-E37B-472F-800D-49D70B10BD3F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{DAA4CDC4-AC17-415E-AF09-C6786504A98F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

FirewallRules: [{91C1EB79-4B43-438A-AFBF-4FAF5415E76F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File

HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\RunOnce: [Uninstall 21.016.0124.0003\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\amd64" [0 2025-06-02] () <==== ATTENTION [zero byte File/Folder]

HKU\S-1-5-21-2765374831-2570406690-475332977-1001\...\RunOnce: [Uninstall 21.016.0124.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.016.0124.0003" [0 2025-06-02] () <==== ATTENTION [zero byte File/Folder]

cmd: sfc /scannow

cmd: DISM /Online /Cleanup-Image /CheckHealth

End::

*****************

Restore point was successfully created.

Processes closed successfully.

================== Zip: ===================

C:\WINDOWS\Minidump -> copied successfully to C:\Users\admin\Desktop\01.06.2025_20.57.02.zip

=========== Zip: End ===========

========================= Folder: C:\Users\admin\AppData\Local\SolidDocuments ========================

2025-06-01 19:21 - 2025-06-01 19:21 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\admin\AppData\Local\SolidDocuments\Acrobat

====== End of Folder: ======

========= msinfo32 /nfo SystemSummary.nfo /categories +systemsummary =========

========= End of CMD: =========

C:\Users\Joe\AppData\Local\{CD5DDA91-0B3F-4DCE-A4CB-1672FFDEF55A} => moved successfully

"HKU\S-1-5-21-2765374831-2570406690-475332977-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06FEF118-1E47-4CD0-8CA1-3F23A5249FEF}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06FEF118-1E47-4CD0-8CA1-3F23A5249FEF}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-2326634645-996202713-3136003770-500" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{105D676A-D551-4274-81E7-97AC52E4FD87}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{105D676A-D551-4274-81E7-97AC52E4FD87}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Speech\HeadsetButtonPress" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1949073A-8FDA-4EA4-8E59-407CDB02440F}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1949073A-8FDA-4EA4-8E59-407CDB02440F}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\sihpostreboot" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B560D91-86B9-49E2-8824-0B2EBBADC2DA}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B560D91-86B9-49E2-8824-0B2EBBADC2DA}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5D067D5-EC9E-4B7E-95BF-976F7BCA83A5}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5D067D5-EC9E-4B7E-95BF-976F7BCA83A5}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LenovoUtility Startup" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9D12534-24D4-4A67-9B9E-8E4BF096068D}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9D12534-24D4-4A67-9B9E-8E4BF096068D}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SMB\UninstallSMB1ServerTask" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Provisioning\PostResetBoot" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDFB5CA4-0633-40DD-A2A1-6B82624AD85B}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDFB5CA4-0633-40DD-A2A1-6B82624AD85B}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SMB\UninstallSMB1ClientTask" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD85C85E-3CB4-4F06-A51C-54ADEDD87A06}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD85C85E-3CB4-4F06-A51C-54ADEDD87A06}" => removed successfully

C:\WINDOWS\System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{263E7266-1F6F-4E7F-B5DB-C7519ACBDABA}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{263E7266-1F6F-4E7F-B5DB-C7519ACBDABA}" => removed successfully

C:\WINDOWS\System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\NotificationCenter" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9129F34D-B145-4BA7-92EA-D0A69DA64869}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9129F34D-B145-4BA7-92EA-D0A69DA64869}" => removed successfully

C:\WINDOWS\System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94312EE1-72C5-4858-B0C7-FA1BE4214A85}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94312EE1-72C5-4858-B0C7-FA1BE4214A85}" => removed successfully

C:\WINDOWS\System32\Tasks\Lenovo\Vantage\StartupFixPlan => moved successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\StartupFixPlan" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5C3CA52-5649-4361-9DD3-444CC0A8D64E}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31EBA2D4-8D34-49DC-B881-8F805AA20652}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14A74129-67A4-4B94-AE26-967D6F69D7D8}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8BBD7238-89D4-42F6-9B28-26B04B2DA37F}C:\program files\ibm\spss statistics\stats.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{662ED10F-3209-431F-BFFE-AAAA02CE9D89}C:\program files\ibm\spss statistics\stats.exe" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{520FE008-D534-4C04-A805-C4FBDB6F86A3}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{216C86BC-0C4A-4675-9F6C-4CBF4070F1C2}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F4D8F34-6271-4D8A-A77E-2A4EED3A4292}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECAFE0F3-9221-49BE-B5BA-FE58FEFBD320}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66FE1848-243B-4779-BE22-D6AEA7381D47}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7488CC6C-9270-4BDD-AD45-AB86FFCE9D36}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3B6360E-4997-4F3D-9BB8-DEC47CCECA29}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF33A62C-E880-49CE-BF89-A474C6A4AD4B}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C2AF5FF-9572-4A39-B24A-475615FE18E0}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A67B537-609E-46FA-A13B-A16363F99524}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C91863DB-A6EC-4369-A193-DF60D16651AA}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFD6DC57-3CC7-4C82-A66A-C5512024F571}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81AFBD27-0476-43C7-9384-1B32AAB63909}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{433DADA8-30D4-4692-9B73-B6A125D3FF90}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0412918-5F77-4A17-A406-7824C9FC2D72}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A73C0B06-F216-4B08-A5CF-1C4289BE58B6}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8201F3A-79E3-4E8C-9582-0D6F2B8EBEE3}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B20254A-5E25-454A-B4BB-0386D50B75BD}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{751D3BD2-D73F-4B67-BBFA-C6A20AB1E778}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5549780-0FA5-4DAF-8A50-05DF69982DED}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED4A6D48-AAA4-415E-B419-AABEF0C2B084}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A457E57C-0447-4C78-AA06-BB5CF7B255CC}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C07A4716-F9AF-4837-9962-442FADCBF89C}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D73836B-DB92-409B-9344-06C03B503E3B}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E54BEB06-3439-495D-BC01-E7CF6BFEF4B4}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1A9526E-1B2F-4F21-8B96-8CA3C9031B66}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CFD912D-1BF6-468E-B4E9-AE95DF4ACE1C}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{367EAACC-F12D-4B12-B90F-3D615C511463}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5DF806C-FF06-441F-AE96-CFD949D1FA85}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F231D2DD-7FED-428F-B75D-5DCC3EC73240}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA211FA1-8904-4656-B5EE-F55FFD8A2A2B}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCB6BE00-417D-4B08-8324-89785F856B7C}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{250C8E3D-633C-489A-B8AC-A813D3545768}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D288EAB-71B0-40F6-874C-B8135CF12182}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5958A53-3892-4EBC-87AE-1D8F6E6718AF}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C4210D7-FC55-4F19-9623-6D3522AB26A5}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9ED77722-E37B-472F-800D-49D70B10BD3F}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DAA4CDC4-AC17-415E-AF09-C6786504A98F}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91C1EB79-4B43-438A-AFBF-4FAF5415E76F}" => removed successfully

"HKU\S-1-5-21-2765374831-2570406690-475332977-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.016.0124.0003\amd64" => not found

"HKU\S-1-5-21-2765374831-2570406690-475332977-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.016.0124.0003" => not found

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.

Verification 1% complete.

Verification 2% complete.

Verification 3% complete.

Verification 4% complete.

Verification 5% complete.

Verification 6% complete.

Verification 7% complete.

Verification 8% complete.

Verification 9% complete.

Verification 10% complete.

Verification 11% complete.

Verification 12% complete.

Verification 13% complete.

Verification 14% complete.

Verification 15% complete.

Verification 16% complete.

Verification 17% complete.

Verification 18% complete.

Verification 19% complete.

Verification 20% complete.

Verification 21% complete.

Verification 22% complete.

Verification 23% complete.

Verification 24% complete.

Verification 25% complete.

Verification 26% complete.

Verification 27% complete.

Verification 28% complete.

Verification 29% complete.

Verification 30% complete.

Verification 31% complete.

Verification 32% complete.

Verification 33% complete.

Verification 34% complete.

Verification 35% complete.

Verification 36% complete.

Verification 37% complete.

Verification 38% complete.

Verification 39% complete.

Verification 40% complete.

Verification 41% complete.

Verification 42% complete.

Verification 43% complete.

Verification 44% complete.

Verification 45% complete.

Verification 46% complete.

Verification 47% complete.

Verification 48% complete.

Verification 49% complete.

Verification 50% complete.

Verification 51% complete.

Verification 52% complete.

Verification 53% complete.

Verification 54% complete.

Verification 55% complete.

Verification 56% complete.

Verification 57% complete.

Verification 58% complete.

Verification 59% complete.

Verification 60% complete.

Verification 61% complete.

Verification 62% complete.

Verification 63% complete.

Verification 64% complete.

Verification 65% complete.

Verification 66% complete.

Verification 67% complete.

Verification 68% complete.

Verification 69% complete.

Verification 70% complete.

Verification 71% complete.

Verification 72% complete.

Verification 73% complete.

Verification 74% complete.

Verification 75% complete.

Verification 76% complete.

Verification 77% complete.

Verification 78% complete.

Verification 79% complete.

Verification 80% complete.

Verification 81% complete.

Verification 82% complete.

Verification 83% complete.

Verification 84% complete.

Verification 85% complete.

Verification 86% complete.

Verification 87% complete.

Verification 88% complete.

Verification 89% complete.

Verification 90% complete.

Verification 91% complete.

Verification 92% complete.

Verification 93% complete.

Verification 94% complete.

Verification 95% complete.

Verification 96% complete.

Verification 97% complete.

Verification 98% complete.

Verification 99% complete.

Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool

Version: 10.0.19041.3636

Image Version: 10.0.19045.5854

No component store corruption detected.

The operation completed successfully.

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 20:59:58 ====

MiniToolBox by Farbar Version: 13-05-2022

Ran by admin (administrator) on 01-06-2025 at 21:12:59

Running from "C:\Users\admin\Desktop"

Microsoft Windows 10 Pro (X64)

Model: 20SM Manufacturer: LENOVO

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Wireless-AC 9560 = Wi-Fi (Connected)

Realtek PCIe GbE Family Controller = Ethernet (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet (Kernel Debugger)" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : LAPTOP-5USU85JC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller

Physical Address. . . . . . . . . : B4-A9-FC-BA-E5-EE

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 1:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

Physical Address. . . . . . . . . : DC-1B-A1-00-13-1B

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2

Physical Address. . . . . . . . . : DE-1B-A1-00-13-1A

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® Wireless-AC 9560

Physical Address. . . . . . . . . : DC-1B-A1-00-13-1A

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::d0b0:abab:3cf9:9f1e%8(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.0.139(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Sunday, June 1, 2025 9:01:01 PM

Lease Expires . . . . . . . . . . : Sunday, June 1, 2025 11:01:01 PM

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DHCPv6 IAID . . . . . . . . . . . : 131865505

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-A3-86-3C-B4-A9-FC-BA-E5-EE

DNS Servers . . . . . . . . . . . : 192.168.0.1

NetBIOS over Tcpip. . . . . . . . : Enabled

Server: UnKnown

Address: 192.168.0.1

Name: google.com

Addresses: 2607:f8b0:400f:804::200e

142.250.69.238

Pinging google.com [142.250.72.14] with 32 bytes of data:

Reply from 142.250.72.14: bytes=32 time=41ms TTL=115

Reply from 142.250.72.14: bytes=32 time=47ms TTL=115

Ping statistics for 142.250.72.14:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 41ms, Maximum = 47ms, Average = 44ms

Server: UnKnown

Address: 192.168.0.1

Name: yahoo.com

Addresses: 2001:4998:24:120d::1:1

2001:4998:124:1507::f000

2001:4998:124:1507::f001

2001:4998:44:3507::8001

2001:4998:24:120d::1:0

2001:4998:44:3507::8000

74.6.143.26

74.6.231.20

74.6.143.25

74.6.231.21

98.137.11.164

98.137.11.163

Pinging yahoo.com [74.6.231.21] with 32 bytes of data:

Reply from 74.6.231.21: bytes=32 time=57ms TTL=49

Ping statistics for 74.6.231.21:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 57ms, Maximum = 57ms, Average = 57ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

11...b4 a9 fc ba e5 ee ......Realtek PCIe GbE Family Controller

4...dc 1b a1 00 13 1b ......Microsoft Wi-Fi Direct Virtual Adapter

10...de 1b a1 00 13 1a ......Microsoft Wi-Fi Direct Virtual Adapter #2

8...dc 1b a1 00 13 1a ......Intel® Wireless-AC 9560

1...........................Software Loopback Interface 1

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.139 50

127.0.0.0 255.0.0.0 On-link 127.0.0.1 331

127.0.0.1 255.255.255.255 On-link 127.0.0.1 331

127.255.255.255 255.255.255.255 On-link 127.0.0.1 331

192.168.0.0 255.255.255.0 On-link 192.168.0.139 306

192.168.0.139 255.255.255.255 On-link 192.168.0.139 306

192.168.0.255 255.255.255.255 On-link 192.168.0.139 306

224.0.0.0 240.0.0.0 On-link 127.0.0.1 331

224.0.0.0 240.0.0.0 On-link 192.168.0.139 306

255.255.255.255 255.255.255.255 On-link 127.0.0.1 331

255.255.255.255 255.255.255.255 On-link 192.168.0.139 306

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 331 ::1/128 On-link

8 306 fe80::/64 On-link

8 306 fe80::d0b0:abab:3cf9:9f1e/128

On-link

1 331 ff00::/8 On-link

8 306 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)

Catalog5 04 C:\WINDOWS\SysWOW64\wshbth.dll [75776] (Microsoft Corporation)

Catalog5 05 C:\WINDOWS\SysWOW64\NLAapi.dll [71168] (Microsoft Corporation)

Catalog5 06 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog5 07 C:\WINDOWS\SysWOW64\winrnr.dll [34304] (Microsoft Corporation)

Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)

Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [329144] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [70144] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [89088] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [89088] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\wshbth.dll [100352] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\NLAapi.dll [97280] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog5 07 C:\Windows\System32\winrnr.dll [49152] (Microsoft Corporation)

x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 13 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

x64-Catalog9 14 C:\Windows\System32\mswsock.dll [424216] (Microsoft Corporation)

========================= Devices: ================================

**** End of log ****

#6 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
60,691 posts
ONLINE

Gender:Male
Location:California
Local time:08:31 PM

Posted 02 June 2025 - 09:17 AM

Thank you.

Please download and install the updated drivers for your Wireless device from here. Right click on the downloaded vnvw060f409fa0.exe file, select Run as administrator then follow the instructions. Let me know the results.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.[/b]
John 6:68-69

#7 vogom95746

Topic Starter

Members
17 posts
ONLINE

Local time:09:31 PM

Posted 02 June 2025 - 08:08 PM

Hi Oh My! I've installed the driver.

#8 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
60,691 posts
ONLINE

Gender:Male
Location:California
Local time:08:31 PM

Posted 02 June 2025 - 08:28 PM

Make sure you have rebooted the computer then let me know if the symptoms persist.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.[/b]
John 6:68-69

#9 vogom95746

Topic Starter

Members
17 posts
ONLINE

Local time:09:31 PM

Posted 02 June 2025 - 08:44 PM

On restart, same symptoms persist

Wifi wouldn't connect, the fan was running full speed, task manager would open but not close and stop responding. On reboot, after about 5+ minutes on the restarting screen, I got a BSOD with stop code DRIVER POWER STATE FAILURE. Then the computer turned off and back on. I'm now able to quickly get on wifi and respond. The computer fan is still maxed.

Edited by vogom95746, 02 June 2025 - 08:49 PM.

#10 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
60,691 posts
ONLINE

Gender:Male
Location:California
Local time:08:31 PM

Posted 03 June 2025 - 12:24 PM

Please do this.

===================================================

Farbar Recovery Scan Tool

--------------------

Note: This process will take approximately one minute to complete

Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time
Note: There is no need to paste the information, FRST will handle that for you

Start::
cmd: powercfg.exe /energy
Zip: C:\Windows\Minidump
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
An energy-report.html file will be placed on your Desktop. Zip and upload the file here
The tool will create a zipped folder on the Desktop with today's date. Please upload the file here.

Fixlog
Uploaded zip folders

Edited by Oh My!, 03 June 2025 - 12:27 PM.
Changed instructions

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.[/b]
John 6:68-69

#11 vogom95746

Topic Starter

Members
17 posts
ONLINE

Local time:09:31 PM

Posted 03 June 2025 - 08:14 PM

Hello Oh My!

The computer is struggling to work now. It took about a handful of restarts for it to finally connect to the internet. Below is the fix log and the zip files have been uploaded. Thank you!

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-06-2025

Ran by admin (03-06-2025 19:10:20) Run:2

Running from C:\Users\admin\Desktop

Loaded Profiles: admin

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start::

cmd: powercfg.exe /energy

Zip: C:\Windows\Minidump

End::

*****************

========= powercfg.exe /energy =========

Enabling tracing for 60 seconds...

Observing system behavior...

Analyzing trace data...

Analysis complete.

Energy efficiency problems were found.

1 Errors

4 Warnings

40 Informational

See C:\Users\admin\Desktop\energy-report.html for more details.

========= End of CMD: =========

================== Zip: ===================

C:\Windows\Minidump -> copied successfully to C:\Users\admin\Desktop\03.06.2025_19.11.33.zip

=========== Zip: End ===========

==== End of Fixlog 19:11:34 ====

#12 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
60,691 posts
ONLINE

Gender:Male
Location:California
Local time:08:31 PM

Posted 03 June 2025 - 08:54 PM

Thank you.

I will be reviewing the information.

If you don't have your BitLocker Recovery Key information, or don't know what that is, please attempt to obtain it following the How to find your BitLocker recovery key instructions.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.[/b]
John 6:68-69

#13 vogom95746

Topic Starter

Members
17 posts
ONLINE

Local time:09:31 PM

Posted 03 June 2025 - 08:59 PM

I have my bitlocker recovery key saved off of the computer. I've had this saved as I have so far been unsuccessful at booting into safe mode. I thought that may help, but it haven't been able to get into safe mode yet. I think it might be because of the BSOD that happens on restarts.

#14 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
60,691 posts
ONLINE

Gender:Male
Location:California
Local time:08:31 PM

Posted 03 June 2025 - 09:18 PM

Thank you.

Thanks for the BitLocker information. Just wanted to determine some of the options we may or may not have.

I think I have some actionable information in the reports but I need to determine how best to address it. It will involve some testing on my end but I won't get to that until tomorrow.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.[/b]
John 6:68-69

#15 vogom95746

Topic Starter

Members
17 posts
ONLINE

Local time:09:31 PM

Posted 03 June 2025 - 09:26 PM

Ok, thank you for your help Oh My! I truly appreciate it! I will check back in tomorrow. Hopefully we can make some progress tomorrow.

Back to Virus, Trojan, Spyware, and Malware Removal Help · Next Unread Topic →

5 user(s) are reading this topic

0 members, 5 guests, 0 anonymous users

Computer hangs, fan runs high, no network connection

#1 vogom95746

Attached Files

BC AdBot (Login to Remove)

#2 Oh My!

#3 vogom95746

#4 Oh My!

#5 vogom95746

#6 Oh My!

#7 vogom95746

#8 Oh My!

#9 vogom95746

#10 Oh My!

#11 vogom95746

#12 Oh My!

#13 vogom95746

#14 Oh My!

#15 vogom95746

5 user(s) are reading this topic

Sign In