Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by WPA (20-09-2022 11:50:05)
Running from C:UsersWPADesktop
Microsoft Windows 10 Pro Version 21H2 19044.2006 (X64) (2022-09-09 13:33:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3801593838-3895337698-2179983867-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-3801593838-3895337698-2179983867-503 – Limited – Disabled)
Guest (S-1-5-21-3801593838-3895337698-2179983867-501 – Limited – Disabled)
WDAGUtilityAccount (S-1-5-21-3801593838-3895337698-2179983867-504 – Limited – Disabled)
WPA (S-1-5-21-3801593838-3895337698-2179983867-1001 – Administrator – Enabled) => C:UsersWPA
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Clean Your Device (HKLM-x32…{DD167096-6F6D-4250-B94E-6CE26EE8C409}_is1) (Version: 2.00.0001 – Lenovo)
Cloudflare WARP (HKLM…{E4626AE8-577A-4CF1-BD66-1D8329A4A087}) (Version: 22.8.857.0 – Cloudflare, Inc.)
Lenovo Vantage Service (HKLM-x32…VantageSRV_is1) (Version: 3.13.14.0 – Lenovo Group Ltd.)
Microsoft 365 – en-us (HKLM…O365HomePremRetail – en-us) (Version: 16.0.15128.20246 – Microsoft Corporation)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 105.0.1343.42 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) – 14.13.26020 (HKLM-x32…{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 – Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) – 14.13.26020 (HKLM-x32…{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 – Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime – 14.13.26020 (HKLM…{C5ECDB9A-D9B0-3107-BA85-1269998A5B3E}) (Version: 14.13.26020 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime – 14.13.26020 (HKLM…{221D6DB4-46E2-333C-B09B-5F49351D0980}) (Version: 14.13.26020 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime – 14.13.26020 (HKLM-x32…{895D5198-C5DB-375E-86AB-133F4DAA9FE2}) (Version: 14.13.26020 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime – 14.13.26020 (HKLM-x32…{8F271F6C-6E7B-3D0A-951B-6E7B694D78BD}) (Version: 14.13.26020 – Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM…Mozilla Firefox 104.0.2 (x64 en-US)) (Version: 104.0.2 – Mozilla)
Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 104.0.2 – Mozilla)
NVIDIA FrameView SDK 1.2.4999.30397803 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.4999.30397803 – NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.123 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.123 – NVIDIA Corporation)
NVIDIA Graphics Driver 472.91 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.91 – NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 – NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 – NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20146 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20246 – Microsoft Corporation) Hidden
Windows PC Health Check (HKLM…{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 – Microsoft Corporation)
Packages:
=========
AV1 Video Extension -> C:Program FilesWindowsAppsMicrosoft.AV1VideoExtension_1.1.30781.0_x64__8wekyb3d8bbwe [2022-09-13] (Microsoft Corporation)
Dolby Access -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-09-13] (Dolby Laboratories)
ELAN TrackPoint for Thinkpad -> C:Program FilesWindowsAppsELANMicroelectronicsCorpo.ELANTrackPointforThinkpa_24.121.18.0_x64__stws0m115j6hg [2022-09-13] (ELAN Microelectronics Corporation)
Intel® Graphics Command Center -> C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-09-20] (INTEL CORP) [Startup Task]
Lenovo Commercial Vantage -> C:Program FilesWindowsAppsE046963F.LenovoSettingsforEnterprise_10.2202.11.0_x64__k1h2ywk1493x8 [2022-09-13] (LENOVO INC.)
Mail and Calendar -> C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2022-09-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2022-09-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2022-09-13] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2022-09-13] (Microsoft Corporation)
MSN Weather -> C:Program FilesWindowsAppsMicrosoft.BingWeather_4.37.21681.0_x64__8wekyb3d8bbwe [2022-09-13] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-09-14] (NVIDIA Corp.)
PrebootManager -> C:Program FilesWindowsAppsSynapticsIncorporated.SynapticsUtilities_1.1.14.0_x64__807d65c4rvak2 [2022-09-13] (Synaptics Incorporated)
Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.36.273.0_x64__dt26b99r8h8gj [2022-09-13] (Realtek Semiconductor Corp)
Thunderbolt™ Control Center -> C:Program FilesWindowsAppsAppUp.ThunderboltControlCenter_1.0.34.0_x64__8j3eq9eme6ctt [2022-09-13] (INTEL CORP)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-3801593838-3895337698-2179983867-1001_ClassesCLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}InprocServer32 -> C:UsersWPAAppDataLocalMicrosoftOneDrive19.043.0304.0013amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-3801593838-3895337698-2179983867-1001_ClassesCLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}InprocServer32 -> C:UsersWPAAppDataLocalMicrosoftOneDrive19.043.0304.0013amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-3801593838-3895337698-2179983867-1001_ClassesCLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}InprocServer32 -> C:UsersWPAAppDataLocalMicrosoftOneDrive19.043.0304.0013amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-3801593838-3895337698-2179983867-1001_ClassesCLSID{f9517764-05a4-a748-620a-95087d06a241}localserver32 -> C:Program FilesCloudflareCloudflare WARPCloudflare WARP.exe (Cloudflare, Inc. -> Cloudflare)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WindowsSystem32DriverStoreFileRepositorynvlt.inf_amd64_fcb016f0b5ea7e41nvshext.dll [2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-09-09 12:49 – 2022-09-09 12:49 – 000139264 _____ () [File not signed] C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220DAXRPCClient.dll
2022-09-09 12:49 – 2022-09-09 12:50 – 049436160 _____ () [File not signed] C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220DolbyAccess.dll
2022-09-09 12:49 – 2022-09-09 12:49 – 001165824 _____ () [File not signed] C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220e_sqlite3.dll
2022-09-14 01:10 – 2022-09-14 01:10 – 001646080 _____ () [File not signed] C:UsersWPAAppDataLocalTemp.netCloudflare WARPp0wGE_eiFKXZu0rVtvD1YkbIajV7KYA=e_sqlite3.DLL
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 02:14 – 2019-12-07 02:12 – 000000824 _____ C:Windowssystem32driversetchosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKUS-1-5-21-3801593838-3895337698-2179983867-1001Control PanelDesktop\Wallpaper ->
DNS Servers: 127.0.2.2 – 127.0.2.3
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM…StartupApprovedRun: => “Logitech Download Assistant”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{A57C74E6-698D-4C18-999C-215EC2E64837}C:program files (x86)microsoftedgeapplicationmsedge.exe] => (Block) C:program files (x86)microsoftedgeapplicationmsedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{756BBBDD-66E2-4EC0-95BF-86B5CCAD4458}C:program files (x86)microsoftedgeapplicationmsedge.exe] => (Block) C:program files (x86)microsoftedgeapplicationmsedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{433039A2-3729-497A-BDC9-82FBDDDCFF9C}] => (Allow) C:Program FilesCloudflareCloudflare WARPwarp-svc.exe (Cloudflare, Inc. -> )
==================== Restore Points =========================
12-09-2022 09:09:00 Scheduled Checkpoint
13-09-2022 12:20:42 Windows Modules Installer
13-09-2022 14:07:20 Restore Operation
14-09-2022 00:49:09 CleanStart
20-09-2022 09:56:51 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/20/2022 10:05:26 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (09/20/2022 10:05:26 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (09/20/2022 10:05:26 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (09/20/2022 09:57:26 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (09/20/2022 09:57:26 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (09/20/2022 09:51:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (09/20/2022 09:51:07 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (09/14/2022 01:15:42 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
System errors:
=============
Error: (09/20/2022 10:35:37 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: LAPTOP-TG070872)
Description: Cannot uninstall language pack for en-GB because it’s not installed.
Error: (09/20/2022 10:22:25 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: NT AUTHORITY)
Description: Cannot uninstall language pack for en-GB because it’s not installed.
Error: (09/20/2022 09:48:13 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {9b40d6c7-1ab3-4ee7-8e8e-b29a13dae3eb}, had event 74
Error: (09/14/2022 01:14:18 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: LAPTOP-TG070872)
Description: Cannot uninstall language pack for en-GB because it’s not installed.
Error: (09/14/2022 01:06:58 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} did not register with DCOM within the required timeout.
Error: (09/13/2022 02:21:02 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: LAPTOP-TG070872)
Description: Cannot uninstall language pack for en-GB because it’s not installed.
Error: (09/13/2022 02:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly. It has done this 1 time(s).
Error: (09/13/2022 02:03:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Universal Device Client Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Windows Defender:
================
Date: 2022-09-14 01:13:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-09-13 19:37:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2022-09-13 13:55:48
Description:
Controlled Folder Access blocked C:Program Files (x86)IntelDriver and Support AssistantDSAService.exe from making changes to memory.
Detection time: 2022-09-13T20:55:48.280Z
Path: DeviceHarddisk0DR0
Process Name: C:Program Files (x86)IntelDriver and Support AssistantDSAService.exe
Security intelligence Version: 1.375.301.0
Engine Version: 1.1.19600.3
Product Version: 4.18.2207.7
Date: 2022-09-13 12:03:09
Description:
Controlled Folder Access blocked C:Program FilesLenovoLenovo Diagnostics ToolLenovoDiagnostics.exe from making changes to memory.
Detection time: 2022-09-13T19:03:09.811Z
Path: DeviceHarddisk0DR0
Process Name: C:Program FilesLenovoLenovo Diagnostics ToolLenovoDiagnostics.exe
Security intelligence Version: 1.375.292.0
Engine Version: 1.1.19600.3
Product Version: 4.18.2207.7
Date: 2022-09-13 11:19:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2022-09-14 01:01:13
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.375.292.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19600.3
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2022-09-13 14:10:32
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Date: 2022-09-09 07:51:56
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2022-09-20 11:42:51
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3ProgramDataMicrosoftWindows DefenderPlatform4.18.2207.7-0MsMpEng.exe) attempted to load DeviceHarddiskVolume3WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_e9276af2de12d54eigd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-20 10:22:18
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3ProgramDataMicrosoftWindows DefenderPlatform4.18.2207.7-0MsMpEng.exe) attempted to load DeviceHarddiskVolume3Program FilesMicrosoft OfficerootvfsProgramFilesCommonX64Microsoft SharedOFFICE16MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO N40ET37W (1.19 ) 08/26/2022
Motherboard: LENOVO 20Y50016US
Processor: 11th Gen Intel® Core i7-11800H @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 16103.05 MB
Available physical RAM: 9110.12 MB
Total Virtual: 18535.05 MB
Available Virtual: 8690 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:474.72 GB) (Free:386.83 GB) (Model: SAMSUNG MZVL2512HCJQ-00BL7) (Protected) NTFS
\?Volume{4431ddfe-7506-4133-9f89-027a0d3fe600} (WinRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.31 GB) NTFS
\?Volume{6c332845-65ed-4b9e-815a-ee04b0d80852} (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 7EDA8A13)
Partition: GPT.
==================== End of Addition.txt =======================
Source: https://www.bleepingcomputer.com/forums/t/777295/new-lenovo-x1-extreme-suspected-malware/