Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
Ran by eytan (03-05-2022 13:38:59)
Running from C:\Users\eytan\Downloads
Microsoft Windows 10 Home Version 21H2 19044.1645 (X64) (2021-04-19 22:57:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrateur (S-1-5-21-858394339-3323934644-574242159-500 - Administrator - Disabled)
ariel (S-1-5-21-858394339-3323934644-574242159-1005 - Administrator - Enabled) => C:\Users\ariel
DefaultAccount (S-1-5-21-858394339-3323934644-574242159-503 - Limited - Disabled)
eytan (S-1-5-21-858394339-3323934644-574242159-1002 - Administrator - Enabled) => C:\Users\eytan
Invité (S-1-5-21-858394339-3323934644-574242159-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-858394339-3323934644-574242159-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Protection antivirus et antispyware McAfee (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Pare-feu McAfee (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1036-1033-7760-BC15014EA700}) (Version: 22.001.20117 - Adobe)
CCSDK Customer Engagement Service (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.3.0.3 - Lenovo)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-858394339-3323934644-574242159-1002\...\Discord) (Version: 0.0.310 - Discord Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{27DBA722-5298-4184-9535-C529EDF3C82D}) (Version: 0.7.1.56 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{82C288CC-A96D-43E3-9119-944DABF5DD61}) (Version: 0.8.0.74 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{9207D68E-666A-49C7-A900-9F5B2FF289E4}) (Version: 0.8.0.71 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{C55DB969-8BE0-4D7F-BF27-B8D316D944D6}) (Version: 0.7.1.59 - Dolby Laboratories, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC)
Grammarly (HKU\S-1-5-21-858394339-3323934644-574242159-1002\...\GrammarlyForWindows) (Version: 1.5.78 - Grammarly)
Intel(R) Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4471 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{0428043f-27ec-40b2-bc80-34281b019425}) (Version: 18.40.3 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Latis version 5.0.5.30 (HKLM-x32\...\{0697EBAD-DC65-4345-A543-08D37440D59A}_is1) (Version: 5.0.5.30 - EUROSMART S.A.S)
Lenovo App Explorer (HKU\S-1-5-21-858394339-3323934644-574242159-1002\...\Host App Service) (Version: 0.273.4.369 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-858394339-3323934644-574242159-1005\...\Host App Service) (Version: 0.273.4.369 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.5222.01 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.054.00 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.12.13.0 - Lenovo Group Ltd.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Lunar Client (HKU\S-1-5-21-858394339-3323934644-574242159-1002\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.9.3 - Moonsworth, LLC)
Malwarebytes version 4.5.8.191 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.8.191 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 101.0.1210.32 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 101.0.1210.32 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-858394339-3323934644-574242159-1005\...\OneDriveSetup.exe) (Version: 22.077.0410.0007 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-858394339-3323934644-574242159-1005\...\Teams) (Version: 1.5.00.8070 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft)
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 fr) (HKLM\...\Mozilla Firefox 99.0.1 (x64 fr)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0.1 - Mozilla)
PC Cleaner v8.3.0.12 (HKLM-x32\...\PC Cleaner_is1) (Version: 8.3.0.12 - PC Helpsoft) <==== ATTENTION
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.339.322 - VoiceFive, Inc.) <==== ATTENTION
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
RestMinder version 1.0.0.1 (HKU\S-1-5-21-858394339-3323934644-574242159-1005\...\{F481E04A-B87F-46D3-8FC5-A3440DE071C9}_is1) (Version: 1.0.0.1 - RestMinder)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
T21 Wired Gaming Mouse(PC278) (HKLM-x32\...\{BC094C1E-EA13-404E-BA82-8438153F185D}_is1) (Version: 1.0.4 - )
Telegram Desktop (HKU\S-1-5-21-858394339-3323934644-574242159-1005\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.0.1 - Telegram FZ-LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.697 - McAfee, LLC)
WhatsApp (HKU\S-1-5-21-858394339-3323934644-574242159-1005\...\WhatsApp) (Version: 2.2134.10 - WhatsApp)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinZip 26.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}) (Version: 26.0.15033 - Corel Corporation)
Zoom (HKU\S-1-5-21-858394339-3323934644-574242159-1002\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-858394339-3323934644-574242159-1005\...\ZoomUMX) (Version: 5.10.0 (4306) - Zoom Video Communications, Inc.)

Packages:
=========
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_5.30.220.0_x86__q7m17pa7q8kj0 [2022-04-29] (Deezer SA)
Lenovo Account Portal -> C:\Program Files\WindowsApps\lenovocorporation.lenovoid_2.0.37.0_x86__4642shxvsv8s2 [2021-09-02] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2022-04-12] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2204.14.0_x64__k1h2ywk1493x8 [2022-04-28] (LENOVO INC.)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.7.0_x64__8wekyb3d8bbwe [2022-04-23] (Microsoft Studios)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-13] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0 [2022-04-29] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-858394339-3323934644-574242159-1005_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\ariel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22062.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-03] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-03] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-03] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers1_S-1-5-21-858394339-3323934644-574242159-1005: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-858394339-3323934644-574242159-1005: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-858394339-3323934644-574242159-1005: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-04-21 21:04 - 2021-09-06 12:55 - 000033792 _____ () [File not signed] [File is in use] C:\Users\ariel\AppData\Local\Programs\RestMinder\Gh.Common.dll
2022-04-21 21:04 - 2021-09-06 10:18 - 012201136 _____ () [File not signed] C:\Users\ariel\AppData\Local\Programs\RestMinder\sdk.dll
2022-04-21 19:04 - 2021-05-13 00:40 - 000398848 _____ () [File not signed] C:\Users\ariel\AppData\Roaming\Bloom\libegl.dll
2022-04-21 19:04 - 2021-05-13 00:40 - 008204288 _____ () [File not signed] C:\Users\ariel\AppData\Roaming\Bloom\libglesv2.dll
2022-02-14 20:15 - 2022-02-14 20:15 - 000365056 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\27ababc60357a5904ca3ce73e9e780d2\Interop.CxHDAudioAPILib.ni.dll
2022-02-14 20:15 - 2022-02-14 20:15 - 000018944 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxUtilSvcLib\ce440403c28b3000d9873a046cf032cc\Interop.CxUtilSvcLib.ni.dll
2020-10-22 02:27 - 2016-07-14 09:58 - 001155072 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll
2022-04-21 21:04 - 2021-06-16 14:44 - 000117248 _____ (Countly) [File not signed] [File is in use] C:\Users\ariel\AppData\Local\Programs\RestMinder\Countly.dll
2022-04-21 21:04 - 2018-01-10 14:34 - 000024064 _____ (Daniel Grunwald, Omer Mor, Alex Davies, jnm2) [File not signed] [File is in use] C:\Users\ariel\AppData\Local\Programs\RestMinder\AsyncBridge.Net35.dll
2022-04-21 19:05 - 2021-12-26 16:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-04-21 21:04 - 2018-03-24 18:44 - 000475136 _____ (Newtonsoft) [File not signed] [File is in use] C:\Users\ariel\AppData\Local\Programs\RestMinder\Newtonsoft.Json.dll
2022-04-21 21:04 - 2018-05-11 09:52 - 000074240 _____ (Sentry) [File not signed] [File is in use] C:\Users\ariel\AppData\Local\Programs\RestMinder\SharpRaven.dll
2022-04-21 19:04 - 2021-05-13 00:40 - 001748992 _____ (The NW.js Community) [File not signed] C:\Users\ariel\AppData\Roaming\Bloom\ffmpeg.dll
2022-04-21 19:04 - 2021-05-13 00:40 - 012326912 _____ (The NW.js Community) [File not signed] C:\Users\ariel\AppData\Roaming\Bloom\node.dll
2022-04-21 19:04 - 2021-05-13 00:40 - 141624320 _____ (The NW.js Community) [File not signed] C:\Users\ariel\AppData\Roaming\Bloom\nw.dll
2022-04-21 19:04 - 2021-05-13 00:40 - 000914944 _____ (The NW.js Community) [File not signed] C:\Users\ariel\AppData\Roaming\Bloom\nw_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ariel\Downloads\file: valiant.hearts.the.great.war .lnk [2182]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-858394339-3323934644-574242159-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-858394339-3323934644-574242159-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-858394339-3323934644-574242159-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-11-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-04-22] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-04-22] (McAfee, LLC -> McAfee, LLC)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-858394339-3323934644-574242159-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\eytan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
HKU\S-1-5-21-858394339-3323934644-574242159-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "DAX2_APP"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run: => "CLVirtualDrive"
HKU\S-1-5-21-858394339-3323934644-574242159-1002\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0DD6AAF5-FFC0-4952-8FAF-412666435ADD}] => (Allow) C:\Users\eytan\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{61403CE1-C58F-4004-83F3-9EFA09AD60C7}] => (Allow) C:\Users\eytan\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{10462CE0-3122-4271-8239-55EC8D88275C}] => (Allow) C:\Users\eytan\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{46B904EF-7FCC-49FE-9E29-0F237F0AEA66}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2EAA5D5A-54EB-472E-8374-D799F1B34953}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File
FirewallRules: [{FC19B8F6-0802-40DD-864B-9DD63CDBB935}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{39740FDC-6F00-4C23-A73B-61E62654A7E0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{6A1B9790-7E55-4A2F-BA4B-F48FF3FC0C69}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{14D851BF-0F41-4AD2-BFAA-5BAC7B10F48B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{5D03F663-CF3F-4923-8C03-84604BEC32F0}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3833608C-4D07-4F6C-813B-C8359E0253C6}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe => No File
FirewallRules: [{CC1C50B2-323D-409D-A650-7D4CD9C8E7EF}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{56601AD9-1B2E-4D7D-B203-8CF0759D4173}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{92917A4C-A159-43F4-A818-B00F906503D8}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [{9BB18993-4042-43CC-833D-64FA5C1C1693}] => (Allow) LPort=1900
FirewallRules: [{84A03A92-B926-4F3E-8C92-FFB41AE6B045}] => (Allow) LPort=2869
FirewallRules: [{5DF9D7F7-7730-4F71-9C86-03DA68EE0D28}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9DFF0628-20D5-493C-8AAA-249A30F12901}] => (Allow) C:\Users\sjs18\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{2492ED4E-66EC-49F0-82C3-05D821DCBC3F}] => (Allow) C:\Users\sjs18\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{7532C536-89CF-453C-942D-90C71509B38B}] => (Allow) C:\Users\sjs18\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{A59834E4-8972-4324-AE12-C868230F1B36}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FF29D622-4054-4543-ADAC-205AE1B0FC11}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe => No File
FirewallRules: [{058AF1E6-2E8A-4B56-82CE-DE671AC911DD}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{0031E685-418C-4375-AB01-78642BB8FB39}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{BFBC4FE0-786D-4284-A339-C9FDF686066D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PowerWash Simulator\PowerWashSimulator.exe () [File not signed]
FirewallRules: [{B490441B-A61B-4F35-9ED1-9316DA7F0D9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PowerWash Simulator\PowerWashSimulator.exe () [File not signed]
FirewallRules: [TCP Query User{7CBFFCE9-257B-4967-AB4C-E633829E459C}C:\users\ariel\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\ariel\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{49EB1BA1-CFAD-46EF-B24A-A2D5CD74497B}C:\users\ariel\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\ariel\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C164FA84-6BB9-47C4-929D-592D4BF53729}C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe => No File
FirewallRules: [UDP Query User{0ADC0237-9CE5-4C21-9522-19E768B34167}C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7D3BC1EA-6DC5-43B1-A624-3504F2D9B757}C:\users\eytan\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\eytan\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{49D5C9E2-1D30-4FA0-8001-C16E76F1612C}C:\users\eytan\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\eytan\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{DB559FD6-135D-405F-8913-F5BAB9FB2EE5}C:\users\eytan\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\users\eytan\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{AA4036CA-7F42-414E-83F8-61906EDD95AD}C:\users\eytan\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\users\eytan\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [{7A48E492-CFFC-46F0-8C5E-06D1D4D9C34F}] => (Allow) C:\Users\ariel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6C523A93-EC01-488E-9A76-7F30FD573357}] => (Allow) C:\Users\ariel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{FE96FFF8-5B26-4757-B264-7729E5128C5B}] => (Allow) C:\Users\ariel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A7944D3D-1942-4914-8DEB-199C65C7C2E1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BC00BF06-74DE-46C6-9C31-0C1005754772}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe () [File not signed]
FirewallRules: [{54440A78-92E5-4727-93FA-6B81EAD887C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe () [File not signed]
FirewallRules: [{254CEDE6-02ED-465B-8AD7-8ABBD2B29CF4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D475C8B2-41A5-4120-8AC4-D419C15B0174}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E6103A65-319D-4067-986B-881EDD2C935E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1623B2D-899C-4035-A3F0-B2F96AD4E645}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F5EA6511-FFFC-4370-A29C-A92006ED1E5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8AEE40BF-B9CB-4ED8-9B14-731554D666DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C03992F0-ABA0-4296-9697-09AD082A2902}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D897B30D-407C-412D-BE64-A1058CEA9A4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{05EAAD49-CC09-489D-8BFB-9DAE0D3F35CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{790BF773-1CEC-4B6E-A150-A923711F64C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6E369547-7519-49F2-BAA8-99716C869951}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7AF69BD9-7E83-477F-8CA2-F735D895D4A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{72709A89-0DA6-4440-95B4-FC8545BC57FE}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe (VOICEFIVE, INC. -> VoiceFive, Inc.)
FirewallRules: [{81A8C921-0119-4707-B3A4-14BDA0099E58}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe (VOICEFIVE, INC. -> VoiceFive, Inc.)
FirewallRules: [{26CF7909-14B0-4EB6-A6B2-92FAD684B0BE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\101.0.1210.32\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{292A05A6-39DB-451C-9230-E9683E6DC4C0}] => (Allow) C:\Users\eytan\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe (Insecure.Org) [File not signed]

==================== Restore Points =========================

29-04-2022 21:37:26 Scheduled Checkpoint
02-05-2022 19:43:54 WinZip 26.0 supprimé.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/03/2022 12:45:44 AM) (Source: ESENT) (EventID: 104) (User: )
Description: svchost (4140,T,97) SRUJet: The database engine stopped the instance (0) with error (-1090).



Internal Timing Sequence:
[1] 0.000027 +J(0)
[2] 0.036242 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000020 +J(0)
[4] 0.000020 +J(0)
[5] 0.000004 +J(0)
[6] 0.000017 +J(0)
[7] 0.000017 +J(0)
[8] 0.000122 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[9] -
[10] 0.000022 +J(0)
[11] -
[12] 0.000052 +J(0) +M(C:0K, Fs:1, WS:0K # 0K, PF:-4K # 0K, P:-4K)
[13] 0.004561 +J(0)
[14] 0.000111 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-12K # 0K, P:-12K)
[15] 0.000022 +J(0).

Error: (05/03/2022 12:43:44 AM) (Source: ESENT) (EventID: 470) (User: )
Description: svchost (4140,D,50) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat is partially attached. Attachment stage: 1. Error: -1011.

Error: (05/03/2022 12:43:43 AM) (Source: ESENT) (EventID: 635) (User: )
Description: svchost (4140,D,50) SRUJet: Failed to attach flush map file "C:\WINDOWS\system32\SRU\SRUDB.jfm" with error -1011.

Error: (05/02/2022 10:42:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2021.21090.10008.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4aec

Start Time: 01d85e190f48fd9b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 42cc049f-9948-4276-a23e-2319bcc911a6

Faulting package full name: Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (05/02/2022 07:45:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MsQuic.

System Error:
Le chargeur de ressources n’a pas pu trouver le fichier MUI.
.

Error: (05/02/2022 06:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pmropn.exe, version: 1.3.339.322, time stamp: 0x6143daa4
Faulting module name: ntdll.dll, version: 10.0.19041.1566, time stamp: 0xbde09443
Exception code: 0xc0000374
Fault offset: 0x000e6d03
Faulting process id: 0x4f4
Faulting application start time: 0x01d85e4005e61afb
Faulting application path: C:\Program Files (x86)\PremierOpinion\pmropn.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3114534c-aee3-4534-a9b9-8a0cf5413589
Faulting package full name:
Faulting package-relative application ID:

Error: (05/02/2022 11:32:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoMasterWorker.exe, version: 5.0.0.0, time stamp: 0x5719e53b
Faulting module name: gdiplus.dll, version: 10.0.19041.1645, time stamp: 0x01e71229
Exception code: 0xc0000005
Fault offset: 0x00075470
Faulting process id: 0x2978
Faulting application start time: 0x01d85e0761527600
Faulting application path: C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe
Faulting module path: C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1645_none_d94fdd3fe105c111\gdiplus.dll
Report Id: 0e40f556-86a2-434a-a4e3-8a74ac84b87a
Faulting package full name:
Faulting package-relative application ID:

Error: (05/02/2022 11:27:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.19041.1566, time stamp: 0x1f37eb46
Faulting module name: combase.dll, version: 10.0.19041.1566, time stamp: 0xf865610e
Exception code: 0xc0000005
Fault offset: 0x00000000000d1418
Faulting process id: 0x2038
Faulting application start time: 0x01d85e06856cf944
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 5e279596-ab00-42f2-add9-c8470df7c027
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (05/03/2022 01:23:43 PM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)

Error: (05/03/2022 01:23:43 PM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)

Error: (05/03/2022 01:14:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (05/03/2022 01:14:02 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VNTKIN5)
Description: The server Microsoft.Windows.Search_1.14.4.19041_neutral_neutral_cw5n1h2txyewy!ShellFeedsUI.AppXfbff151h5bmghg166fvn34ccayg70vts.mca did not register with DCOM within the required timeout.

Error: (05/03/2022 01:13:59 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-9VNTKIN5)
Description: DCOM got error "1053" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{659CDEA7-489E-11D9-A9CD-000D56965251}

Error: (05/03/2022 01:13:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Background Intelligent Transfer Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/03/2022 01:13:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Background Intelligent Transfer Service service to connect.

Error: (05/03/2022 12:43:29 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-05-03 13:38:27
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Uwamson.A!ml&threatid=250070&enterprise=0
Name: Program:Win32/Uwamson.A!ml
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\ariel\Downloads\PokemonColosseum.iso.iso
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\eytan\Downloads\FRST64.exe
Security intelligence Version: AV: 1.363.1302.0, AS: 1.363.1302.0, NIS: 1.363.1302.0
Engine Version: AM: 1.1.19200.5, NIS: 1.1.19200.5

Date: 2022-05-02 18:52:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-30 15:06:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-29 15:51:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-28 20:03:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-04-27 17:49:13
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.363.909.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.5
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-04-19 12:42:11
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.363.621.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19100.5
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-04-18 22:25:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.363.577.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19100.5
Error code: 0x80240022
Error description: The program can't check for definition updates.

CodeIntegrity:
===============
Date: 2022-05-03 13:20:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2022-05-03 13:14:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-05-02 18:51:33
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 3JCN19WW 08/10/2016
Motherboard: LENOVO Torronto 5C3
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 8092.13 MB
Available physical RAM: 2623.06 MB
Total Virtual: 32668.13 MB
Available Virtual: 24739.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:891.2 GB) (Free:760.02 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.01 GB) NTFS
Drive g: (CDROM) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS

\\?\Volume{687fb7c7-fc83-43b8-9778-cda9fa52ef22}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{745c4525-2e3a-4408-b3bb-e0ecac984422}\ (LENOVO_PART) (Fixed) (Total:13.09 GB) (Free:1.61 GB) NTFS
\\?\Volume{74afec9c-703f-489d-a73e-cdfde20dcac4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 02AE9677)

Partition: GPT.

==================== End of Addition.txt =======================