Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Computer is infected

Virus Slowdown Screen Stuck

  • Please log in to reply

#1
sandybgood

sandybgood

    Member

  • Member
  • PipPip
  • 26 posts

Dear Geeks, Thanks for helping out.

 

I have a Lenovo i7/16GB/2 TB  Windows 10 , approx 1.5 years old.

I use Avast Antivirus and Spybot regularly and also use Wise and CCleaner for the registry cleaning regularly.

In the last 2 months the symptoms are as follows

 

1. Browser gets stuck while loading - eventually loads after a 3-4 minutes - earlier it was instantaneous

2. While accessing any page it takes 30 seconds to 3 minutes to load - earlier it was instantaneous

3. Accessing any folder takes 30 seconds to 3-4 minutes, earlier it was instantaneous.

4. Frequently while accessing any application it says "Not responding" or hangs for some time - this happened even while running the Farbar tool

 

Here are the output files of FRST and Addition after running the Farbar tool as instructed on your website..

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2020
Ran by SandeepandJaya (administrator) on SANDEEPANDJAYAS (LENOVO F0DX0004IN) (02-10-2020 11:50:03)
Running from C:\Users\SandeepandJaya\Desktop
Loaded Profiles: SandeepandJaya
Platform: Windows 10 Home Single Language Version 1903 18362.778 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334258.inf_amd64_aae64f31646a15d8\B334021\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334258.inf_amd64_aae64f31646a15d8\B334021\atiesrxx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <6>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_05de635879d45aad\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_05de635879d45aad\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7591c5a0df008a8e\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7591c5a0df008a8e\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_caabc087e4b97a65\Intel_PIE_Service.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
(Lespeed Technology Ltd. -> WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
(Lespeed Technology Ltd. -> WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13110.41006.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1073_none_171f6eef2a0feed0\TiWorker.exe
(PRIMAX ELECTRONICS LTD. -> ) C:\Program Files\Lenovo\Lenovo Essential Wireless Keyboard\KBOSD.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
Failed to access process -> SystemSettings.exe
Failed to access process -> wuauclt.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [834032 2019-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Lenovo Essential Wireless Keyboard OSD] => C:\Program Files\Lenovo\Lenovo Essential Wireless Keyboard\KBOSD.exe [443192 2016-11-30] (PRIMAX ELECTRONICS LTD. -> )
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109160 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Lenovo Silver Silk Wireless Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [1742336 2013-08-15] (Lenovo) [File not signed]
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\Canon MP495 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA9.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.121\Installer\chrmstp.exe [2020-10-01] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02D0B90D-DF61-4AFD-AFAD-1993E9FC5A9F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-09-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {12198796-0C32-4474-9AE5-43B7C10BAB31} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {1C00C583-C740-495A-96A5-5BA674A55808} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\65c6f8de-af5b-49af-84e9-19b00098127e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {447CF51A-DCFC-424A-B4BE-B4F62EA60023} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {4E6CC967-7AF4-404C-B280-95AED4262F02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-29] (Google LLC -> Google LLC)
Task: {6E487463-D6EF-4353-BED9-FCB44059E428} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c0ec4d7d-486f-4cbd-b970-f54fdda2c4bf => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {89F7CEA0-4037-4EF4-96BE-B780CE932A2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [25492152 2020-09-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8F1B5F99-952F-40BF-BC3A-1EC3159C8D7D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\72f9306f-cdcc-47e1-8b40-e744367079fc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\SandeepandJaya\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A03002AA-B89D-470B-83E2-D8C93B47780D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {A1CF10AB-9B1D-474F-988D-0ACF3D3BC7BA} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A316FCAB-ECAA-4BF6-AFCF-69B9C1C1C85C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A798AA55-1FE6-404D-AD0F-0F937AA90172} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [56136 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {AA218A78-8D9B-4AB4-9FC2-2C4056FBE649} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {B4BB0878-8689-4EC3-88F3-733653BBC489} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-09-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C30BB92C-FD4C-41DE-ACE5-3A05700ED2FA} - System32\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [4925528 2020-04-20] (Lespeed Technology Ltd. -> wisecleaner.com)
Task: {CC352147-ACD7-4428-B148-B888E1304E64} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\230ba016-7c13-4597-bfd2-b3cb5c716a8f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {CFBC1BE6-3C9B-4421-B695-26B3239B4EE7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {DF15CA29-C312-43F5-BEB9-D51E3EF68F3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-29] (Google LLC -> Google LLC)
Task: {E7A6C475-5061-4FC8-90B0-A65329B9AC23} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3850336 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
Task: {F7BB7A8E-A7C1-4304-A129-A501601209B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3f225532-e049-4720-9ef7-b17fe07157de}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7490f3e9-20d7-46e7-9077-51830728394b}: [DhcpNameServer] 192.168.1.1
 
Edge: 
======
DownloadDir: C:\Users\SandeepandJaya\Downloads
Edge Notifications: HKU\S-1-5-21-1730742525-4092960748-1108651602-1001 -> hxxps://my.shaadi.com
Edge Profile: C:\Users\SandeepandJaya\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-02]
 
FireFox:
========
FF DefaultProfile: 3o9gu5wu.default
FF ProfilePath: C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default [2020-03-07]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default\Extensions\[email protected] [2019-05-22]
FF Extension: (Avast Online Security) - C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default\Extensions\[email protected] [2019-05-22]
FF ProfilePath: C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\08allo6n.default-release-1597514136066 [2020-10-02]
FF Homepage: Mozilla\Firefox\Profiles\08allo6n.default-release-1597514136066 -> www.economictimes.com
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\FFExt\light_plugin_firefox\addon.xpi [2019-11-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default [2020-10-02]
CHR StartupUrls: Default -> "hxxps://economictimes.indiatimes.com/"
CHR Extension: (Slides) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-29]
CHR Extension: (Flash Video Downloader) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2020-07-29]
CHR Extension: (Flash Video Downloader Plus) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\alfnggielnhdpdamedeokgppcilgainm [2020-07-29]
CHR Extension: (Docs) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-29]
CHR Extension: (Google Drive) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-07-29]
CHR Extension: (YouTube) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-29]
CHR Extension: (Sheets) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-18]
CHR Extension: (Avast Online Security) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-29]
CHR Extension: (Gmail) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-06]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7824280 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357848 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
S2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S3 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [602768 2019-02-19] (Dolby Laboratories, Inc. -> )
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2410672 2017-11-21] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
S4 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [650840 2020-04-20] (Lespeed Technology Ltd. -> WiseCleaner.com)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37136 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [206392 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [235584 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [195648 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60480 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16824 2020-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42768 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175192 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [517592 2020-10-01] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109272 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84848 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851600 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469880 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [217328 2020-09-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326408 2020-09-09] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-30] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [76624 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [129152 2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37816 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [251512 2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [516216 2019-09-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1123664 2019-10-17] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys [199744 2019-12-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [998016 2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [79184 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45904 2019-03-10] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [251256 2019-11-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-11-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [306248 2019-11-30] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [119744 2019-11-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [204520 2019-11-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [210280 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [232272 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
R3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [33864 2019-05-29] (Beijing Lang Xingda Network Technology Co., Ltd -> wisecleaner.com)
S3 WiseRegNotify; C:\WINDOWS\WiseRegNotify.sys [51272 2019-12-01] (Beijing Lang Xingda Network Technology Co., Ltd -> WiseCleaner.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
Addition File
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2020
Ran by SandeepandJaya (02-10-2020 11:44:42)
Running from C:\Users\SandeepandJaya\Desktop
Windows 10 Home Single Language Version 1903 18362.778 (X64) (2019-09-29 16:40:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1730742525-4092960748-1108651602-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1730742525-4092960748-1108651602-503 - Limited - Disabled)
Guest (S-1-5-21-1730742525-4092960748-1108651602-501 - Limited - Disabled)
SandeepandJaya (S-1-5-21-1730742525-4092960748-1108651602-1001 - Administrator - Enabled) => C:\Users\SandeepandJaya
WDAGUtilityAccount (S-1-5-21-1730742525-4092960748-1108651602-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2018.1004.2349.42886 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.7.2425 - Avast Software)
BitTorrent (HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\BitTorrent) (Version: 7.10.5.45665 - BitTorrent Inc.)
Branding64 (HKLM\...\{0568DB97-57DB-4D8F-8849-26B6940CEE6E}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.72 - Piriform)
EaseUS Tools M Beta 0.6.8 (HKLM-x32\...\D72C2F7D-B75E-4641-AFBE-199B95066617_is1) (Version:  - EaseUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.121 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1824.12.0.1140 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7927 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.7.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{3b132227-4567-48a1-9f85-0d0dad4346ee}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000090-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.90.0 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{AA90D357-23D3-44C1-954D-7105B0C08F38}) (Version: 17.7.0.1006 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{074dda6c-5a4a-455e-8a99-09de068e0771}) (Version: 21.40.1 - Intel Corporation)
Kaspersky Security Cloud (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky)
Lenovo App Explorer (HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\Host App Service) (Version: 0.273.3.880 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Essential Wireless Keyboard (HKLM\...\Lenovo Essential Wireless Keyboard) (Version: 1.0 - Lenovo)
Lenovo Silver Silk Wireless Keyboard (HKLM-x32\...\{B88AD4F5-58A6-425D-9282-92228FEB7067}) (Version: 1.05 - Lenovo) Hidden
Lenovo Silver Silk Wireless Keyboard (HKLM-x32\...\InstallShield_{B88AD4F5-58A6-425D-9282-92228FEB7067}) (Version: 1.05 - Lenovo)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.29 - )
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 80.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 80.0.1 (x64 en-US)) (Version: 80.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0.1 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
OpenBoard (1.5.4.240) (HKLM-x32\...\{8CCA6AC7-BBF9-4DD2-8E70-A907E0FCA38F}}_is1) (Version: 1.5.4.240 - Open Education Foundation)
PX Profile Update (HKLM-x32\...\{306C9EAF-031A-282C-D41A-B2A3A7CA8375}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{B4870B51-34EF-200D-DEB7-2234CDE7FB7D}) (Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.32.1206.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8633 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
UsbFix Anti-Malware Premium (HKLM-x32\...\Usbfix) (Version: 11.0.2.2 - SOSVirus (SOSVirus.Net))
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Wise Care 365 5.5.6 (HKLM-x32\...\Wise Care 365_is1) (Version: 5.5.6 - WiseCleaner.com, Inc.)
Zoom (HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
 
Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20201.255.0_x64__rz1tebttyb220 [2019-05-29] (Dolby Laboratories)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-07-11] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa [2020-10-02] (Apple Inc.) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2006.41.0_x64__k1h2ywk1493x8 [2020-08-17] (LENOVO INC.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-05-21] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13127.20408.0_x86__8wekyb3d8bbwe [2020-09-20] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-21] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13127.20408.0_x86__8wekyb3d8bbwe [2020-09-20] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13127.20408.0_x86__8wekyb3d8bbwe [2020-09-20] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13127.20408.0_x86__8wekyb3d8bbwe [2020-09-20] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13127.20408.0_x86__8wekyb3d8bbwe [2020-09-20] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13127.20408.0_x86__8wekyb3d8bbwe [2020-09-20] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-21] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13127.20408.0_x86__8wekyb3d8bbwe [2020-09-20] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-05] (Microsoft Corporation)
Power2Go for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.11322.0_x86__m916jedk64snt [2020-08-17] (CYBERLINKCOM CORPORATION) [Startup Task]
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.2.2520.0_x86__m916jedk64snt [2020-08-17] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-05-29] (Realtek Semiconductor Corp)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => c:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-08-07] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-09-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-09-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-09-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => c:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-08-07] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-09-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2011-11-04 00:18 - 2011-11-04 00:18 - 000056320 _____ () [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skfunc.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-06-28 14:16 - 2018-06-28 14:16 - 002552832 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-05-22 19:57 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2011-10-22 02:11 - 2011-10-22 02:11 - 000061952 _____ (LITE-ON Corp.) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skhooks.dll
2011-11-18 22:37 - 2011-11-18 22:37 - 000054272 _____ (LITE-ON TECHNOLOGY CORP.) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\SKHidKbd.dll
2020-09-14 17:25 - 2020-05-30 19:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2020-06-22 20:24 - 2020-04-09 09:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000345600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000502272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 001412608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-10-04 23:47 - 2018-10-04 23:47 - 005812224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 006321152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 001077248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000323584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 003559424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 003700224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000359936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 076160000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 005603840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000461312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000187904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 002822144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000053248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000059904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000328192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-12 05:08 - 2018-04-12 05:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SandeepandJaya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{0FF28240-DC18-4875-B62B-33657DDA706B}C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{379F47A7-E302-4B41-AF9E-1051038C7AFF}C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F31F050B-4F70-4AA1-BC28-4E7E77915EB0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07450836-FB5B-4408-B439-C5E01A107B12}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B3CA2972-72E2-4725-86D8-D26354473E5E}C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{53D6A307-AC23-41C2-BF6D-41C3CACD824E}C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{007C1779-2F44-4D93-B059-01FF9597E86B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{7435531A-F7F5-487A-A36B-08196259219C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{88076008-40D2-4DC9-98E3-C8DC373D6E56}] => (Allow) C:\Users\SandeepandJaya\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B7C32552-A860-4348-868A-13EA502C7339}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2C6E5E50-561D-4B11-AC9D-18231E1176EC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7A185BCB-4A3F-4E0E-9617-B31A6CD7B5A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3D9B1BDB-7595-483B-9B0B-AD1B15B5F924}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{2B25B812-15F5-498A-BDB9-823394DBC7C3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{729D43C9-AE57-445F-AA3E-0598231A0CBF}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6A23B06B-096B-45BB-94F4-F2EA998D20B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E18059C7-C878-4FEC-9412-11973E819A08}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13231.20262.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B7E90EE-FD75-4B11-997A-F70E5487CF1A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B0260BA-B02E-4EBB-9375-0409A3CD79A3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F2449EEC-4946-4D13-A416-BA7FD30D1C52}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{351B64B1-1135-4B21-9766-528E323205DA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5830A98-4B88-425E-A23A-2082CB1AD2F6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C1465928-08D5-42A0-B2B8-4BCAB011E6C5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{44B2A2BA-DF70-4976-A1BB-93F07124598F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{530F244E-DCA8-45B0-8DC1-C0436D1F2501}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
10-09-2020 18:20:24 Windows Update
14-09-2020 17:34:09 Windows Update
17-09-2020 21:19:27 Windows Update
01-10-2020 18:46:40 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/02/2020 11:07:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1024
 
Start Time: 01d6987dc541cc05
 
Termination Time: 4294967295
 
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: dd4b45c4-2e8c-42e6-9d1a-eca5a65bf9fd
 
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Hang type: Quiesce
 
Error: (10/02/2020 10:51:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.18362.778, time stamp: 0xb8640219
Faulting module name: ntdll.dll, version: 10.0.18362.778, time stamp: 0x0c1bb301
Exception code: 0xc0000005
Fault offset: 0x00000000000072a6
Faulting process id: 0x3994
Faulting application start time: 0x01d697f66aff63db
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e2168bd7-bb6d-4d76-896d-d04bab3705c8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/20/2020 04:54:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4128,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/20/2020 04:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.18362.778, time stamp: 0xb8640219
Faulting module name: ntdll.dll, version: 10.0.18362.778, time stamp: 0x0c1bb301
Exception code: 0xc0000005
Fault offset: 0x00000000000072a6
Faulting process id: 0x12a8
Faulting application start time: 0x01d68de4e3dee21a
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 741ba923-4c05-4057-8010-3fe2f9e249b7
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/18/2020 11:00:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13640,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/18/2020 10:52:36 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11772,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/17/2020 11:00:21 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2444,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/17/2020 10:46:25 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9176,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
 
System errors:
=============
Error: (10/02/2020 11:15:57 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/02/2020 10:52:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0831: 2020-09 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4574727).
 
Error: (10/02/2020 10:14:56 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/02/2020 10:03:15 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server {20532D01-15BE-4BB9-A727-CA34555D881C} did not register with DCOM within the required timeout.
 
Error: (10/02/2020 10:01:14 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/02/2020 09:58:07 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/02/2020 09:55:47 AM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.
 
Error: (10/02/2020 09:55:47 AM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.
 
 
Windows Defender:
===================================
Date: 2020-04-18 23:23:08.982
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3D0576CD-B53C-4F02-8DE3-A4C16EDFED82}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-10-07 14:04:56.913
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0F12D7E1-93F7-4268-8D85-601EA63ACC41}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-10-07 13:06:07.348
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A0C16B21-BC53-40DE-BD3F-53A40A8E6C5C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-10-07 12:47:00.511
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8FC2A646-04D6-434A-8474-5DB62DC88ECB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-05-01 23:40:48.315
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.313.2014.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16900.4
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-10-03 20:38:53.738
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.303.624.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2020-10-02 11:45:02.118
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-02 11:45:01.943
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-02 11:45:00.377
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-02 11:33:25.100
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-02 11:33:25.050
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-02 11:33:25.037
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-02 11:33:24.139
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-02 11:32:57.987
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: LENOVO O3WKT11A 04/02/2018
Motherboard: LENOVO 36F1
Processor: Intel® Core™ i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 41%
Total physical RAM: 16290.75 MB
Available physical RAM: 9512.19 MB
Total Virtual: 32674.75 MB
Available Virtual: 25875.01 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.43 GB) (Free:413.4 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:488.28 GB) (Free:293.29 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:442.05 GB) (Free:426.95 GB) NTFS
 
\\?\Volume{88ef6362-d5ea-4e83-9f21-85b7754c55c7}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{4fb5cc92-2f0e-4d9b-add9-fdcc114eed1d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 8D027F42)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 358 posts

Looking over your logs, back soon.


  • 0

#3
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 358 posts

No obvious signs of an active infection on your machine however I haven't yet gone over your logs in any detail, so before I do that I'd like you to do the following ...

Please uninstall the following programs ...

BitTorrent
Avast Free Antivirus
CCleaner
Spybot - Search & Destroy
UsbFix Anti-Malware Premium
Wise Care 365


.... reboot your computer when you are finished uninstalling them all.

Now run a new scan with FRST and post me the new FRST.txt and Addition.txt logs created.

Reasons I've asked you to remove the above programs ....

  • Use of P2P (torrent) programs are the easiest way to contract an infection that I know of.
  • Windows Defender does a better job of protecting your computer than Avast, and causes far fewer conflict problems. Recent versions of Avast are particularly prone to causing conflicts.
  • Use of "Registry Cleaners" is a swift way to all sorts of problems, your Computer does not need "tuning", and your Registry especially does not. Which is why I recommend the removal of CCleaner and Wise Care
  • You don't need more than one AV/AS program, and Windows Defender will supply all the protection you need, which is why I recommend removal of USBFix Anti-Malware. Multiple AV/AS installations is a common cause of conflict problems.

 

Your problems seem to me more likely to be caused by conflicts than by an infection, which is why I want you to remove the programs I've asked you to remove. If you really want them then we can always re-install them after we've properly checked over your machine, but personally I would not advise you to do so.


  • 0

#4
sandybgood

sandybgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Dear Gary,

Many thanks for the advice and your help. As suggested I have uninstalled all the six applications you have listed above.

I am a little mystified at the behavior of my computer and the conflicts that you have mentioned as none of these are recent installs.

Et Tu Avast !!   

Here are the logs of Frst.txt and Addition.txt after the deinstallation process and restart.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2020
Ran by SandeepandJaya (administrator) on SANDEEPANDJAYAS (LENOVO F0DX0004IN) (04-10-2020 11:22:59)
Running from C:\Users\SandeepandJaya\Desktop
Loaded Profiles: SandeepandJaya
Platform: Windows 10 Home Single Language Version 1903 18362.778 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334258.inf_amd64_aae64f31646a15d8\B334021\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334258.inf_amd64_aae64f31646a15d8\B334021\atiesrxx.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_05de635879d45aad\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_05de635879d45aad\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7591c5a0df008a8e\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7591c5a0df008a8e\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_caabc087e4b97a65\Intel_PIE_Service.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1073_none_171f6eef2a0feed0\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\NisSrv.exe
(PRIMAX ELECTRONICS LTD. -> ) C:\Program Files\Lenovo\Lenovo Essential Wireless Keyboard\KBOSD.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [834032 2019-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Lenovo Essential Wireless Keyboard OSD] => C:\Program Files\Lenovo\Lenovo Essential Wireless Keyboard\KBOSD.exe [443192 2016-11-30] (PRIMAX ELECTRONICS LTD. -> )
HKLM-x32\...\Run: [Lenovo Silver Silk Wireless Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [1742336 2013-08-15] (Lenovo) [File not signed]
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\Canon MP495 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA9.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.121\Installer\chrmstp.exe [2020-10-01] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02D0B90D-DF61-4AFD-AFAD-1993E9FC5A9F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-09-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {1B4EB1A5-D0A6-413C-ADB1-C1FC04F29F92} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C00C583-C740-495A-96A5-5BA674A55808} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\65c6f8de-af5b-49af-84e9-19b00098127e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {447CF51A-DCFC-424A-B4BE-B4F62EA60023} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {4E6CC967-7AF4-404C-B280-95AED4262F02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-29] (Google LLC -> Google LLC)
Task: {5CD9566B-88F5-4BC3-AFA8-9BBDD5367B7D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6E487463-D6EF-4353-BED9-FCB44059E428} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c0ec4d7d-486f-4cbd-b970-f54fdda2c4bf => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {7353D63F-483F-4E98-BD31-ADDAC81653C6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [144312 2020-07-27] (Lenovo -> Lenovo Group Ltd.)
Task: {8F1B5F99-952F-40BF-BC3A-1EC3159C8D7D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\72f9306f-cdcc-47e1-8b40-e744367079fc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\SandeepandJaya\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {990ACDA6-FC5D-4766-85F0-87AAC472D8EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1CF10AB-9B1D-474F-988D-0ACF3D3BC7BA} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A798AA55-1FE6-404D-AD0F-0F937AA90172} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [56136 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {AA218A78-8D9B-4AB4-9FC2-2C4056FBE649} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {CC352147-ACD7-4428-B148-B888E1304E64} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\230ba016-7c13-4597-bfd2-b3cb5c716a8f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {DF15CA29-C312-43F5-BEB9-D51E3EF68F3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-29] (Google LLC -> Google LLC)
Task: {F30D0060-6C81-467E-8F33-30EFCACAC6AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F7BB7A8E-A7C1-4304-A129-A501601209B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3f225532-e049-4720-9ef7-b17fe07157de}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7490f3e9-20d7-46e7-9077-51830728394b}: [DhcpNameServer] 192.168.1.1
 
Edge: 
======
DownloadDir: C:\Users\SandeepandJaya\Downloads
Edge Notifications: HKU\S-1-5-21-1730742525-4092960748-1108651602-1001 -> hxxps://my.shaadi.com
Edge Profile: C:\Users\SandeepandJaya\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-02]
 
FireFox:
========
FF DefaultProfile: 3o9gu5wu.default
FF ProfilePath: C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default [2020-03-07]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default\Extensions\[email protected] [2019-05-22]
FF Extension: (Avast Online Security) - C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default\Extensions\[email protected] [2019-05-22]
FF ProfilePath: C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\08allo6n.default-release-1597514136066 [2020-10-04]
FF Homepage: Mozilla\Firefox\Profiles\08allo6n.default-release-1597514136066 -> www.economictimes.com
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\FFExt\light_plugin_firefox\addon.xpi [2019-11-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default [2020-10-04]
CHR StartupUrls: Default -> "hxxps://economictimes.indiatimes.com/"
CHR Extension: (Slides) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-29]
CHR Extension: (Flash Video Downloader) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2020-07-29]
CHR Extension: (Flash Video Downloader Plus) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\alfnggielnhdpdamedeokgppcilgainm [2020-07-29]
CHR Extension: (Docs) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-29]
CHR Extension: (Google Drive) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-07-29]
CHR Extension: (YouTube) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-29]
CHR Extension: (Sheets) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-18]
CHR Extension: (Avast Online Security) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-29]
CHR Extension: (Gmail) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-06]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S3 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [602768 2019-02-19] (Dolby Laboratories, Inc. -> )
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2410672 2017-11-21] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
S4 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\NisSrv.exe [2343112 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MsMpEng.exe [128360 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-30] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [76624 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [129152 2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37816 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [251512 2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [516216 2019-09-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1123664 2019-10-17] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys [199744 2019-12-01] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [998016 2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [79184 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45904 2019-03-10] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [251256 2019-11-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-11-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [306248 2019-11-30] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [119744 2019-11-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [204520 2019-11-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [210280 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [232272 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2020-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428256 2020-10-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69856 2020-10-04] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-10-04 11:22 - 2020-10-04 11:28 - 000021655 _____ C:\Users\SandeepandJaya\Desktop\FRST.txt
2020-10-04 11:22 - 2020-10-04 11:22 - 000000000 ____D C:\Users\SandeepandJaya\Desktop\FRST-OlderVersion
2020-10-04 10:34 - 2020-10-04 10:35 - 000257904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-10-04 10:17 - 2020-10-04 10:17 - 000000085 _____ C:\WINDOWS\wininit.ini
2020-10-02 23:38 - 2020-10-02 23:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-10-02 23:38 - 2020-09-10 18:14 - 000905528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-10-02 23:38 - 2020-09-10 18:14 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-10-02 18:39 - 2020-10-02 18:40 - 000000000 ____D C:\Users\SandeepandJaya\AppData\LocalLow\BitTorrent
2020-10-02 11:12 - 2020-10-04 11:25 - 000000000 ____D C:\FRST
2020-10-02 11:05 - 2020-10-04 11:22 - 002299392 _____ (Farbar) C:\Users\SandeepandJaya\Desktop\FRST64.exe
2020-10-02 10:56 - 2020-10-02 10:56 - 000000000 ____D C:\ProgramData\WindowsPerformanceRecorder
2020-10-01 19:09 - 2020-10-01 19:20 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-09-20 16:37 - 2020-09-20 16:40 - 016374869 _____ C:\Users\SandeepandJaya\Downloads\5476309_hq.mp4.mp4
2020-09-20 16:30 - 2020-09-20 16:43 - 141000385 _____ C:\Users\SandeepandJaya\Downloads\3341385.mp4.mp4
2020-09-20 16:22 - 2020-09-20 16:31 - 081857725 _____ C:\Users\SandeepandJaya\Downloads\2085011.mp4.mp4
2020-09-20 16:21 - 2020-09-20 16:28 - 078539780 _____ C:\Users\SandeepandJaya\Downloads\1072439.mp4.mp4
2020-09-20 16:17 - 2020-09-20 16:30 - 114888563 _____ C:\Users\SandeepandJaya\Downloads\473795.mp4.mp4
2020-09-20 16:13 - 2020-09-20 16:19 - 054352934 _____ C:\Users\SandeepandJaya\Downloads\7709035_hq.mp4.mp4
2020-09-20 16:02 - 2020-09-20 16:19 - 185218397 _____ C:\Users\SandeepandJaya\Downloads\3233347.mp4.mp4
2020-09-20 15:56 - 2020-09-20 16:01 - 114041702 _____ C:\Users\SandeepandJaya\Downloads\5633761_hq.mp4.mp4
2020-09-20 15:54 - 2020-09-20 16:00 - 044103555 _____ C:\Users\SandeepandJaya\Downloads\244690_hq.mp4.mp4
2020-09-18 23:06 - 2020-09-18 23:25 - 098220124 _____ C:\Users\SandeepandJaya\Downloads\6338794_hq.mp4.mp4
2020-09-18 22:59 - 2020-09-18 23:13 - 036138470 _____ C:\Users\SandeepandJaya\Downloads\1211447_hq.mp4.mp4
2020-09-18 22:56 - 2020-09-18 23:01 - 062984736 _____ C:\Users\SandeepandJaya\Downloads\27797.mp4.mp4
2020-09-18 22:54 - 2020-09-18 22:58 - 139723468 _____ C:\Users\SandeepandJaya\Downloads\200363.mp4.mp4
2020-09-18 22:52 - 2020-09-18 22:56 - 139723468 _____ C:\Users\SandeepandJaya\Downloads\1283217_hq.mp4.mp4
2020-09-18 22:50 - 2020-09-18 22:55 - 137487433 _____ C:\Users\SandeepandJaya\Downloads\1611427_hq.mp4.mp4
2020-09-18 22:48 - 2020-09-18 23:09 - 324980013 _____ C:\Users\SandeepandJaya\Downloads\280457.mp4.mp4
2020-09-17 22:58 - 2020-09-17 23:15 - 414812326 _____ C:\Users\SandeepandJaya\Downloads\1957199.mp4.mp4
2020-09-17 22:46 - 2020-09-17 22:54 - 017749815 _____ C:\Users\SandeepandJaya\Downloads\109851_hq.mp4.mp4
2020-09-10 19:39 - 2020-09-10 19:49 - 036453275 _____ C:\Users\SandeepandJaya\Downloads\1603525_hq.mp4 (1).mp4
2020-09-10 19:36 - 2020-09-10 19:46 - 036453275 _____ C:\Users\SandeepandJaya\Downloads\1603525_hq.mp4.mp4
2020-09-10 18:49 - 2020-09-10 18:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-09-10 18:21 - 2020-09-10 18:21 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-09-10 18:21 - 2020-09-10 18:21 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-09-09 22:10 - 2020-10-01 18:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-10-04 11:29 - 2019-03-19 10:22 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-04 11:24 - 2019-11-30 23:15 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-10-04 11:06 - 2019-03-19 10:07 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-10-04 10:35 - 2019-05-22 09:56 - 000000000 __SHD C:\Users\SandeepandJaya\IntelGraphicsProfiles
2020-10-04 10:34 - 2020-03-25 16:44 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-10-04 10:34 - 2019-09-29 22:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-04 10:34 - 2019-05-22 15:06 - 000000000 ____D C:\Users\SandeepandJaya\AppData\Local\AVAST Software
2020-10-04 10:34 - 2019-05-22 15:03 - 000000000 ____D C:\ProgramData\AVAST Software
2020-10-04 10:34 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\Registration
2020-10-04 10:34 - 2018-07-29 00:21 - 000000000 ___HD C:\Intel
2020-10-04 10:33 - 2019-03-19 10:07 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-04 10:30 - 2018-04-18 00:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-04 10:17 - 2020-03-25 16:44 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-10-04 10:06 - 2019-09-29 21:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-04 09:53 - 2020-07-13 18:19 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-04 09:53 - 2020-07-13 18:19 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-04 09:53 - 2020-07-13 18:19 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-10-03 00:00 - 2019-05-21 19:14 - 000000000 ____D C:\Users\SandeepandJaya\AppData\Roaming\vlc
2020-10-02 23:46 - 2019-03-19 10:22 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-02 23:46 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-02 10:18 - 2019-05-25 20:06 - 000000000 ____D C:\System Utilities and Cleaners
2020-10-01 19:23 - 2020-07-29 16:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-01 19:23 - 2020-07-29 16:19 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-01 19:23 - 2020-07-29 16:19 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-01 19:17 - 2020-03-07 10:31 - 000000000 ____D C:\Users\SandeepandJaya\AppData\LocalLow\Mozilla
2020-10-01 19:16 - 2019-05-21 19:13 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-17 22:23 - 2020-03-07 10:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-09-10 18:49 - 2020-03-07 10:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-09-10 18:11 - 2020-04-22 23:00 - 000517080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys.160156053964002
2020-09-09 21:55 - 2019-05-21 22:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-09-09 21:51 - 2019-05-21 22:21 - 129170736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-09-06 14:57 - 2019-03-19 10:22 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-09-06 10:26 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\LiveKernelReports
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-10-2020
Ran by SandeepandJaya (04-10-2020 11:42:46)
Running from C:\Users\SandeepandJaya\Desktop
Windows 10 Home Single Language Version 1903 18362.778 (X64) (2019-09-29 16:40:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1730742525-4092960748-1108651602-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1730742525-4092960748-1108651602-503 - Limited - Disabled)
Guest (S-1-5-21-1730742525-4092960748-1108651602-501 - Limited - Disabled)
SandeepandJaya (S-1-5-21-1730742525-4092960748-1108651602-1001 - Administrator - Enabled) => C:\Users\SandeepandJaya
WDAGUtilityAccount (S-1-5-21-1730742525-4092960748-1108651602-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2018.1004.2349.42886 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12 - Advanced Micro Devices, Inc.)
Branding64 (HKLM\...\{0568DB97-57DB-4D8F-8849-26B6940CEE6E}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - Canon Inc.)
EaseUS Tools M Beta 0.6.8 (HKLM-x32\...\D72C2F7D-B75E-4641-AFBE-199B95066617_is1) (Version:  - EaseUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.121 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1824.12.0.1140 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7927 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.7.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{3b132227-4567-48a1-9f85-0d0dad4346ee}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000090-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.90.0 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{AA90D357-23D3-44C1-954D-7105B0C08F38}) (Version: 17.7.0.1006 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{074dda6c-5a4a-455e-8a99-09de068e0771}) (Version: 21.40.1 - Intel Corporation)
Kaspersky Security Cloud (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky)
Lenovo App Explorer (HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\Host App Service) (Version: 0.273.3.880 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Essential Wireless Keyboard (HKLM\...\Lenovo Essential Wireless Keyboard) (Version: 1.0 - Lenovo)
Lenovo Silver Silk Wireless Keyboard (HKLM-x32\...\{B88AD4F5-58A6-425D-9282-92228FEB7067}) (Version: 1.05 - Lenovo) Hidden
Lenovo Silver Silk Wireless Keyboard (HKLM-x32\...\InstallShield_{B88AD4F5-58A6-425D-9282-92228FEB7067}) (Version: 1.05 - Lenovo)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.29 - )
Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 80.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 80.0.1 (x64 en-US)) (Version: 80.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0.1 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
OpenBoard (1.5.4.240) (HKLM-x32\...\{8CCA6AC7-BBF9-4DD2-8E70-A907E0FCA38F}}_is1) (Version: 1.5.4.240 - Open Education Foundation)
PX Profile Update (HKLM-x32\...\{306C9EAF-031A-282C-D41A-B2A3A7CA8375}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{B4870B51-34EF-200D-DEB7-2234CDE7FB7D}) (Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.32.1206.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8633 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
 
Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20201.255.0_x64__rz1tebttyb220 [2019-05-29] (Dolby Laboratories)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-07-11] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa [2020-10-02] (Apple Inc.) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2009.18.0_x64__k1h2ywk1493x8 [2020-10-02] (LENOVO INC.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-05-21] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-21] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-21] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-05] (Microsoft Corporation)
Power2Go for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.11322.0_x86__m916jedk64snt [2020-08-17] (CYBERLINKCOM CORPORATION) [Startup Task]
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.2.2520.0_x86__m916jedk64snt [2020-08-17] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-05-29] (Realtek Semiconductor Corp)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => c:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-08-07] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => c:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-08-07] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2011-11-04 00:18 - 2011-11-04 00:18 - 000056320 _____ () [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skfunc.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-06-28 14:16 - 2018-06-28 14:16 - 002552832 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-05-22 19:57 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2011-10-22 02:11 - 2011-10-22 02:11 - 000061952 _____ (LITE-ON Corp.) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skhooks.dll
2011-11-18 22:37 - 2011-11-18 22:37 - 000054272 _____ (LITE-ON TECHNOLOGY CORP.) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\SKHidKbd.dll
2020-09-14 17:25 - 2020-05-30 19:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2020-06-22 20:24 - 2020-04-09 09:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000345600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000502272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 001412608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-10-04 23:47 - 2018-10-04 23:47 - 005812224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 006321152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 001077248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000323584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 003559424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 003700224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000359936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 076160000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 005603840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000461312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000187904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 002822144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000053248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000059904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000328192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-12 05:08 - 2018-04-12 05:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SandeepandJaya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F31F050B-4F70-4AA1-BC28-4E7E77915EB0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07450836-FB5B-4408-B439-C5E01A107B12}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B3CA2972-72E2-4725-86D8-D26354473E5E}C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [UDP Query User{53D6A307-AC23-41C2-BF6D-41C3CACD824E}C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [TCP Query User{007C1779-2F44-4D93-B059-01FF9597E86B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{7435531A-F7F5-487A-A36B-08196259219C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{88076008-40D2-4DC9-98E3-C8DC373D6E56}] => (Allow) C:\Users\SandeepandJaya\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{2B25B812-15F5-498A-BDB9-823394DBC7C3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{729D43C9-AE57-445F-AA3E-0598231A0CBF}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6A23B06B-096B-45BB-94F4-F2EA998D20B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E18059C7-C878-4FEC-9412-11973E819A08}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13231.20262.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B7E90EE-FD75-4B11-997A-F70E5487CF1A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B0260BA-B02E-4EBB-9375-0409A3CD79A3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F2449EEC-4946-4D13-A416-BA7FD30D1C52}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{351B64B1-1135-4B21-9766-528E323205DA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5830A98-4B88-425E-A23A-2082CB1AD2F6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C1465928-08D5-42A0-B2B8-4BCAB011E6C5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{44B2A2BA-DF70-4976-A1BB-93F07124598F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{530F244E-DCA8-45B0-8DC1-C0436D1F2501}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE30DADE-9FF2-4091-B3FE-8FDCF34F1EC7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A4346BB-99C8-4C4A-8D84-5FB79EB48BD4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A002C373-FDE5-49BE-A90E-5DCD7859CA1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4EBB484-4585-433C-8DDB-18CFA6B918E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
10-09-2020 18:20:24 Windows Update
14-09-2020 17:34:09 Windows Update
17-09-2020 21:19:27 Windows Update
01-10-2020 18:46:40 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/04/2020 11:00:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RemindersServer.exe version 10.0.18362.752 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 168c
 
Start Time: 01d69a0cb048c944
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
 
Report Id: 4f1b1ec4-d88a-4dd9-952c-9bb438014c8b
 
Faulting package full name: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Hang type: Quiesce
 
Error: (10/04/2020 10:57:54 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7744,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (10/04/2020 10:47:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5880,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (10/04/2020 10:32:42 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/04/2020 10:32:42 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/04/2020 10:32:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/04/2020 10:32:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/04/2020 10:25:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8544,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
 
System errors:
=============
Error: (10/04/2020 11:19:29 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/04/2020 11:05:45 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/04/2020 10:42:29 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server {20532D01-15BE-4BB9-A727-CA34555D881C} did not register with DCOM within the required timeout.
 
Error: (10/04/2020 10:40:34 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/04/2020 10:36:37 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/04/2020 10:15:13 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/04/2020 10:09:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0831: 2020-09 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4574727).
 
Error: (10/04/2020 09:38:59 AM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2020-04-18 23:23:08.982
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3D0576CD-B53C-4F02-8DE3-A4C16EDFED82}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-10-07 14:04:56.913
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0F12D7E1-93F7-4268-8D85-601EA63ACC41}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-10-07 13:06:07.348
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A0C16B21-BC53-40DE-BD3F-53A40A8E6C5C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-10-07 12:47:00.511
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8FC2A646-04D6-434A-8474-5DB62DC88ECB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-05-01 23:40:48.315
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.313.2014.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16900.4
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-10-03 20:38:53.738
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.303.624.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2020-10-04 10:37:24.520
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-04 10:37:08.667
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-04 10:37:08.621
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-04 10:31:41.788
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-04 10:31:39.745
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-04 10:31:37.719
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-04 10:31:35.688
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-04 10:31:33.668
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: LENOVO O3WKT11A 04/02/2018
Motherboard: LENOVO 36F1
Processor: Intel® Core™ i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 29%
Total physical RAM: 16290.75 MB
Available physical RAM: 11553.59 MB
Total Virtual: 32674.75 MB
Available Virtual: 27696.68 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.43 GB) (Free:458.83 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:488.28 GB) (Free:293.29 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:442.05 GB) (Free:385 GB) NTFS
 
\\?\Volume{88ef6362-d5ea-4e83-9f21-85b7754c55c7}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{4fb5cc92-2f0e-4d9b-add9-fdcc114eed1d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 8D027F42)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#5
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 358 posts

Looking over your new logs now. This will take some time, and since it's now 11:15 pm where I am, it will be tomorrow sometime before I've finished and am able to get back to you.

 

Talk to you then.


  • 0

#6
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 358 posts

Please uninstall Kaspersky Security Cloud and reboot your computer, and see if that improves the performance of your computer (it may be conflicting with Windows Defender), let me know if you're still experiencing slow browser loading.

 

So far I've found a few items in your logs that need further examination, but I haven't finished going through both logs yet, so there may be more things to look at.


  • 0

#7
sandybgood

sandybgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hello Gary, thanks for your response. I have tried to uninstall Kaspersky, but it goes through the first couple of screens, shows 'preparing for uninstall' momentarily and then does NOTHING. Kaspersky stays !


  • 0

#8
sandybgood

sandybgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Chrome is still taking approx 10-15 seconds to load


  • 0

#9
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 358 posts

If you're having trouble uninstalling Kaspersky, try this tool that Kaspersky have made for uninstalling their products ... https://support.kasp.../uninstall/1464

 

Instructions for its use can be found here ... https://support.kasp...all/1464#block2


  • 0

#10
sandybgood

sandybgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I have succeeded in uninstalling Kaspersky with instructions you provided. Here are the logs after the reboot..

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2020
Ran by SandeepandJaya (administrator) on SANDEEPANDJAYAS (LENOVO F0DX0004IN) (06-10-2020 23:17:26)
Running from C:\Users\SandeepandJaya\Desktop
Loaded Profiles: SandeepandJaya
Platform: Windows 10 Home Single Language Version 1903 18362.778 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334258.inf_amd64_aae64f31646a15d8\B334021\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334258.inf_amd64_aae64f31646a15d8\B334021\atiesrxx.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_05de635879d45aad\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_05de635879d45aad\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7591c5a0df008a8e\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7591c5a0df008a8e\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_caabc087e4b97a65\Intel_PIE_Service.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\NisSrv.exe
(PRIMAX ELECTRONICS LTD. -> ) C:\Program Files\Lenovo\Lenovo Essential Wireless Keyboard\KBOSD.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [834032 2019-02-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Lenovo Essential Wireless Keyboard OSD] => C:\Program Files\Lenovo\Lenovo Essential Wireless Keyboard\KBOSD.exe [443192 2016-11-30] (PRIMAX ELECTRONICS LTD. -> )
HKLM-x32\...\Run: [Lenovo Silver Silk Wireless Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [1742336 2013-08-15] (Lenovo) [File not signed]
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\Canon MP495 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA9.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.121\Installer\chrmstp.exe [2020-10-01] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B4EB1A5-D0A6-413C-ADB1-C1FC04F29F92} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {447CF51A-DCFC-424A-B4BE-B4F62EA60023} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {47F8F399-E4E4-4378-A0C7-CD05F5D201D9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0bb5d22a-5ef3-4cf6-9870-c631ded56263 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {4E6CC967-7AF4-404C-B280-95AED4262F02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-29] (Google LLC -> Google LLC)
Task: {5CD9566B-88F5-4BC3-AFA8-9BBDD5367B7D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\SandeepandJaya\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {990ACDA6-FC5D-4766-85F0-87AAC472D8EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1CF10AB-9B1D-474F-988D-0ACF3D3BC7BA} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A798AA55-1FE6-404D-AD0F-0F937AA90172} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [56136 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {AA218A78-8D9B-4AB4-9FC2-2C4056FBE649} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {AFD67F28-F320-4AA0-9193-3DCAF48A0423} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\cabce124-4342-4ff3-9722-d19423d54aee => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {BFC410D7-6E2A-4011-BFA5-4343E99BD99D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a1952036-7ba8-424b-a354-bd3de6d4c80c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {DF15CA29-C312-43F5-BEB9-D51E3EF68F3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-29] (Google LLC -> Google LLC)
Task: {E2A66446-65E9-4C99-B402-D77BD99C4158} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8db50ee5-aa61-4c56-ade3-c8724f649338 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
Task: {E2B5C840-2F8E-4D66-810F-175C3596D377} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [664784 2020-10-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {F0367A3C-E831-4A87-B078-B8684D2B6307} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [144312 2020-09-15] (Lenovo -> Lenovo Group Ltd.)
Task: {F30D0060-6C81-467E-8F33-30EFCACAC6AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F7BB7A8E-A7C1-4304-A129-A501601209B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3f225532-e049-4720-9ef7-b17fe07157de}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7490f3e9-20d7-46e7-9077-51830728394b}: [DhcpNameServer] 192.168.1.1
 
Edge: 
======
DownloadDir: C:\Users\SandeepandJaya\Downloads
Edge Notifications: HKU\S-1-5-21-1730742525-4092960748-1108651602-1001 -> hxxps://my.shaadi.com
Edge Profile: C:\Users\SandeepandJaya\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-02]
 
FireFox:
========
FF DefaultProfile: 3o9gu5wu.default
FF ProfilePath: C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default [2020-03-07]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default\Extensions\[email protected] [2019-05-22]
FF Extension: (Avast Online Security) - C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default\Extensions\[email protected] [2019-05-22]
FF ProfilePath: C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\08allo6n.default-release-1597514136066 [2020-10-04]
FF Homepage: Mozilla\Firefox\Profiles\08allo6n.default-release-1597514136066 -> www.economictimes.com
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default [2020-10-06]
CHR StartupUrls: Default -> "hxxps://economictimes.indiatimes.com/"
CHR Extension: (Slides) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-29]
CHR Extension: (Flash Video Downloader) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2020-07-29]
CHR Extension: (Flash Video Downloader Plus) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\alfnggielnhdpdamedeokgppcilgainm [2020-07-29]
CHR Extension: (Docs) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-29]
CHR Extension: (Google Drive) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-07-29]
CHR Extension: (YouTube) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-29]
CHR Extension: (Sheets) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-18]
CHR Extension: (Avast Online Security) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-29]
CHR Extension: (Gmail) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [602768 2019-02-19] (Dolby Laboratories, Inc. -> )
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2410672 2017-11-21] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81240 2020-07-15] (Lenovo -> Lenovo Group Ltd.)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\NisSrv.exe [2343112 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MsMpEng.exe [128360 2020-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-30] (Microsoft Corporation) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2020-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428256 2020-10-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69856 2020-10-04] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-10-06 23:17 - 2020-10-06 23:18 - 000017744 _____ C:\Users\SandeepandJaya\Desktop\FRST.txt
2020-10-04 12:58 - 2020-10-04 12:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-10-04 11:22 - 2020-10-06 23:16 - 000000000 ____D C:\Users\SandeepandJaya\Desktop\FRST-OlderVersion
2020-10-04 10:34 - 2020-10-04 10:35 - 000257904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-10-04 10:17 - 2020-10-04 10:17 - 000000085 _____ C:\WINDOWS\wininit.ini
2020-10-02 23:38 - 2020-10-02 23:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-10-02 23:38 - 2020-09-10 18:14 - 000905528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-10-02 23:38 - 2020-09-10 18:14 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-10-02 18:39 - 2020-10-02 18:40 - 000000000 ____D C:\Users\SandeepandJaya\AppData\LocalLow\BitTorrent
2020-10-02 11:12 - 2020-10-06 23:18 - 000000000 ____D C:\FRST
2020-10-02 11:05 - 2020-10-06 23:16 - 002299392 _____ (Farbar) C:\Users\SandeepandJaya\Desktop\FRST64.exe
2020-10-02 10:56 - 2020-10-02 10:56 - 000000000 ____D C:\ProgramData\WindowsPerformanceRecorder
2020-10-01 19:09 - 2020-10-01 19:20 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-10-01 18:58 - 2020-10-04 18:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-09-20 16:37 - 2020-09-20 16:40 - 016374869 _____ C:\Users\SandeepandJaya\Downloads\5476309_hq.mp4.mp4
2020-09-20 16:30 - 2020-09-20 16:43 - 141000385 _____ C:\Users\SandeepandJaya\Downloads\3341385.mp4.mp4
2020-09-20 16:22 - 2020-09-20 16:31 - 081857725 _____ C:\Users\SandeepandJaya\Downloads\2085011.mp4.mp4
2020-09-20 16:21 - 2020-09-20 16:28 - 078539780 _____ C:\Users\SandeepandJaya\Downloads\1072439.mp4.mp4
2020-09-20 16:17 - 2020-09-20 16:30 - 114888563 _____ C:\Users\SandeepandJaya\Downloads\473795.mp4.mp4
2020-09-20 16:13 - 2020-09-20 16:19 - 054352934 _____ C:\Users\SandeepandJaya\Downloads\7709035_hq.mp4.mp4
2020-09-20 16:02 - 2020-09-20 16:19 - 185218397 _____ C:\Users\SandeepandJaya\Downloads\3233347.mp4.mp4
2020-09-20 15:56 - 2020-09-20 16:01 - 114041702 _____ C:\Users\SandeepandJaya\Downloads\5633761_hq.mp4.mp4
2020-09-20 15:54 - 2020-09-20 16:00 - 044103555 _____ C:\Users\SandeepandJaya\Downloads\244690_hq.mp4.mp4
2020-09-18 23:06 - 2020-09-18 23:25 - 098220124 _____ C:\Users\SandeepandJaya\Downloads\SSS Shapely Jap milf licks, sucks tickles and [bleep]s.mp4.mp4
2020-09-18 22:59 - 2020-09-18 23:13 - 036138470 _____ C:\Users\SandeepandJaya\Downloads\1211447_hq.mp4.mp4
2020-09-18 22:54 - 2020-09-18 22:58 - 139723468 _____ C:\Users\SandeepandJaya\Downloads\200363.mp4.mp4
2020-09-18 22:52 - 2020-09-18 22:56 - 139723468 _____ C:\Users\SandeepandJaya\Downloads\1283217_hq.mp4.mp4
2020-09-18 22:50 - 2020-09-18 22:55 - 137487433 _____ C:\Users\SandeepandJaya\Downloads\1611427_hq.mp4.mp4
2020-09-18 22:48 - 2020-09-18 23:09 - 324980013 _____ C:\Users\SandeepandJaya\Downloads\280457.mp4.mp4
2020-09-17 22:58 - 2020-09-17 23:15 - 414812326 _____ C:\Users\SandeepandJaya\Downloads\1957199.mp4.mp4
2020-09-17 22:46 - 2020-09-17 22:54 - 017749815 _____ C:\Users\SandeepandJaya\Downloads\109851_hq.mp4.mp4
2020-09-10 19:39 - 2020-09-10 19:49 - 036453275 _____ C:\Users\SandeepandJaya\Downloads\1603525_hq.mp4 (1).mp4
2020-09-10 19:36 - 2020-09-10 19:46 - 036453275 _____ C:\Users\SandeepandJaya\Downloads\1603525_hq.mp4.mp4
2020-09-10 18:21 - 2020-09-10 18:21 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-09-10 18:21 - 2020-09-10 18:21 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-10-06 23:17 - 2019-03-19 10:22 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-06 23:12 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-06 23:05 - 2019-05-22 09:56 - 000000000 __SHD C:\Users\SandeepandJaya\IntelGraphicsProfiles
2020-10-06 23:04 - 2019-09-29 22:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-06 23:04 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\Registration
2020-10-06 23:04 - 2018-07-29 00:21 - 000000000 ___HD C:\Intel
2020-10-06 23:03 - 2019-03-19 10:07 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-06 23:02 - 2019-03-19 10:22 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-10-06 23:02 - 2019-03-19 10:20 - 000000000 ____D C:\WINDOWS\INF
2020-10-06 23:02 - 2019-03-19 10:07 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-10-06 23:01 - 2019-05-25 20:06 - 000000000 ____D C:\System Utilities and Cleaners
2020-10-06 22:58 - 2019-05-21 19:14 - 000000000 ____D C:\Users\SandeepandJaya\AppData\Roaming\vlc
2020-10-06 22:49 - 2019-03-19 10:07 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-10-04 18:54 - 2020-03-25 16:32 - 000025186 _____ C:\Users\SandeepandJaya\Desktop\Rkill.txt
2020-10-04 18:45 - 2020-03-07 10:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-04 15:07 - 2020-03-07 10:31 - 000000000 ____D C:\Users\SandeepandJaya\AppData\LocalLow\Mozilla
2020-10-04 14:39 - 2019-03-19 10:22 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-04 14:35 - 2020-03-07 10:31 - 000000000 ____D C:\ProgramData\Mozilla
2020-10-04 12:58 - 2020-03-07 10:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-10-04 12:30 - 2019-09-29 21:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-04 10:34 - 2020-03-25 16:44 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-10-04 10:34 - 2019-05-22 15:06 - 000000000 ____D C:\Users\SandeepandJaya\AppData\Local\AVAST Software
2020-10-04 10:34 - 2019-05-22 15:03 - 000000000 ____D C:\ProgramData\AVAST Software
2020-10-04 10:30 - 2018-04-18 00:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-04 10:17 - 2020-03-25 16:44 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-10-04 09:53 - 2020-07-13 18:19 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-04 09:53 - 2020-07-13 18:19 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-04 09:53 - 2020-07-13 18:19 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-10-01 19:23 - 2020-07-29 16:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-01 19:23 - 2020-07-29 16:19 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-01 19:23 - 2020-07-29 16:19 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-01 19:16 - 2019-05-21 19:13 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-10 18:11 - 2020-04-22 23:00 - 000517080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys.160156053964002
2020-09-09 21:55 - 2019-05-21 22:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-09-09 21:51 - 2019-05-21 22:21 - 129170736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-09-06 10:26 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\LiveKernelReports
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Here is the Addition Log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2020
Ran by SandeepandJaya (06-10-2020 23:22:21)
Running from C:\Users\SandeepandJaya\Desktop
Windows 10 Home Single Language Version 1903 18362.778 (X64) (2019-09-29 16:40:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1730742525-4092960748-1108651602-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1730742525-4092960748-1108651602-503 - Limited - Disabled)
Guest (S-1-5-21-1730742525-4092960748-1108651602-501 - Limited - Disabled)
SandeepandJaya (S-1-5-21-1730742525-4092960748-1108651602-1001 - Administrator - Enabled) => C:\Users\SandeepandJaya
WDAGUtilityAccount (S-1-5-21-1730742525-4092960748-1108651602-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2018.1004.2349.42886 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12 - Advanced Micro Devices, Inc.)
Branding64 (HKLM\...\{0568DB97-57DB-4D8F-8849-26B6940CEE6E}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - Canon Inc.)
EaseUS Tools M Beta 0.6.8 (HKLM-x32\...\D72C2F7D-B75E-4641-AFBE-199B95066617_is1) (Version:  - EaseUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.121 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1824.12.0.1140 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7927 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.7.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{3b132227-4567-48a1-9f85-0d0dad4346ee}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000090-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.90.0 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{AA90D357-23D3-44C1-954D-7105B0C08F38}) (Version: 17.7.0.1006 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{074dda6c-5a4a-455e-8a99-09de068e0771}) (Version: 21.40.1 - Intel Corporation)
Lenovo App Explorer (HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\Host App Service) (Version: 0.273.3.880 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Essential Wireless Keyboard (HKLM\...\Lenovo Essential Wireless Keyboard) (Version: 1.0 - Lenovo)
Lenovo Silver Silk Wireless Keyboard (HKLM-x32\...\{B88AD4F5-58A6-425D-9282-92228FEB7067}) (Version: 1.05 - Lenovo) Hidden
Lenovo Silver Silk Wireless Keyboard (HKLM-x32\...\InstallShield_{B88AD4F5-58A6-425D-9282-92228FEB7067}) (Version: 1.05 - Lenovo)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.29 - )
Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 81.0 (x64 en-US) (HKLM\...\Mozilla Firefox 81.0 (x64 en-US)) (Version: 81.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0.1 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
OpenBoard (1.5.4.240) (HKLM-x32\...\{8CCA6AC7-BBF9-4DD2-8E70-A907E0FCA38F}}_is1) (Version: 1.5.4.240 - Open Education Foundation)
PX Profile Update (HKLM-x32\...\{306C9EAF-031A-282C-D41A-B2A3A7CA8375}) (Version: 1.00.1. - AMD) Hidden
PX Profile Update (HKLM-x32\...\{B4870B51-34EF-200D-DEB7-2234CDE7FB7D}) (Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.32.1206.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8633 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
 
Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20201.255.0_x64__rz1tebttyb220 [2019-05-29] (Dolby Laboratories)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-07-11] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa [2020-10-02] (Apple Inc.) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2009.18.0_x64__k1h2ywk1493x8 [2020-10-02] (LENOVO INC.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-05-21] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-21] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-21] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13231.20262.0_x86__8wekyb3d8bbwe [2020-10-02] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-05] (Microsoft Corporation)
Power2Go for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.11322.0_x86__m916jedk64snt [2020-08-17] (CYBERLINKCOM CORPORATION) [Startup Task]
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.2.2520.0_x86__m916jedk64snt [2020-08-17] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-05-29] (Realtek Semiconductor Corp)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => c:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-08-07] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => c:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-08-07] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2011-11-04 00:18 - 2011-11-04 00:18 - 000056320 _____ () [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skfunc.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-06-28 14:16 - 2018-06-28 14:16 - 002552832 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-05-22 19:57 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2011-10-22 02:11 - 2011-10-22 02:11 - 000061952 _____ (LITE-ON Corp.) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skhooks.dll
2011-11-18 22:37 - 2011-11-18 22:37 - 000054272 _____ (LITE-ON TECHNOLOGY CORP.) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\SKHidKbd.dll
2020-09-14 17:25 - 2020-05-30 19:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2020-06-22 20:24 - 2020-04-09 09:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000345600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000502272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 001412608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-10-04 23:47 - 2018-10-04 23:47 - 005812224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 006321152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 001077248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000323584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 003559424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 003700224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000359936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 076160000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 005603840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000461312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000187904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 002822144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000053248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000059904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000328192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2018-06-28 14:16 - 2018-06-28 14:16 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-12 05:08 - 2018-04-12 05:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SandeepandJaya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1730742525-4092960748-1108651602-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F31F050B-4F70-4AA1-BC28-4E7E77915EB0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07450836-FB5B-4408-B439-C5E01A107B12}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B3CA2972-72E2-4725-86D8-D26354473E5E}C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [UDP Query User{53D6A307-AC23-41C2-BF6D-41C3CACD824E}C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [TCP Query User{007C1779-2F44-4D93-B059-01FF9597E86B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{7435531A-F7F5-487A-A36B-08196259219C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{88076008-40D2-4DC9-98E3-C8DC373D6E56}] => (Allow) C:\Users\SandeepandJaya\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{2B25B812-15F5-498A-BDB9-823394DBC7C3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{729D43C9-AE57-445F-AA3E-0598231A0CBF}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6A23B06B-096B-45BB-94F4-F2EA998D20B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E18059C7-C878-4FEC-9412-11973E819A08}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13231.20262.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B7E90EE-FD75-4B11-997A-F70E5487CF1A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B0260BA-B02E-4EBB-9375-0409A3CD79A3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F2449EEC-4946-4D13-A416-BA7FD30D1C52}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{351B64B1-1135-4B21-9766-528E323205DA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5830A98-4B88-425E-A23A-2082CB1AD2F6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C1465928-08D5-42A0-B2B8-4BCAB011E6C5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{44B2A2BA-DF70-4976-A1BB-93F07124598F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{530F244E-DCA8-45B0-8DC1-C0436D1F2501}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE30DADE-9FF2-4091-B3FE-8FDCF34F1EC7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A4346BB-99C8-4C4A-8D84-5FB79EB48BD4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A002C373-FDE5-49BE-A90E-5DCD7859CA1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4EBB484-4585-433C-8DDB-18CFA6B918E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
10-09-2020 18:20:24 Windows Update
14-09-2020 17:34:09 Windows Update
17-09-2020 21:19:27 Windows Update
01-10-2020 18:46:40 Windows Update
05-10-2020 22:04:53 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/06/2020 11:18:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6268,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (10/06/2020 11:03:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/06/2020 11:03:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/06/2020 11:03:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/06/2020 11:03:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/06/2020 10:55:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1312,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (10/06/2020 10:47:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11972,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (10/05/2020 10:27:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.18362.778, time stamp: 0xb8640219
Faulting module name: ntdll.dll, version: 10.0.18362.778, time stamp: 0x0c1bb301
Exception code: 0xc0000005
Fault offset: 0x00000000000072a6
Faulting process id: 0x19ec
Faulting application start time: 0x01d69b359a92b71a
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: dc714c01-9476-4ee0-b292-3dd149a45f0f
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/06/2020 11:17:08 PM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/06/2020 11:11:40 PM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server {20532D01-15BE-4BB9-A727-CA34555D881C} did not register with DCOM within the required timeout.
 
Error: (10/06/2020 11:10:08 PM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/06/2020 11:06:17 PM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/06/2020 10:39:07 PM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/06/2020 10:34:47 PM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (10/05/2020 10:27:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0831: 2020-09 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4574727).
 
Error: (10/05/2020 10:14:14 PM) (Source: DCOM) (EventID: 10010) (User: SANDEEPANDJAYAS)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2020-04-18 23:23:08.982
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3D0576CD-B53C-4F02-8DE3-A4C16EDFED82}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-10-07 14:04:56.913
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0F12D7E1-93F7-4268-8D85-601EA63ACC41}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-10-07 13:06:07.348
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A0C16B21-BC53-40DE-BD3F-53A40A8E6C5C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-10-07 12:47:00.511
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8FC2A646-04D6-434A-8474-5DB62DC88ECB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-10-06 22:50:19.363
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.325.277.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17500.4
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2020-05-01 23:40:48.315
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.313.2014.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16900.4
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-10-03 20:38:53.738
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.303.624.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2020-10-06 22:46:55.572
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-06 22:46:55.549
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-06 22:46:55.499
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-06 22:34:23.722
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-05 22:11:57.947
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-05 22:11:57.903
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-05 22:11:57.830
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-05 22:03:04.921
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: LENOVO O3WKT11A 04/02/2018
Motherboard: LENOVO 36F1
Processor: Intel® Core™ i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 25%
Total physical RAM: 16290.75 MB
Available physical RAM: 12146.45 MB
Total Virtual: 32674.75 MB
Available Virtual: 28380.5 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.43 GB) (Free:485.39 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:488.28 GB) (Free:293.29 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:442.05 GB) (Free:349.58 GB) NTFS
 
\\?\Volume{88ef6362-d5ea-4e83-9f21-85b7754c55c7}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.47 GB) NTFS
\\?\Volume{4fb5cc92-2f0e-4d9b-add9-fdcc114eed1d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 8D027F42)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

Advertisements


#11
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 358 posts

Thanks, looking over your new logs now, I'll be back as soon as I've finished.


  • 0

#12
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 358 posts

There is no  clear sign of an active infection in your latest logs, however there are a few things that need further investigation, this includes running checks on a number of files at VirusTotal. These files are not necessarily "bad" in fact they're probably not, but they each have characteristics that mean I'd like to check them to make sure .....

So ... First ...
 

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the contents of the code box below into it  ....
VirusTotal: C:\WINDOWS\system32\CNMN6PPM.DLL;C:\Users\SandeepandJaya\Downloads\5476309_hq.mp4.mp4;C:\Users\SandeepandJaya\Downloads\3341385.mp4.mp4;C:\Users\SandeepandJaya\Downloads\2085011.mp4.mp4;C:\Users\SandeepandJaya\Downloads\1072439.mp4.mp4;C:\Users\SandeepandJaya\Downloads\473795.mp4.mp4;C:\Users\SandeepandJaya\Downloads\7709035_hq.mp4.mp4;C:\Users\SandeepandJaya\Downloads\3233347.mp4.mp4;C:\Users\SandeepandJaya\Downloads\5633761_hq.mp4.mp4;C:\Users\SandeepandJaya\Downloads\244690_hq.mp4.mp4;C:\Users\SandeepandJaya\Downloads\SSS Shapely Jap milf licks, sucks tickles and [bleep]s.mp4.mp4;C:\Users\SandeepandJaya\Downloads\1211447_hq.mp4.mp4;C:\Users\SandeepandJaya\Downloads\200363.mp4.mp4;C:\Users\SandeepandJaya\Downloads\1283217_hq.mp4.mp4;C:\Users\SandeepandJaya\Downloads\1611427_hq.mp4.mp4;C:\Users\SandeepandJaya\Downloads\280457.mp4.mp4;C:\Users\SandeepandJaya\Downloads\1957199.mp4.mp4;C:\Users\SandeepandJaya\Downloads\109851_hq.mp4.mp4;C:\Users\SandeepandJaya\Downloads\1603525_hq.mp4 (1).mp4;C:\Users\SandeepandJaya\Downloads\1603525_hq.mp4.mp4
BootExecute: autocheck autochk * sdnclean64.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default\Extensions\[email protected] [2019-05-22]
FF Extension: (Avast Online Security) - C:\Users\SandeepandJaya\AppData\Roaming\Mozilla\Firefox\Profiles\3o9gu5wu.default\Extensions\[email protected] [2019-05-22]
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.)
C:\Program Files\McAfeeDashboard\McSecDashboardService.exe
2020-10-04 10:34 - 2020-03-25 16:44 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-10-04 10:34 - 2019-05-22 15:06 - 000000000 ____D C:\Users\SandeepandJaya\AppData\Local\AVAST Software
2020-10-04 10:34 - 2019-05-22 15:03 - 000000000 ____D C:\ProgramData\AVAST Software
2020-10-04 10:17 - 2020-03-25 16:44 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
FirewallRules: [TCP Query User{B3CA2972-72E2-4725-86D8-D26354473E5E}C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe => No File
FirewallRules: [UDP Query User{53D6A307-AC23-41C2-BF6D-41C3CACD824E}C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\sandeepandjaya\appdata\roaming\bittorrent\bittorrent.exe => No File
EmptyTemp:
cmd: ipconfig /flushdns
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

Did you set these in Chrome and Edge ?



CHR StartupUrls: Default -> "hxxps://economictimes.indiatimes.com/"
Edge Notifications: HKU\S-1-5-21-1730742525-4092960748-1108651602-1001 -> hxxps://my.shaadi.com


If not, please let me know and I'll script them for removal.

Next ...

Please remove the following Chrome Extensions ...
 

CHR Extension: (Avast Online Security) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\SandeepandJaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]


See ... https://www.timeatla...ome-extensions/ ... for details of how to do this.

Finally ...

There are signs that Avast has not been fully removed from your computer, so I'd like to run a Search to find any orphans that remain, and which need to be removed.
 

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

SearchAll: Avast

  • Press the Search Files button and FRST will search for any files, folders, and registry keys and values that contain Avast. This may take a while.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.

 

 


  • 0

#13
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 358 posts

It's now 4 days since I last posted, if you're having problems please let me know.

 

If I have not heard back from you by tomorrow I will assume you no longer need my help, and will close ths topic.


  • 0

#14
sandybgood

sandybgood

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Dear Gary, Apologies but I have been snowed under at work in the last few days. I am a B-School MBA faculty and have had to teach back to back full day lectures including a 8 hours live online class today...Sunday. (I teach my classes off my campus laptop on Teams). Please allow me a few days to execute the instructions you have shared.


  • 0

#15
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 358 posts

No problem, I understand how hectic things can get sometimes. Post when you're ready.

 

If you're having similar problems in future, just let me know, it will prevent any misunderstandings.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Virus, Slowdown, Screen, Stuck

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP