Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problem starting StartupCheckLibrary.dll specified module could not be

dll missing RunDLL

  • Please log in to reply

#1
Sonal8

Sonal8

    New Member

  • Member
  • Pip
  • 6 posts

I am having a RunDLL error at startup that says "Problem starting StartupCheckLibrary.dll, specified module could not be found".

I have noticed several other users with similar problems, such as http://www.geekstogo...arydll-missing/

I am having the same issue where the dialog box with the same error as the other user appears. I have tried to resolve the issue for hours now on my own, using several other programs, but to no avail.

Can anyone help?

I had a similar issue with the error winscommrssrv.dll, but I was able to solve it. Now, only this one is left.

I have attached the FRST and Addition files.

Thanks in advance.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020
Ran by richa (administrator) on LAPTOP-VTU1GR64 (LENOVO 81FB) (28-02-2020 15:31:38)
Running from C:\Users\richa\Downloads
Loaded Profiles: richa (Available Profiles: richa)
Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository̶591.inf_amd64_974f1e7a49faae75\B336476\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository̶591.inf_amd64_974f1e7a49faae75\B336476\atiesrxx.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\richa\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.4.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_19_9\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.3.122.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MQS\QcShm.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(TEFINCOM S.A. -> NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [816176 2018-09-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260736 2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019CA993-1E20-4FB7-997B-20DA706084D3} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-02-11] (Lenovo -> )
Task: {0D641EB7-9D3B-46F8-8CA7-0F0BDFC6C57C} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3273800291-2506861472-1276587386-1001 => C:\Users\richa\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [86824 2019-12-18] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {1538444E-0318-41AB-B822-649D6DBFBCFC} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {20A0112F-D6F7-4950-9A47-491BF8211147} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552120 2020-01-06] (McAfee, LLC -> McAfee, LLC.)
Task: {20C773DC-5C85-41EB-9C7C-47EC974480E9} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {2E774FBC-A416-44D0-B432-F22B6A08ADD2} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {3538013C-F424-4359-A667-5F4426E99F17} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {48254913-87A9-410D-9E90-5094A14D7795} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-31] (Dropbox, Inc -> Dropbox, Inc.)
Task: {52146537-4DCA-427A-9591-64C4B6AF8D79} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\03e568d2-7056-4ae0-a661-ee464dbf1627 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {5863D746-48D4-4497-BD7C-1E4E44E8C407} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1040832 2019-11-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {5A5E61DA-8DAD-4A42-B39D-1507A06C9071} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION
Task: {63004B54-5D09-4DB0-AE34-C2A565D09689} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {663A9514-4AAB-4A8C-9AC3-62A3B38C40F6} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [759752 2019-08-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {70998A9E-1708-425F-8168-1ECB5546FE8F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [54144 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {783F3E47-01AB-48D7-94C6-B323205F3081} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2808eaa6-9d8c-43eb-b999-ba9c52be6e59 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {97E57724-176C-493C-A661-462721FCA4BF} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1040832 2019-11-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {980A94B6-C0D3-4FD1-BA9B-373AD21AA22B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6b81137c-83ed-43c8-98a5-712437307654 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {9B9E6193-686E-4721-BA74-1D87DA155E3E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-02-11] (Lenovo -> )
Task: {A3DB3F87-4D7A-4752-A870-44189FF5D82B} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
Task: {CA920EF1-7897-4DED-9376-D69C45493547} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.122\DADUpdater.exe [4144776 2020-01-26] (McAfee, Inc. -> McAfee, LLC.)
Task: {CEE8F25E-456A-40DC-A556-CC80822309DF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-31] (Dropbox, Inc -> Dropbox, Inc.)
Task: {D736337C-1A1B-4EF2-9044-DD739BAEA45F} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {F18D2D0D-0354-4E3D-A07B-5188AF86B3D2} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [63880 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{22fe504c-2a46-4e0e-bbb5-bf64151bea05}: [DhcpNameServer] 150.202.1.2
Tcpip\..\Interfaces\{5b4a8750-c67e-405e-89b2-b5c3989f9086}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3273800291-2506861472-1276587386-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3273800291-2506861472-1276587386-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3273800291-2506861472-1276587386-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-02-24] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-02-24] (McAfee, LLC -> McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2019-12-03] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2019-12-03] (McAfee, LLC. -> McAfee, LLC.)

Edge:
======
DownloadDir: C:\Users\richa\Downloads

FireFox:
========
FF DefaultProfile: m4pktfa2.default
FF ProfilePath: C:\Users\richa\AppData\Roaming\Mozilla\Firefox\Profiles\m4pktfa2.default [2020-02-03]
FF ProfilePath: C:\Users\richa\AppData\Roaming\Mozilla\Firefox\Profiles\aq5mpb3v.default-release [2020-02-28]
FF Homepage: Mozilla\Firefox\Profiles\aq5mpb3v.default-release -> hxxps://weboas.is/
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\richa\AppData\Roaming\Mozilla\Firefox\Profiles\aq5mpb3v.default-release\Extensions\[email protected] [2020-01-04]
FF Extension: (Page Saver WE) - C:\Users\richa\AppData\Roaming\Mozilla\Firefox\Profiles\aq5mpb3v.default-release\Extensions\[email protected] [2020-02-24]
FF Extension: (uBlock Origin) - C:\Users\richa\AppData\Roaming\Mozilla\Firefox\Profiles\aq5mpb3v.default-release\Extensions\[email protected] [2020-02-05]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2019-12-03] (McAfee, LLC. -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2019-12-03] (McAfee, LLC. -> )

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository̶591.inf_amd64_974f1e7a49faae75\B336476\atiesrxx.exe [516720 2018-12-04] (Advanced Micro Devices, Inc. -> AMD)
R2 AtherosSvc; C:\Windows\System32\drivers\AdminService.exe [409176 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-31] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-12-31] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44552 2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 DolbyDAXAPI; C:\Windows\system32\dolbyaposvc\DAX3API.exe [602632 2018-08-26] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\Windows\System32\FMService64.exe [306040 2018-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [77208 2019-09-23] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [16648 2019-12-04] (Lenovo -> Lenovo Group Ltd.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [920656 2020-02-24] (McAfee, LLC -> McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_19_9\McApExe.exe [748040 2019-11-20] (McAfee, LLC. -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.3.122.0\\McCSPServiceHost.exe [2685776 2019-10-31] (McAfee, LLC. -> McAfee, LLC.)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [638536 2019-11-08] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [638536 2019-11-08] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [638536 2019-11-08] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1731616 2019-11-14] (McAfee, LLC -> McAfee, LLC.)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [234528 2020-02-28] (TEFINCOM S.A. -> )
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1373912 2020-02-03] (McAfee, LLC. -> McAfee, LLC.)
R2 QcomWlanSrv; C:\Windows\System32\drivers\QcomWlanSrvx64.exe [191440 2018-09-26] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [816176 2018-09-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2020-01-03] (Microsoft Corporation -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdacpbus; C:\Windows\System32\drivers\amdacpbus.sys [935544 2018-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdacpksl; C:\Windows\system32\drivers\amdacpksl.sys [359384 2018-09-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34568 2018-11-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\Windows\System32\drivers\amdi2c.sys [54232 2018-10-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository̶591.inf_amd64_974f1e7a49faae75\B336476\atikmdag.sys [47558768 2018-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository̶591.inf_amd64_974f1e7a49faae75\B336476\atikmpag.sys [598120 2018-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137688 2018-10-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [107400 2018-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2018-09-15] (Microsoft Windows -> ASIX Electronics Corp.)
R3 BHTPCRDR; C:\Windows\System32\drivers\bhtpcrdr.sys [174768 2018-10-24] (BayHub Technology Inc. -> BayHubTech/O2Micro )
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75912 2019-11-19] (McAfee, Inc. -> McAfee, LLC)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [522368 2019-11-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [380544 2019-11-19] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85928 2019-11-19] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [517256 2019-11-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [996488 2019-11-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [564144 2019-09-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [107952 2019-09-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116872 2019-11-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252552 2019-11-19] (McAfee, Inc. -> McAfee, LLC)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2358736 2018-09-26] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 TDKLIB; C:\Windows\TEMP\TdkLib64.sys [29688 2020-01-13] (Phoenix Technologies Ltd. -> )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-28 15:31 - 2020-02-28 15:32 - 000023688 _____ C:\Users\richa\Downloads\FRST.txt
2020-02-28 15:31 - 2020-02-28 15:31 - 002279424 _____ (Farbar) C:\Users\richa\Downloads\FRST64.exe
2020-02-28 15:31 - 2020-02-28 15:31 - 000000000 ____D C:\FRST
2020-02-28 15:01 - 2020-02-28 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2020-02-28 15:01 - 2020-02-28 15:01 - 000000000 ____D C:\Program Files (x86)\NordVPN
2020-02-28 14:47 - 2020-02-28 15:00 - 000000150 _____ C:\Windows\Reimage.ini
2020-02-28 14:02 - 2020-02-28 14:02 - 000000000 ____D C:\Windows\TempInst
2020-02-28 10:25 - 2020-02-28 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
2020-02-25 18:29 - 2020-02-25 18:29 - 000000000 ____D C:\Users\richa\AppData\Local\Skyrim
2020-02-25 18:28 - 2020-02-25 18:28 - 000001485 _____ C:\Users\Public\Desktop\Elder Scrolls V Skyrim Legenday Edition.lnk
2020-02-25 18:28 - 2020-02-25 18:28 - 000001485 _____ C:\ProgramData\Desktop\Elder Scrolls V Skyrim Legenday Edition.lnk
2020-02-25 18:28 - 2020-02-25 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2020-02-25 18:10 - 2020-02-25 18:10 - 000000000 ____D C:\Program Files (x86)\Mr DJ
2020-02-25 15:19 - 2020-02-25 17:46 - 000000000 ____D C:\Users\richa\Downloads\TES V Skyrim repack Mr DJ
2020-02-24 10:42 - 2020-02-24 10:42 - 000296615 _____ C:\Users\richa\Desktop\registration_2020.prn
2020-02-21 05:12 - 2020-02-21 05:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-02-19 21:55 - 2020-02-21 05:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-02-19 06:21 - 2020-02-19 06:21 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2020-02-19 06:21 - 2020-02-19 06:21 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2020-02-19 06:21 - 2020-02-19 06:21 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2020-02-19 06:21 - 2020-02-19 06:21 - 000044552 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2020-02-18 15:28 - 2020-02-18 16:24 - 000000000 ____D C:\Users\richa\Downloads\TTC - Cognitive Behavioral Therapy_ Techniques for Retraining Your Brain
2020-02-07 06:51 - 2020-02-24 10:55 - 000000000 ____D C:\Users\richa\Documents\POL [bleep]
2020-02-06 20:04 - 2020-02-06 20:07 - 000000000 ____D C:\Users\richa\Documents\Sims 4 Studio
2020-02-06 19:42 - 2020-02-06 19:42 - 000000000 ____D C:\Users\richa\AppData\Local\Peter_L_Jones,_Keyi_Zhang
2020-02-06 19:36 - 2020-02-06 19:36 - 000000000 ____D C:\Users\richa\AppData\Roaming\Peter L Jones, Keyi Zhang
2020-02-06 19:32 - 2020-02-06 19:32 - 000000000 ____D C:\Users\richa\Documents\Add-in Express
2020-02-06 19:31 - 2020-02-06 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2020-02-06 19:31 - 2020-02-06 19:31 - 000000000 ____D C:\Program Files\7-Zip
2020-02-06 19:30 - 2020-02-06 19:31 - 001451192 _____ (Igor Pavlov) C:\Users\richa\Downloads\7z1902-x64.exe
2020-02-05 17:30 - 2020-02-05 17:30 - 000002070 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk
2020-02-05 17:30 - 2020-02-05 17:30 - 000002070 _____ C:\ProgramData\Desktop\McAfee LiveSafe.lnk
2020-02-05 17:30 - 2020-02-05 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-02-05 17:28 - 2020-02-05 17:28 - 000003332 _____ C:\Windows\system32\Tasks\McAfeeLogon
2020-02-05 17:28 - 2019-06-04 04:13 - 000217912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2020-02-05 17:27 - 2020-02-28 08:43 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2020-02-05 17:27 - 2020-02-28 08:43 - 000000000 ____D C:\Program Files (x86)\McAfee
2020-02-05 17:27 - 2020-02-27 22:39 - 000003710 _____ C:\Windows\system32\Tasks\McAfee Remediation (Prepare)
2020-02-05 17:27 - 2020-02-05 17:29 - 000000000 ____D C:\Program Files\McAfee
2020-02-05 17:27 - 2020-02-05 17:27 - 000000000 ____D C:\Program Files\McAfee.com
2020-02-05 17:27 - 2020-02-05 17:27 - 000000000 ____D C:\Program Files\Common Files\AV
2020-02-05 17:26 - 2020-02-27 21:39 - 000000000 ____D C:\ProgramData\McAfee
2020-02-05 17:26 - 2020-02-05 17:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2020-02-05 17:26 - 2019-11-08 17:15 - 000550152 _____ (McAfee, LLC) C:\Windows\system32\mfevtps.exe
2020-02-05 17:21 - 2020-02-05 17:21 - 000000000 ____D C:\Users\richa\AppData\Roaming\intelsecurity
2020-02-05 17:21 - 2011-06-11 01:15 - 000829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_.dll
2020-02-05 17:21 - 2011-06-11 01:15 - 000608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100_.dll
2020-02-05 17:21 - 2011-06-11 01:15 - 000158536 _____ (Microsoft Corporation) C:\Windows\system32\atl100_.dll
2020-02-05 17:07 - 2020-02-05 17:07 - 000000000 ____D C:\Users\richa\AppData\Roaming\McAfee
2020-02-04 07:12 - 2020-02-04 07:12 - 000000000 ____D C:\Users\richa\Documents\Electronic Arts
2020-02-04 07:12 - 2020-02-04 07:12 - 000000000 ____D C:\Users\richa\AppData\Local\Origin
2020-01-29 10:53 - 2020-01-29 10:53 - 023874275 _____ C:\Users\richa\Downloads\-pol- - I love Germany - Politically Incorrect - 4chan 2020-01-29-1.jpeg
2020-01-29 10:53 - 2020-01-29 10:53 - 014572980 _____ C:\Users\richa\Downloads\-pol- - I love Germany - Politically Incorrect - 4chan 2020-01-29-2.jpeg

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-28 15:27 - 2018-09-15 00:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-28 15:01 - 2020-01-28 06:15 - 000002050 _____ C:\Users\Public\Desktop\NordVPN.lnk
2020-02-28 15:01 - 2020-01-28 06:15 - 000002050 _____ C:\ProgramData\Desktop\NordVPN.lnk
2020-02-28 15:01 - 2020-01-03 19:21 - 000000000 ____D C:\Users\richa\AppData\Local\NordVPN
2020-02-28 14:47 - 2018-09-19 11:17 - 000841376 _____ C:\Windows\system32\PerfStringBackup.INI
2020-02-28 14:47 - 2018-09-15 00:31 - 000000000 ____D C:\Windows\INF
2020-02-28 14:43 - 2019-12-28 15:29 - 000000000 ____D C:\Users\richa\AppData\LocalLow\Mozilla
2020-02-28 14:43 - 2018-09-19 11:10 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-28 14:26 - 2018-09-14 23:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-02-28 14:02 - 2019-11-28 14:39 - 000000000 ____D C:\ProgramData\Lenovo
2020-02-28 10:25 - 2020-01-03 19:08 - 000000831 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2020-02-28 10:25 - 2019-12-28 22:27 - 000000000 ____D C:\Windows\system32\Tasks\TVT
2020-02-28 10:25 - 2019-11-28 14:39 - 000000000 ____D C:\Program Files (x86)\Lenovo
2020-02-28 03:11 - 2018-09-19 11:10 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-02-28 00:44 - 2020-01-10 21:09 - 000000000 ____D C:\Games
2020-02-28 00:36 - 2019-12-29 05:36 - 000000000 ____D C:\Users\richa\AppData\Local\D3DSCache
2020-02-28 00:17 - 2020-01-03 19:27 - 000000000 ____D C:\Users\richa\AppData\Roaming\qBittorrent
2020-02-26 21:53 - 2019-12-29 05:32 - 000002378 _____ C:\Users\richa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-02-26 21:53 - 2019-12-28 13:38 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3273800291-2506861472-1276587386-1001
2020-02-26 21:53 - 2019-12-28 13:38 - 000000000 ___RD C:\Users\richa\OneDrive
2020-02-25 18:28 - 2020-01-09 19:58 - 000000000 ____D C:\Users\richa\Documents\My Games
2020-02-25 18:10 - 2020-01-10 21:01 - 000000000 ___HD C:\Windows\msdownld.tmp
2020-02-25 18:10 - 2020-01-10 21:01 - 000000000 ____D C:\Windows\SysWOW64\directx
2020-02-24 09:35 - 2018-09-14 23:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-02-21 05:13 - 2019-12-31 16:47 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-02-21 05:12 - 2019-12-28 15:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-02-20 08:32 - 2019-12-28 15:29 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-02-06 19:32 - 2019-12-31 16:46 - 000000000 ____D C:\ProgramData\WinZip
2020-02-05 17:26 - 2018-09-15 00:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-02-05 17:21 - 2018-09-15 00:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-02-05 17:19 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\AppReadiness
2020-01-29 11:52 - 2019-12-31 16:47 - 000000948 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2020-01-29 11:52 - 2019-12-31 16:47 - 000000944 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2020-01-29 09:49 - 2019-12-31 16:47 - 000004008 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2020-01-29 09:49 - 2019-12-31 16:47 - 000003776 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-01-11 00:32 - 2020-01-13 12:19 - 000007597 _____ () C:\Users\richa\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020
Ran by richa (28-02-2020 15:32:49)
Running from C:\Users\richa\Downloads
Windows 10 Home Version 1809 17763.914 (X64) (2019-12-29 12:25:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3273800291-2506861472-1276587386-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3273800291-2506861472-1276587386-503 - Limited - Disabled)
Guest (S-1-5-21-3273800291-2506861472-1276587386-501 - Limited - Disabled)
richa (S-1-5-21-3273800291-2506861472-1276587386-1001 - Administrator - Enabled) => C:\Users\richa
WDAGUtilityAccount (S-1-5-21-3273800291-2506861472-1276587386-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.02 alpha (x64) (HKLM\...\7-Zip) (Version: 19.02 alpha - Igor Pavlov)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.1120.1801.32444 - Advanced Micro Devices, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 91.4.548 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden
Installer (HKLM\...\{E9675998-9B12-4560-8E98-A6CCCDE0BE18}) (Version: 1.0.0 - Default Company Name)
Lenovo Service Bridge (HKU\S-1-5-21-3273800291-2506861472-1276587386-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.0.4 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0093 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.1.76.0 - Lenovo Group Ltd.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R23 - McAfee, LLC.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.72 - McAfee, LLC.)
Microsoft OneDrive (HKU\S-1-5-21-3273800291-2506861472-1276587386-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 73.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 73.0.1 (x64 en-US)) (Version: 73.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
NordVPN (HKLM-x32\...\{83E5941F-5F93-4097-81F5-79FA38FFB875}) (Version: 6.27.11 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.27.11) (Version: 6.27.11 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
qBittorrent 4.2.1 (HKLM-x32\...\qBittorrent) (Version: 4.2.1 - The qBittorrent project)
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ)

Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20201.249.0_x64__rz1tebttyb220 [2019-11-28] (Dolby Laboratories)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1910.41.0_x64__k1h2ywk1493x8 [2019-12-31] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.4.0_x64__5grkq8ppsgwt4 [2020-01-03] (LENOVO INC) [Startup Task]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12325.20288.0_x86__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12325.20288.0_x86__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12325.20288.0_x86__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12325.20288.0_x86__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12325.20288.0_x86__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12325.20288.0_x86__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-28] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12325.20288.0_x86__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-12-28] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2019-12-29] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3273800291-2506861472-1276587386-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\richa\Dropbox [2019-12-31 16:49]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-12-03] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.32.0.dll [2020-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-12-03] (McAfee, LLC. -> McAfee, LLC.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-06-27 22:15 - 2018-06-27 22:15 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-06-27 22:15 - 2018-06-27 22:15 - 002552832 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-12-29 05:29 - 2019-05-28 15:06 - 001021440 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2020-02-06 19:31 - 2019-09-05 12:00 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-12-29 05:29 - 2019-10-27 06:36 - 001261568 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000345600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000502272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 001412608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-11-20 18:59 - 2018-11-20 18:59 - 005812224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 006321152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 001077248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 000323584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 003559424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 003700224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 000359936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 076160000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 005603840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 000461312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 000187904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-06-27 22:15 - 2018-06-27 22:15 - 002822144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000053248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000059904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000328192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2018-06-27 22:16 - 2018-06-27 22:16 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\richa\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 00:31 - 2018-09-15 00:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3273800291-2506861472-1276587386-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run32: => "Dropbox"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{71BD2AD3-A2C1-443D-92D4-CF3B6D657AA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1F851F6F-C762-4060-B1AB-366BE9C0419C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8A554EEF-C107-4AAB-A421-129BEA60EF46}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{67EC359C-2485-4639-9BEF-E12C0AA376E7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{602B146B-2789-4D06-A895-656C4C4C38C5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12325.20288.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E42E2504-0ACC-452F-B762-D3AF8003AD07}C:\program files\java\jre1.8.0_241\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\java.exe No File
FirewallRules: [UDP Query User{696D5D05-E46E-4BDA-B6A2-B50F8877795C}C:\program files\java\jre1.8.0_241\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\java.exe No File
FirewallRules: [{AA605466-5325-4DF7-BBCD-CC7DDF751C46}] => (Block) C:\program files\java\jre1.8.0_241\bin\java.exe No File
FirewallRules: [{80C2E16C-1112-4CC0-8F64-E96391A33976}] => (Block) C:\program files\java\jre1.8.0_241\bin\java.exe No File
FirewallRules: [TCP Query User{BE766289-5C53-4DB6-AFEB-D34536BDA708}C:\games\the sims 4 seasons\game\bin\ts4_x64.exe] => (Allow) C:\games\the sims 4 seasons\game\bin\ts4_x64.exe No File
FirewallRules: [UDP Query User{D61DE989-D04F-4D65-B7D2-27177C75AC0B}C:\games\the sims 4 seasons\game\bin\ts4_x64.exe] => (Allow) C:\games\the sims 4 seasons\game\bin\ts4_x64.exe No File
FirewallRules: [{78B915B2-B9E4-4D42-8946-CED95460A057}] => (Block) C:\games\the sims 4 seasons\game\bin\ts4_x64.exe No File
FirewallRules: [{B850561E-6AAB-4A57-BA62-E6B8B3A4A387}] => (Block) C:\games\the sims 4 seasons\game\bin\ts4_x64.exe No File
FirewallRules: [{F1A81E30-BC54-4C6E-BA80-C1D35239C33D}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{D4668B51-A742-4343-953D-213FAA714D18}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{C78EA11B-F78E-4FC0-BF9E-903B3A6BF6F0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{12FCDEB2-6D17-4622-9EC8-125F091A0C5F}] => (Allow) C:\Windows\system32\winrmsrv.exe No File
FirewallRules: [{B7AD8724-E3CA-422B-ABA6-EF4F876B6869}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{8E403B92-8393-4FE7-98B6-C94A196C6CA9}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{D1604883-7FF7-44DD-8259-002BEC074290}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{EED7E284-AD79-4555-B170-3EC78858E68F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{465E14C5-F3F3-41A2-87A8-BDD66543A809}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )

==================== Restore Points =========================

06-02-2020 19:32:09 Removed WinZip 20.0
20-02-2020 09:30:35 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/28/2020 03:06:29 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-VTU1GR64)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).

Error: (02/28/2020 03:06:29 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/28/2020 02:48:37 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-VTU1GR64)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).

Error: (02/28/2020 02:48:37 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/28/2020 02:43:34 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-VTU1GR64$ via https://AMD-KeyId-ff...plates/Aik/scepfailed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-ffe3e7714168a63a6a6372d2142fa143cfc825e8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Cache-Control: no-cache
Date: Fri, 28 Feb 2020 21:43:34 GMT
Pragma: no-cache
Content-Length: 121
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 42ab47c5-012d-4dd8-ba1e-f165b6f259ab
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff

Method: GET(469ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/28/2020 02:43:33 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-VTU1GR64$ via https://AMD-KeyId-ff...plates/Aik/scepfailed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-ffe3e7714168a63a6a6372d2142fa143cfc825e8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Cache-Control: no-cache
Date: Fri, 28 Feb 2020 21:43:33 GMT
Pragma: no-cache
Content-Length: 121
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: e9572b3e-c14d-4d4d-93b9-58146e3bb7a8
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff

Method: GET(625ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/28/2020 02:06:31 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-VTU1GR64)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).

Error: (02/28/2020 02:06:31 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (02/28/2020 03:33:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2020 03:33:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (02/28/2020 03:31:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (02/28/2020 03:31:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (02/28/2020 03:29:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (02/28/2020 03:29:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (02/28/2020 03:27:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (02/28/2020 03:04:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-12-28 17:13:43.896
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

CodeIntegrity:
===================================

Date: 2020-02-28 14:43:26.772
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-02-28 14:43:26.400
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-02-28 14:43:26.372
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-02-28 14:01:21.957
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-02-28 14:01:19.359
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-02-28 14:01:19.300
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-02-28 08:43:55.132
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-02-28 08:43:54.251
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 7WCN38WW 11/04/2019
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 64%
Total physical RAM: 7049.27 MB
Available physical RAM: 2530.54 MB
Total Virtual: 11913.27 MB
Available Virtual: 5374.71 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:125.25 GB) (Free:63.51 GB) NTFS

\\?\Volume{d6ef9084-0b00-4e92-a871-c7ef4ba180a5}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.53 GB) NTFS
\\?\Volume{174b26a0-89f4-481f-83a3-64e9ae6bf778}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 3450CED4)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,328 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   2.28KB   103 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 


  • 1

#3
Sonal8

Sonal8

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 &&0

Thank god, no error popup when I restarted. It appears to have worked. Thank you so much!

I did a scan of everything, here are the updated results post fix as requested.

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,328 posts
  • MVP

Wasn't really worried about the startupcheck.dll error so much.  This was a common Microsoft error caused by a bad update.  There was a task that should have been removed by an update but wasn't.  The fixlist just removed the task along with two other suspicious tasks. 

 

What I am worried about is that I also had the fixlist run DISM and SFC (These check the health of your system files) and both failed.  Addition.txt reports that the Windows Update service is broken and I can see that you are still back at Win 10 Version 1809.

 

I had the fixit check the permissions for the dll that Windows Update service uses and they were correct so it may be the registry entry that is at fault.  Download and save the attached wu.reg file.

Attached File  wu.reg   10KB   93 downloads

right click on wu.reg and MERGE.  Ignore the warning.

 

Manually updating to the latest version (1909) (if it works) may fix your problem.  Go to

https://go.microsoft.../?LinkID=799445

Click on Update Now and Save File.  Once it downloads, right click on it and Run As Admin. then follow the instructions.

 

Once it finishes (if it throws an error tell me what it says) reboot and rerun the FRST scan.  Post both logs.


  • 0

#5
Sonal8

Sonal8

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Ok, I did everything as advised and scanned again. I was unaware there was an update, but it installed without any errors.

Here are the logs.

Attached Files


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,328 posts
  • MVP

Windows update service seems to be working but you still have some errors.

 

Let's see if dism and sfc will work now.

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 

Attached Files


  • 0

#7
Sonal8

Sonal8

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Ok, here are the logs as requested.

Thank you, again.

 

 

Attached Files


  • 0

#8
Sonal8

Sonal8

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Whoops, sorry. Please disregard the previous post. I think I accidentally posted the scan prior to fixing it.

Here are the updated logs.

 

Attached Files


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,328 posts
  • MVP

OK both DISM & SFC are now happy.  The only errors remaining are AMD & Realtek related.  You probably need new software or drivers.

 

For AMD

 

Try:

https://www.amd.com/en/support

 

If you don't know what you have you can let it detect it for you.  Click on Download Now under:

Auto-Detect and Install Radeon™ Graphics Drivers for Windows©

 

For Realtek:

 

This is a bit harder.  Check your PC maker's website for new Audio software or you can search for

device manager

hit Enter

scroll down to Sound, Video & Game Controllers then click on the arrow in front to open.  Right click on the Realtek entry and update driver.  Click the top option.   (Probably won't find anything).  Right click on the Realtek Entry again and select Properties then click on the Details tab.  
Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply. 

 

The error may also relate to the

Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2019-12-29] (Realtek Semiconductor Corp)

which is one of your apps.  Not sure how to update it.  You can right click on it and Uninstall then try to reinstall it.
 


  • 0

#10
Sonal8

Sonal8

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I'm working on upgrading those elements, but at the very least I am not longer getting the error message that I was getting before and the rest seems to be secure.

Thank you very much for your help! I will be looking into learning more about registry issues as I will be using windows more often after having used linux for a while now for work reasons.


  • 0






Similar Topics


Also tagged with one or more of these keywords: dll, missing, RunDLL

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP