Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Connected to router, no internet.

Started by Wafna , Mar 01 2021 12:40 AM

  • Please log in to reply

#1
Wafna
Posted 01 March 2021 - 12:40 AM

Wafna

    Member

  • Member
  • PipPip
  • 71 posts
Other systems (cell phone, 2nd laptop, PS4, various smart TVs) on the network have internet, just not a laptop of mine. I've tried flushing the DNS Cache with no luck. Rebooted the router, still no dice. Tried updating NIC drivers "automagically" but with no net connection, windows said the drivers were up to date.

Checking /ipconfig, I noticed that the ethernet adapter, Wireless LAN adapter Local Area Connection* (both 12 and 13 as separate instances) all show "Media disconnected" with no connection-specific DNS suffix.

wireless LAN Adapter Wi-fi has no dns suffix, but is listing IPv6 address, Temp IPv6, link-local IPv6, auto-config IPv4 address, subnet mask and degault gateway.

Attempting to release the IP address in case there's a conflicting address resulted in a string of errors: No operation can be performed on (ethernet/Local Area Connection* 12/ LAC*13) while it has it's media disconnected; also that an error occured while releasing interface wi-fi: "an address has not yet been associated with the network endpoint"

Working with:
Lenovo Ideapad 110-15 ACL,
Windows 10 Home, 64 bit, Version 1909; was up-to-date on security and whatnot as of a month or so ago when the problem first showed up.

Many thanks in advance for your help!
  • 0

Advertisements

#2
RKinner
Posted 01 March 2021 - 07:22 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type: (I use two spaces so you can be sure to see where one space goes.)

sc  start  dhcp

Should say: [SC] StartService FAILED 1056:

An instance of the service is already running.

Does it? If not exactly what does it say?

sc  start  dns

Should be the same as above.  Is it?

ipconfig  /all

 

 

What does it say for the IP Address, Subnet Mask and Default Gateway, DHCP server, DNS Server(s) for the wireless?  I am assuming you are trying to connect with WiFi.
 

DISM  /Online  /Cleanup-Image  /RestoreHealth

Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 

sfc  /scannow

 




This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

Which do you get?

 

Reboot.

 

Repeat the ipconfig /all  command and report any changes.  If still no connectivity:

netsh  winsock  reset 
 netsh  int  ipv4  reset  reset.log

Reboot

 

If still no connectivity.  Search for

device manager

hit Enter

Click on the arrow in front of Network Adapters to open it up.  Find your Wireless Adapter and right click on it and  Uninstall Device.  Do not let it remove any drivers.  Reboot.

 

Check connectivity and ipconfig /all 

 

Any changes?

 

 

If not:  Search for

control panel

hit Enter

View By: Large Icons

Internet Options

Click on Connections tab

Click on LAN  Settings

 

Uncheck All boxes.  OK.

 

Reboot.  Recheck the above.  Are any boxes checked?

 

 



 


  • 0

#3
Wafna
Posted 01 March 2021 - 11:52 PM

Wafna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Thanks for the reply, RKinner!

DHCP was as you predicted.

sc  start  dns
Should be the same as above.  Is it?

It was not: I recieved "OpenService FAILED 1060:
The specified Service does not exist as an installed service."

What does it say for the
IP Address, [IPv4 192.168.0.7(preferred), I can go back and get IPv6 if you want.]
Subnet Mask [255.255.255.0] and Default Gateway [fe80::226:86ff:fe7a:fbe9%3]
DHCP server, [192.168.0.1]
DNS Server(s) [68.105.28.11], [68.105.29.11],[68.105.28.12], [2001:578:3f::30], [2001:578::3f:1::30]
for the wireless?  I am assuming you are trying to connect with WiFi. (You are correct.)

" 'DSIM' is not recognised as an internal or external command, operable program or batch file."



Proceed with the sfc scan without the DSIM cleanup? Or do something about the 'not an installed service' error? (Sorry I'm on the west coast, clearly I need to update my profile.)
  • 0

#4
RKinner
Posted 02 March 2021 - 04:41 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I see I had a typo on the "sc start dns"

 

It should read

sc  start  dnscache

It looks like you typed DSIM instead of DISM which is why it didn't work.  Please try again.  Note:  You can copy the line then move to Command Prompt and right click then paste (or on some systems Edit then Paste) and the copied line will appear without retyping.  Then just press Enter.

 

 

If you can't get a line to work just skip to the next one.

 

What I can see so far is that you have a valid IP address, mask & gateway so DHCP is working.

 

Your DNS server looks a bit odd if you are on the West Coast.  Seems to be located in Florida.  68.105.28.11 does not work as a DNS for me but that doesn't prove anything since I'm not on their network.  

 

Let's add another line to test the DNS:

nslookup  f1.com

(That's F ONE dot COM)  This gives me:

 

 
Non-authoritative answer:
Name:    f1.com
Addresses:  67.199.248.12
          67.199.248.13

 

 

 
(I'm leaving off the top two lines which are site specific)
 
You should get the same answer.  Do you?
 
If you don't then:
 
nslookup
server 8.8.8.8
f1.com

Should look like this:


C:\WINDOWS\system32>nslookup
Default Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
> server 8.8.8.8
Default Server:  dns.google
Address:  8.8.8.8
 
> f1.com
Server:  dns.google
Address:  8.8.8.8
 
Non-authoritative answer:
Name:    f1.com
Addresses:  67.199.248.13
          67.199.248.12
 
> exit
 

 

 

 

If the second method works and the first doesn't then you have a bad DNS.  Try setting a manual DNS:

 

https://www.windowsc...ings-windows-10

 

use 8.8.8.8 and 4.2.2.1


  • 0

#5
Wafna
Posted 04 March 2021 - 01:33 AM

Wafna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Copy-pasting is tough when the disconnected laptop doesn't connect to the forums... so it's all manual input, reading off a 2nd laptop and typing on the broken one. Sorry about my typo.

 

I'll start from the top of your first post with the corrected inputs.

 

DHCP and DNScache returned expected results.

ran the DISM tool, but it came up with Error 87: Cleanup option is unknown. It gave me a log file location and suggested running the DISM exe to access the help file.

 

sfc /scannow returned that Resource Protection found no integrity violations.

 

(Rebooted)

 

No connectivity after reboot, no changes to ipconfig /all.

 

Winsock Catalogue reset was successful, but requested a reboot to complete the reset, I proceeded to the next line anyway, since you instructed to reboot then.

int ipv4 reset seemed to be ok, it returned a number of "ok" results, until the 5th iteration of "Resetting , " which came back with a failure, followed by "access is denied.", and 7 more iterations of "Resetting , " which were OK.

(rebooted)
No connectivity, uninstalled wireless NIC.

 

(rebooted)
no connectivity, ipconfig /all shows Wireless LAN adapter is now Media Disconnected, with no IP addresses etc. Which isn't surprising since I just uninstalled it, right?

Unchecked LAN boxes under the Connections tab.

(rebooted)

No connectivity, no boxes re-checked.

 

Re:Florida, I'm not running a VPN at the moment, so maybe the local ISP is doing something funny? 

f1.com returned the expected results.

 

I'll proceed with attempting to set a manual DNS, and reply here with the results.
Do I need to reinstall the NIC, or did that happen automagically when I rebooted?


  • 0

#6
Wafna
Posted 04 March 2021 - 01:45 AM

Wafna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Followed the directions for the Command Line access to manually set the DNS, and it "connected to the internet" right away. However, websites are taking too long to respond and not loading. Like, Google didn't respond, which should be pretty quick since 8.8.8.8 is one of their public DNS servers, right?


Edited by Wafna, 04 March 2021 - 01:53 AM.

  • 0

#7
RKinner
Posted 04 March 2021 - 04:40 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Glad something worked.  Let's run FRST so I can see what is going on.  (I will have to get one of the admin types to move your post to our Malware Forum since I'm not supposed to run FRST anywhere but there but that should be transparent to you.)

 


  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Smart Screen, Windows Defender and Avast have all been blocking FRST recently.  It's a false positive so pause your antivirus when downloading or running FRST.  If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.


 


  • 0

#8
Wafna
Posted 05 March 2021 - 12:01 AM

Wafna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Here's the Farbar scan files.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by Bill (administrator) on WAFNAFINCA (LENOVO 80TJ) (04-03-2021 21:45:44)
Running from F:\
Loaded Profiles: Bill
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Bill\AppData\Roaming\uTorrent\updates\3.5.5_45852\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\CCSDK\CCSDKUpdateAgent.exe
(LENOVO -> Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MpCmdRun.exe <2>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Bill\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16735744 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029064 2016-12-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Run: [uTorrent] => C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe [2142936 2020-12-21] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Run: [Opera Browser Assistant] => C:\Users\Bill\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-24] (Opera Software AS -> Opera Software)
HKLM\...\Print\Monitors\HP BC11 Status Monitor: C:\WINDOWS\system32\hpinkstsBC11LM.dll [329576 2012-04-02] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\WINDOWS\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04412891-24BC-4138-B241-9ACBB5B10BD1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ba3e974b-7a54-4d01-9b35-5642074231e5 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {0B9E4782-3F11-4BD9-B502-ACB8C8DDB50F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0D01D7CF-0142-4E3A-8CDA-44DDE5E68B0A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [190744 2016-10-07] (CyberLink Corp. -> CyberLink)
Task: {125D2278-CFDB-4F9B-9A81-3738DF7F4082} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {128AEEA2-FA81-4CC0-B80B-6639618A482E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\70f1a305-0974-46c4-81b9-a832b5d80daf => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {1F3CFE37-7A3D-4008-92E1-A38238D2920D} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-07-14] (CyberLink Corp. -> CyberLink Corp.)
Task: {1F63ECA0-3DC8-4C71-84BD-9A845C9CE4B6} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {428E159E-C567-4192-B35A-B507EF56DB81} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe
Task: {4306E8EE-D875-4E21-8AD2-6CF06E2B86A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {505C736C-43A3-4950-A4AD-169F7968A0CC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [347416 2016-09-20] (CyberLink Corp. -> CyberLink Corp.)
Task: {5B32D5FD-7F77-4BC0-B5F7-4C15E8668D0D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1476b519-d184-4f7a-9639-ac6abb60e632 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {7161AC20-430F-490E-9004-D314D1D38F49} - System32\Tasks\Opera scheduled assistant Autoupdate 1602450481 => C:\Users\Bill\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-05] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Bill\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {71DF2009-9FD8-4B03-BDD1-EE40C0276588} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7dde65bf-09bf-4af8-be6a-488d904ac14a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {83AB5A5A-3768-481A-9979-3F5875BFF45A} - System32\Tasks\App Explorer => C:\Users\Bill\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7949992 2020-09-04] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {863EFABC-F3FE-490D-915E-11A545A1245B} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {8EF39545-6CAB-48E6-8BBA-760B4B6E0A84} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {912F49DB-15A7-4E3D-B991-F2D73DA1D7B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {985E9A96-5B7A-42AA-8857-01DB5DA9FEB7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A396DD8D-1D0E-4C7E-9BC0-CDEECE6432CA} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {A3F065C0-3BFD-47C0-B5F5-35C1035099BA} - System32\Tasks\GoogleUpdateTaskMachineCore1d577d8762cc324 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {A9E6EAA3-31FB-41FB-9340-2DD4077F7FB3} - System32\Tasks\GoogleUpdateTaskMachineUA1d577d876fd0f06 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {B02115C7-7BF7-41D2-A3DB-C97460DBAE5D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {BE7E0F4A-5C05-49F3-A56E-52388FCEBD6F} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\ScheduleEventAction.exe [24408 2020-11-05] (Lenovo -> Lenovo Group Ltd.)
Task: {D066E7FF-C582-440E-8C49-FC05B23CBA00} - System32\Tasks\Opera scheduled Autoupdate 1602450444 => C:\Users\Bill\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-05] (Opera Software AS -> Opera Software)
Task: {D08A6BAB-F153-4FD0-ABDC-DEC2F67B7AC1} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [144312 2020-09-15] (Lenovo -> Lenovo Group Ltd.)
Task: {E7B6FACF-DCB0-4669-ABE0-529E742E026E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F21BC763-6A7A-401E-814A-337A9B1CAB8B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62280 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {FF18E6DB-F8D9-4B4A-A3E6-6C43D51FFFF1} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0f40e668-a797-4afa-99ef-56ed6e63d747}: [NameServer] 8.8.8.8,4.2.2.1
Tcpip\..\Interfaces\{0f40e668-a797-4afa-99ef-56ed6e63d747}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Edge: 
=======
DownloadDir: C:\Users\Bill\Downloads
Edge Notifications: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> hxxps://www.youtube.com
Edge Profile: C:\Users\Bill\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-06]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-06-11] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2020-12-07]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://ijbhodgieeokalkdiehlkbekkfobohgd/newtab/quicknewtabpage.html"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-03]
CHR Extension: (Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-03]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-03]
CHR Extension: (YouTube Music) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2020-05-18]
CHR Extension: (Sheets) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Track My Package) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbhodgieeokalkdiehlkbekkfobohgd [2018-11-09]
CHR Extension: (Disney+) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbjafbmjpcimpkkihihoideiofnoalmh [2019-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
Opera: 
=======
OPR Profile: C:\Users\Bill\AppData\Roaming\Opera Software\Opera Stable [2021-03-04]
OPR Notifications: Opera Stable -> hxxps://app.slack.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Bill\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-25]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\LenovoVantageService.exe [29520 2020-11-05] (Lenovo -> Lenovo Group Ltd.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [947280 2020-06-11] (McAfee, LLC -> McAfee, LLC)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1356872 2019-11-13] (McAfee, LLC. -> McAfee, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AQFileRestore; C:\WINDOWS\System32\DRIVERS\AQFileRestore.sys [21008 2013-03-06] (Avanquest North America Inc. -> )
S3 MpKsl4ecfc8ad; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5A02A22-F607-4E48-AA84-EE85B657569F}\MpKslDrv.sys [91376 2021-01-20] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslf9b7ea3a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5A02A22-F607-4E48-AA84-EE85B657569F}\MpKslDrv.sys [91376 2021-01-20] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-03-03 23:26 - 2021-03-04 21:28 - 000000000 ____D C:\Users\Bill\AppData\LocalLow\uTorrent
2021-02-28 00:44 - 2021-02-28 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{E6F67BE4-0486-4A0C-AAEF-9B6F3FE4C745}
2021-02-26 01:13 - 2021-02-26 01:13 - 000000000 _____ C:\Users\Bill\AppData\Local\{A4CC12BE-8D91-4277-B4D4-C92D06C59722}
2021-02-25 00:44 - 2021-02-25 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{87B047B3-45E8-4752-9873-2F68E5AD6A48}
2021-02-23 01:13 - 2021-02-23 01:13 - 000000000 _____ C:\Users\Bill\AppData\Local\{874F44C6-BA94-4E63-B606-2E990B65E529}
2021-02-22 00:44 - 2021-02-22 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{82766F52-5FF2-459C-9262-508855615D52}
2021-02-20 01:13 - 2021-02-20 01:13 - 000000000 _____ C:\Users\Bill\AppData\Local\{DE1705CE-D04F-4140-A427-BBE96784712B}
2021-02-19 00:44 - 2021-02-19 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{AEB668B4-B64F-4F92-9259-B0A37B8DACC3}
2021-02-18 00:44 - 2021-02-18 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{990E0723-0F61-4385-8F35-879297D37975}
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-03-04 21:49 - 2019-07-07 08:02 - 000000000 ____D C:\Users\Bill\AppData\Roaming\uTorrent
2021-03-04 21:47 - 2019-10-11 13:02 - 000000000 ____D C:\FRST
2021-03-04 21:43 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-04 21:27 - 2020-06-20 19:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-04 21:26 - 2019-03-18 20:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-04 21:26 - 2017-08-28 16:47 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-03-04 21:24 - 2020-06-20 18:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-04 18:30 - 2020-06-20 19:07 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D592D06A-5E9D-4972-914E-084C4C3AA140}
2021-03-04 16:47 - 2018-06-13 16:54 - 000000000 ____D C:\Users\Bill\AppData\Local\Host App Service
2021-03-03 23:21 - 2020-06-20 18:49 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-03 23:21 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-28 23:41 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-28 23:39 - 2020-09-03 19:47 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Zoom
2021-02-28 23:37 - 2019-06-08 17:02 - 000000000 ____D C:\Users\Bill\AppData\Roaming\vlc
2021-02-28 21:56 - 2020-06-20 18:34 - 000000000 ____D C:\Users\Bill
2021-02-27 01:38 - 2021-01-24 22:16 - 000000000 ____D C:\Users\Bill\AppData\Local\ElevatedDiagnostics
2021-02-05 23:39 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories ========
 
2019-06-05 11:04 - 2019-06-05 11:04 - 000000017 _____ () C:\Users\Bill\AppData\Local\resmon.resmoncfg
2021-02-22 00:44 - 2021-02-22 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{82766F52-5FF2-459C-9262-508855615D52}
2021-02-23 01:13 - 2021-02-23 01:13 - 000000000 _____ () C:\Users\Bill\AppData\Local\{874F44C6-BA94-4E63-B606-2E990B65E529}
2021-02-25 00:44 - 2021-02-25 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{87B047B3-45E8-4752-9873-2F68E5AD6A48}
2021-02-18 00:44 - 2021-02-18 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{990E0723-0F61-4385-8F35-879297D37975}
2021-02-26 01:13 - 2021-02-26 01:13 - 000000000 _____ () C:\Users\Bill\AppData\Local\{A4CC12BE-8D91-4277-B4D4-C92D06C59722}
2021-02-19 00:44 - 2021-02-19 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{AEB668B4-B64F-4F92-9259-B0A37B8DACC3}
2021-02-20 01:13 - 2021-02-20 01:13 - 000000000 _____ () C:\Users\Bill\AppData\Local\{DE1705CE-D04F-4140-A427-BBE96784712B}
2021-02-28 00:44 - 2021-02-28 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{E6F67BE4-0486-4A0C-AAEF-9B6F3FE4C745}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Bill (04-03-2021 21:50:46)
Running from F:\
Windows 10 Home Version 1909 18363.1316 (X64) (2020-06-21 03:09:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1122014046-1530283893-1328058983-500 - Administrator - Disabled)
Bill (S-1-5-21-1122014046-1530283893-1328058983-1003 - Administrator - Enabled) => C:\Users\Bill
DefaultAccount (S-1-5-21-1122014046-1530283893-1328058983-503 - Limited - Disabled)
Guest (S-1-5-21-1122014046-1530283893-1328058983-501 - Limited - Disabled)
hogsp (S-1-5-21-1122014046-1530283893-1328058983-1001 - Administrator - Enabled) => C:\Users\hogsp
WDAGUtilityAccount (S-1-5-21-1122014046-1530283893-1328058983-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{DB929D3C-5DF3-95A0-456F-403306EE69B6}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5F16D84E-851C-29BB-3CBE-A480DBAE3A09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{13D096A7-D644-944F-F99D-82A17015AAE0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{EE08C0D5-792F-B256-A499-ECEC56915562}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{37F9C96B-294A-D6A7-183D-930C8A2F5D68}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DAC91F38-7D04-90FC-19CB-AC1C608012ED}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{40E57BA2-6029-7A5D-A2BE-7D47039159D0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{7A54ECFD-70B7-08DF-D581-8CD04B4CDA09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0F8A189-4C96-0179-ACEE-A98F618FD472}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{60694907-C4DE-A4AE-8DD0-E2E50E3A9C14}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{592C6F67-5D6B-8E34-90B9-2E9D44FC537B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{06B55CAD-9FF0-EE80-954C-32FA86AED3BF}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{3B613BFA-C0AC-5FBF-29B1-3C362DFE417B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3364BA9-283A-2B4C-2DED-90C284A54B8D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{6E30A3B3-5427-9D91-5878-BD61820C5671}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{1E282415-8F60-005E-58C2-8FA7A7A391FB}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{8384ACC1-D00D-3818-8C45-E41E3C3FC6F9}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{DA4880B9-F477-386C-B07D-E13A7F4565C4}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{0FEDC0A5-8ED6-1A59-78A4-35E82784E3E0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3BF8C0EC-3127-F42D-78B7-7C5C9E682657}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{3F6354FB-8E86-4BEF-A53F-141D1493EE6D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Kindle Create (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Kindle Create) (Version: 1.38.37.0 - Amazon)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo App Explorer (HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Host App Service) (Version: 0.273.4.172 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.4.16.0 - Lenovo Group Ltd.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.109 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 - Mojang)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation)
OpenOffice 4.1.7 Language Pack (English) (HKLM-x32\...\{307DADC3-1571-4391-95FB-11FD2A73D6E0}) (Version: 4.17.9800 - Apache Software Foundation)
Opera Stable 73.0.3856.329 (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Opera 73.0.3856.329) (Version: 73.0.3856.329 - Opera Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Checkbook HD -> C:\Program Files\WindowsApps\iBearLLC.CheckbookHD_1.0.1.24_x64__pyxe037ww88ja [2017-09-01] (iBear LLC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-08-28] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2011.20.0_x64__k1h2ywk1493x8 [2020-11-26] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.8.12113.0_x64__8wekyb3d8bbwe [2021-01-08] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
MobileDiscord PTB -> C:\Program Files\WindowsApps\11359TimothyLiang.MobileDiscordPTB_1.1.7.0_x64__x50kx86and41j [2019-05-21] (Timothy Liang)
PDF Reader - View, Edit, Share -> C:\Program Files\WindowsApps\0D9A1B2D.PDFReaderUWP_1.11.0.0_x64__jhretta7p24aw [2020-11-18] (Kdan Mobile Software Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-11] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
ContextMenuHandlers4: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-16] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Bill\Desktop\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
 
==================== Loaded Modules (Whitelisted) =============
 
2016-06-29 18:13 - 2016-06-29 18:13 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-12-29 23:45 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2020-06-20 19:21 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> DefaultScope {C2D675D5-F7B8-4FCF-930A-DCEC2DE6332F} URL = 
SearchScopes: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> {C2D675D5-F7B8-4FCF-930A-DCEC2DE6332F} URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-06-11] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-06-11] (McAfee, LLC -> McAfee, LLC)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 03:47 - 2016-07-16 03:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 8.8.8.8 - 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EE64224A-5E83-49CE-9627-BF8061046D31}] => (Allow) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B41F501C-260B-4E9E-BC8B-5A2668457803}] => (Allow) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CCAE9208-600C-47D2-A2D3-216686CA70D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{0545FF5F-8239-477C-8C0E-EF5179531532}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{8B1EF3E7-EDA2-488F-AC78-9BBDF3AFE14B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{C5B109DB-A4DA-409D-A49D-83B287BD8FAA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{6F5BAF2B-F0AB-4FE4-B28F-87A1B2EB9C06}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F80157A6-5134-42FE-BEE5-0393B9A05BEE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{4A4BEB17-5908-4241-96F9-FAFD1A3646C9}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{443D41B2-980E-49A0-8A7F-403411B44938}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9333D96B-683A-4D19-A1A0-E593FFCAAE5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8AC95417-3A08-442F-AB06-9D7E55C0D733}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{176C77FE-F7F4-4448-B335-95C5EA3E2C3C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{055F68B6-A0C7-4E2B-87A3-18843AE8DFE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{19672D66-F5AF-46BE-872F-2B25F642A803}] => (Allow) C:\Users\Bill\AppData\Local\Temp\7zS3B65\HP.EasyStart.exe => No File
FirewallRules: [{8325C4CD-D605-45E3-B810-60DB5FEF1A9B}] => (Allow) C:\Program Files\iTunes\iTunes.exe => No File
FirewallRules: [{628F320B-28EF-413A-8893-78C1CA07EC57}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{86D86FB5-E6A7-4867-BDA2-482BCCB36E87}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{583C044D-FAC7-4C72-B48A-D855C382F52C}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{66827E1B-2A0D-408D-8053-7645861F7781}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Block) C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [UDP Query User{880AD327-6878-4A84-8FED-C21AE2DF5AAB}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Block) C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [TCP Query User{D610A114-0B6B-4381-911A-0DCB28BDAC66}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{10AD39FE-4A63-4AF1-9B8C-1CD7975FB806}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{FF198961-A67F-465C-94A5-231F0563E650}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{5CC25685-D18C-47AB-B82E-A12D907D761A}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [{12F08132-AE67-4E0C-8C5C-5F74A81A8DC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E19529CF-0BBB-4021-8B71-317076A31EB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3ADCD76C-B00C-48A7-B7AA-3CA0FE939727}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{48E17121-9BF0-4E1A-A726-FE9BDFA7E3EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{76B01ED0-A0C8-41E3-832E-6F492FF32AF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3392EEA0-501E-4374-8A06-F27C09C686F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CA995C1B-55EE-4DA4-9994-9628FD027F31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{870DB8C2-4266-430A-9D8D-D06A8B059F40}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4702B7FB-9B51-4099-81F1-6C562B37033B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E97C6C2-DC7D-47CD-BE21-DB7060060548}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E153186-4238-47AC-B865-30F45C8C2D1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A941C41B-CC11-4044-B7F3-0AB219D02388}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3B53591-09C4-4970-961F-7D3083EDBC4A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0E5B540E-9A02-4C0C-B289-7DE71EF1602A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B6E12C10-2D94-48F7-8449-0A7594209AC9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{915018EF-5462-49EF-A704-C485AF06365F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C5F75F58-C770-4733-83D6-2CFE28F1B243}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F8F0D5E5-2ABF-42B5-8C5B-DD45CC27C11A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{2AC84A23-C1D4-47B6-8281-32F0BCCD40F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
 
==================== Restore Points =========================
 
12-02-2021 15:41:51 Scheduled Checkpoint
04-03-2021 09:22:46 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/04/2021 09:48:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9168,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (03/04/2021 09:38:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4028,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (03/04/2021 09:26:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (03/04/2021 09:26:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (03/04/2021 09:26:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (03/04/2021 09:26:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (03/04/2021 05:20:48 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8492,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (03/04/2021 03:31:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9104,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
 
System errors:
=============
Error: (03/04/2021 09:32:48 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 09:28:21 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 09:26:11 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (03/04/2021 08:36:57 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 07:36:15 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 07:30:13 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 06:33:29 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 05:34:29 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2021-02-28 09:38:02.541
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-02-27 07:38:01.746
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-02-26 05:38:00.509
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-02-25 03:37:59.568
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-02-24 01:37:58.969
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-04 21:46:52.937
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-04 21:46:52.935
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-04 21:46:52.933
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-04 21:45:48.938
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-04 21:45:48.933
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
==================== Memory info =========================== 
 
BIOS: Lenovo 1QCN32WW 08/18/2016
Motherboard: LENOVO Nano 5A8
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 69%
Total physical RAM: 3490.6 MB
Available physical RAM: 1059.01 MB
Total Virtual: 7842.6 MB
Available Virtual: 4988.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:421.72 GB) (Free:49.44 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.65 GB) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive f: (Lexar) (Removable) (Total:59.61 GB) (Free:59.21 GB) FAT32
 
\\?\Volume{fffa446e-bbc3-470c-bdda-07cab47dc692}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{9e3476dd-c963-469d-aa8f-4bc29e9838d9}\ (LENOVO_PART) (Fixed) (Total:16.82 GB) (Free:6.24 GB) NTFS
\\?\Volume{840cf185-c678-4fc9-8a86-f21efa62129e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F73B760)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 59.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#9
RKinner
Posted 05 March 2021 - 09:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   7.21KB   173 downloads

Run FRST and press Fix  (I'm cleaning up deadwood and am going to let it run DISM since you couldn't get it to work and there are a few windows services which aren't working correctly.  Will take about 25 minutes to complete so be patient.  It will reboot when done.)

 
A fix log will be generated please post that


Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.



 


  • 0

#10
Wafna
Posted 06 March 2021 - 12:20 AM

Wafna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Here's the additional log from the first Farbar scan; it was in the last reply, but I get that it can be a wall of text sometimes.
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Bill (04-03-2021 21:50:46)
Running from F:\
Windows 10 Home Version 1909 18363.1316 (X64) (2020-06-21 03:09:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1122014046-1530283893-1328058983-500 - Administrator - Disabled)
Bill (S-1-5-21-1122014046-1530283893-1328058983-1003 - Administrator - Enabled) => C:\Users\Bill
DefaultAccount (S-1-5-21-1122014046-1530283893-1328058983-503 - Limited - Disabled)
Guest (S-1-5-21-1122014046-1530283893-1328058983-501 - Limited - Disabled)
hogsp (S-1-5-21-1122014046-1530283893-1328058983-1001 - Administrator - Enabled) => C:\Users\hogsp
WDAGUtilityAccount (S-1-5-21-1122014046-1530283893-1328058983-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{DB929D3C-5DF3-95A0-456F-403306EE69B6}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5F16D84E-851C-29BB-3CBE-A480DBAE3A09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{13D096A7-D644-944F-F99D-82A17015AAE0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{EE08C0D5-792F-B256-A499-ECEC56915562}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{37F9C96B-294A-D6A7-183D-930C8A2F5D68}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DAC91F38-7D04-90FC-19CB-AC1C608012ED}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{40E57BA2-6029-7A5D-A2BE-7D47039159D0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{7A54ECFD-70B7-08DF-D581-8CD04B4CDA09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0F8A189-4C96-0179-ACEE-A98F618FD472}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{60694907-C4DE-A4AE-8DD0-E2E50E3A9C14}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{592C6F67-5D6B-8E34-90B9-2E9D44FC537B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{06B55CAD-9FF0-EE80-954C-32FA86AED3BF}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{3B613BFA-C0AC-5FBF-29B1-3C362DFE417B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3364BA9-283A-2B4C-2DED-90C284A54B8D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{6E30A3B3-5427-9D91-5878-BD61820C5671}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{1E282415-8F60-005E-58C2-8FA7A7A391FB}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{8384ACC1-D00D-3818-8C45-E41E3C3FC6F9}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{DA4880B9-F477-386C-B07D-E13A7F4565C4}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{0FEDC0A5-8ED6-1A59-78A4-35E82784E3E0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3BF8C0EC-3127-F42D-78B7-7C5C9E682657}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{3F6354FB-8E86-4BEF-A53F-141D1493EE6D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Kindle Create (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Kindle Create) (Version: 1.38.37.0 - Amazon)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo App Explorer (HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Host App Service) (Version: 0.273.4.172 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.4.16.0 - Lenovo Group Ltd.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.109 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 - Mojang)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation)
OpenOffice 4.1.7 Language Pack (English) (HKLM-x32\...\{307DADC3-1571-4391-95FB-11FD2A73D6E0}) (Version: 4.17.9800 - Apache Software Foundation)
Opera Stable 73.0.3856.329 (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Opera 73.0.3856.329) (Version: 73.0.3856.329 - Opera Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Checkbook HD -> C:\Program Files\WindowsApps\iBearLLC.CheckbookHD_1.0.1.24_x64__pyxe037ww88ja [2017-09-01] (iBear LLC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-08-28] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2011.20.0_x64__k1h2ywk1493x8 [2020-11-26] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.8.12113.0_x64__8wekyb3d8bbwe [2021-01-08] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
MobileDiscord PTB -> C:\Program Files\WindowsApps\11359TimothyLiang.MobileDiscordPTB_1.1.7.0_x64__x50kx86and41j [2019-05-21] (Timothy Liang)
PDF Reader - View, Edit, Share -> C:\Program Files\WindowsApps\0D9A1B2D.PDFReaderUWP_1.11.0.0_x64__jhretta7p24aw [2020-11-18] (Kdan Mobile Software Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-11] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
ContextMenuHandlers4: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-16] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Bill\Desktop\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
 
==================== Loaded Modules (Whitelisted) =============
 
2016-06-29 18:13 - 2016-06-29 18:13 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-12-29 23:45 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2020-06-20 19:21 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> DefaultScope {C2D675D5-F7B8-4FCF-930A-DCEC2DE6332F} URL = 
SearchScopes: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> {C2D675D5-F7B8-4FCF-930A-DCEC2DE6332F} URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-06-11] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-06-11] (McAfee, LLC -> McAfee, LLC)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 03:47 - 2016-07-16 03:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 8.8.8.8 - 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EE64224A-5E83-49CE-9627-BF8061046D31}] => (Allow) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B41F501C-260B-4E9E-BC8B-5A2668457803}] => (Allow) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CCAE9208-600C-47D2-A2D3-216686CA70D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{0545FF5F-8239-477C-8C0E-EF5179531532}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{8B1EF3E7-EDA2-488F-AC78-9BBDF3AFE14B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{C5B109DB-A4DA-409D-A49D-83B287BD8FAA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{6F5BAF2B-F0AB-4FE4-B28F-87A1B2EB9C06}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F80157A6-5134-42FE-BEE5-0393B9A05BEE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{4A4BEB17-5908-4241-96F9-FAFD1A3646C9}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{443D41B2-980E-49A0-8A7F-403411B44938}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9333D96B-683A-4D19-A1A0-E593FFCAAE5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8AC95417-3A08-442F-AB06-9D7E55C0D733}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{176C77FE-F7F4-4448-B335-95C5EA3E2C3C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{055F68B6-A0C7-4E2B-87A3-18843AE8DFE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{19672D66-F5AF-46BE-872F-2B25F642A803}] => (Allow) C:\Users\Bill\AppData\Local\Temp\7zS3B65\HP.EasyStart.exe => No File
FirewallRules: [{8325C4CD-D605-45E3-B810-60DB5FEF1A9B}] => (Allow) C:\Program Files\iTunes\iTunes.exe => No File
FirewallRules: [{628F320B-28EF-413A-8893-78C1CA07EC57}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{86D86FB5-E6A7-4867-BDA2-482BCCB36E87}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{583C044D-FAC7-4C72-B48A-D855C382F52C}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{66827E1B-2A0D-408D-8053-7645861F7781}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Block) C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [UDP Query User{880AD327-6878-4A84-8FED-C21AE2DF5AAB}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Block) C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [TCP Query User{D610A114-0B6B-4381-911A-0DCB28BDAC66}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{10AD39FE-4A63-4AF1-9B8C-1CD7975FB806}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{FF198961-A67F-465C-94A5-231F0563E650}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{5CC25685-D18C-47AB-B82E-A12D907D761A}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [{12F08132-AE67-4E0C-8C5C-5F74A81A8DC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E19529CF-0BBB-4021-8B71-317076A31EB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3ADCD76C-B00C-48A7-B7AA-3CA0FE939727}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{48E17121-9BF0-4E1A-A726-FE9BDFA7E3EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{76B01ED0-A0C8-41E3-832E-6F492FF32AF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3392EEA0-501E-4374-8A06-F27C09C686F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CA995C1B-55EE-4DA4-9994-9628FD027F31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{870DB8C2-4266-430A-9D8D-D06A8B059F40}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4702B7FB-9B51-4099-81F1-6C562B37033B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E97C6C2-DC7D-47CD-BE21-DB7060060548}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E153186-4238-47AC-B865-30F45C8C2D1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A941C41B-CC11-4044-B7F3-0AB219D02388}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3B53591-09C4-4970-961F-7D3083EDBC4A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0E5B540E-9A02-4C0C-B289-7DE71EF1602A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B6E12C10-2D94-48F7-8449-0A7594209AC9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{915018EF-5462-49EF-A704-C485AF06365F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C5F75F58-C770-4733-83D6-2CFE28F1B243}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F8F0D5E5-2ABF-42B5-8C5B-DD45CC27C11A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{2AC84A23-C1D4-47B6-8281-32F0BCCD40F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
 
==================== Restore Points =========================
 
12-02-2021 15:41:51 Scheduled Checkpoint
04-03-2021 09:22:46 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/04/2021 09:48:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9168,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (03/04/2021 09:38:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4028,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (03/04/2021 09:26:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (03/04/2021 09:26:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (03/04/2021 09:26:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (03/04/2021 09:26:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (03/04/2021 05:20:48 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8492,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (03/04/2021 03:31:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9104,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
 
System errors:
=============
Error: (03/04/2021 09:32:48 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 09:28:21 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 09:26:11 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (03/04/2021 08:36:57 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 07:36:15 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 07:30:13 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 06:33:29 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/04/2021 05:34:29 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2021-02-28 09:38:02.541
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-02-27 07:38:01.746
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-02-26 05:38:00.509
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-02-25 03:37:59.568
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-02-24 01:37:58.969
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-04 21:46:52.937
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-04 21:46:52.935
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-04 21:46:52.933
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-04 21:45:48.938
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-04 21:45:48.933
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
==================== Memory info =========================== 
 
BIOS: Lenovo 1QCN32WW 08/18/2016
Motherboard: LENOVO Nano 5A8
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 69%
Total physical RAM: 3490.6 MB
Available physical RAM: 1059.01 MB
Total Virtual: 7842.6 MB
Available Virtual: 4988.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:421.72 GB) (Free:49.44 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.65 GB) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive f: (Lexar) (Removable) (Total:59.61 GB) (Free:59.21 GB) FAT32
 
\\?\Volume{fffa446e-bbc3-470c-bdda-07cab47dc692}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{9e3476dd-c963-469d-aa8f-4bc29e9838d9}\ (LENOVO_PART) (Fixed) (Total:16.82 GB) (Free:6.24 GB) NTFS
\\?\Volume{840cf185-c678-4fc9-8a86-f21efa62129e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F73B760)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 59.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

Advertisements

#11
RKinner
Posted 06 March 2021 - 05:18 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Please reread my last post.   I was not asking for the Addition.txt file from the first scan.  Just want to make sure that when you run a FRST scan after the Fix that you have Addition.txt checked.


  • 0

#12
Wafna
Posted 08 March 2021 - 01:46 AM

Wafna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

I understand: where you said "but this time, attach..." made me think you hadn't spotted the Additional log in the previous post.

 

Fixlog, followed by Farbar scan w/Addition, speccie log attached as file "Lenovo.txt".

Thanks again for all the help figuring this out, RKinner.
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Bill (05-03-2021 22:30:54) Run:1
Running from F:\FRST & Logs
Loaded Profiles: Bill
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ContextMenuHandlers1: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
ContextMenuHandlers2: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
ContextMenuHandlers4: [Fix-It Menu] -> {F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => C:\Program Files (x86)\Avanquest\Fix-It\mxctxMnu64.dll -> No File
FirewallRules: [{8B1EF3E7-EDA2-488F-AC78-9BBDF3AFE14B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{C5B109DB-A4DA-409D-A49D-83B287BD8FAA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{F80157A6-5134-42FE-BEE5-0393B9A05BEE}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{4A4BEB17-5908-4241-96F9-FAFD1A3646C9}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{19672D66-F5AF-46BE-872F-2B25F642A803}] => (Allow) C:\Users\Bill\AppData\Local\Temp\7zS3B65\HP.EasyStart.exe => No File
FirewallRules: [{8325C4CD-D605-45E3-B810-60DB5FEF1A9B}] => (Allow) C:\Program Files\iTunes\iTunes.exe => No File
FirewallRules: [{628F320B-28EF-413A-8893-78C1CA07EC57}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{86D86FB5-E6A7-4867-BDA2-482BCCB36E87}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{583C044D-FAC7-4C72-B48A-D855C382F52C}] => (Allow) C:\Users\Bill\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{66827E1B-2A0D-408D-8053-7645861F7781}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Block) C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [UDP Query User{880AD327-6878-4A84-8FED-C21AE2DF5AAB}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Block) C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [TCP Query User{D610A114-0B6B-4381-911A-0DCB28BDAC66}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{10AD39FE-4A63-4AF1-9B8C-1CD7975FB806}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{FF198961-A67F-465C-94A5-231F0563E650}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{5CC25685-D18C-47AB-B82E-A12D907D761A}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [{B6E12C10-2D94-48F7-8449-0A7594209AC9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{F8F0D5E5-2ABF-42B5-8C5B-DD45CC27C11A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Fix-It Menu => removed successfully
HKLM\Software\Classes\CLSID\{F1C709E4-B1E5-4F1C-A034-DC4F6124C8FF} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Fix-It Menu => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Fix-It Menu => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B1EF3E7-EDA2-488F-AC78-9BBDF3AFE14B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5B109DB-A4DA-409D-A49D-83B287BD8FAA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F80157A6-5134-42FE-BEE5-0393B9A05BEE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A4BEB17-5908-4241-96F9-FAFD1A3646C9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19672D66-F5AF-46BE-872F-2B25F642A803}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8325C4CD-D605-45E3-B810-60DB5FEF1A9B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{628F320B-28EF-413A-8893-78C1CA07EC57}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{86D86FB5-E6A7-4867-BDA2-482BCCB36E87}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{583C044D-FAC7-4C72-B48A-D855C382F52C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{66827E1B-2A0D-408D-8053-7645861F7781}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{880AD327-6878-4A84-8FED-C21AE2DF5AAB}C:\users\bill\appdata\local\programs\opera\71.0.3770.228\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D610A114-0B6B-4381-911A-0DCB28BDAC66}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{10AD39FE-4A63-4AF1-9B8C-1CD7975FB806}C:\users\bill\appdata\local\programs\opera\72.0.3815.186\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FF198961-A67F-465C-94A5-231F0563E650}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5CC25685-D18C-47AB-B82E-A12D907D761A}C:\users\bill\appdata\local\programs\opera\72.0.3815.320\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6E12C10-2D94-48F7-8449-0A7594209AC9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8F0D5E5-2ABF-42B5-8C5B-DD45CC27C11A}" => removed successfully
 
========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer =========
 
 
========= End of CMD: =========
 
 
========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database =========
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.18362.1316
 
Image Version: 10.0.18363.1316
 
 
[==                         3.8%                           ] 
 
[==                         3.8%                           ] 
 
[==                         3.8%                           ] 
 
[==                         3.9%                           ] 
 
[==                         4.0%                           ] 
 
[==                         4.2%                           ] 
 
[==                         4.3%                           ] 
 
[==                         4.5%                           ] 
 
[==                         4.5%                           ] 
 
[==                         4.6%                           ] 
 
[==                         4.7%                           ] 
 
[==                         4.8%                           ] 
 
[==                         4.8%                           ] 
 
[==                         4.9%                           ] 
 
[==                         5.1%                           ] 
 
[==                         5.1%                           ] 
 
[===                        5.4%                           ] 
 
[===                        5.5%                           ] 
 
[===                        5.5%                           ] 
 
[===                        5.7%                           ] 
 
[===                        5.8%                           ] 
 
[===                        6.0%                           ] 
 
[===                        6.0%                           ] 
 
[===                        6.1%                           ] 
 
[===                        6.3%                           ] 
 
[===                        6.4%                           ] 
 
[===                        6.5%                           ] 
 
[===                        6.6%                           ] 
 
[===                        6.7%                           ] 
 
[===                        6.9%                           ] 
 
[====                       6.9%                           ] 
 
[====                       7.1%                           ] 
 
[====                       7.2%                           ] 
 
[====                       7.3%                           ] 
 
[====                       7.5%                           ] 
 
[====                       7.6%                           ] 
 
[====                       7.8%                           ] 
 
[====                       8.0%                           ] 
 
[====                       8.1%                           ] 
 
[====                       8.3%                           ] 
 
[====                       8.5%                           ] 
 
[====                       8.6%                           ] 
 
[=====                      8.8%                           ] 
 
[=====                      8.9%                           ] 
 
[=====                      9.1%                           ] 
 
[=====                      9.1%                           ] 
 
[=====                      9.3%                           ] 
 
[=====                      9.4%                           ] 
 
[=====                      9.6%                           ] 
 
[=====                      9.6%                           ] 
 
[=====                      9.8%                           ] 
 
[=====                      9.9%                           ] 
 
[=====                      10.0%                          ] 
 
[=====                      10.2%                          ] 
 
[=====                      10.3%                          ] 
 
[======                     10.4%                          ] 
 
[======                     10.6%                          ] 
 
[======                     10.7%                          ] 
 
[======                     10.9%                          ] 
 
[======                     11.2%                          ] 
 
[======                     11.3%                          ] 
 
[======                     11.4%                          ] 
 
[======                     11.5%                          ] 
 
[======                     11.7%                          ] 
 
[======                     11.8%                          ] 
 
[======                     11.9%                          ] 
 
[======                     12.0%                          ] 
 
[=======                    12.1%                          ] 
 
[=======                    12.3%                          ] 
 
[=======                    12.5%                          ] 
 
[=======                    12.5%                          ] 
 
[=======                    12.7%                          ] 
 
[=======                    12.9%                          ] 
 
[=======                    13.1%                          ] 
 
[=======                    13.2%                          ] 
 
[=======                    13.4%                          ] 
 
[=======                    13.6%                          ] 
 
[========                   13.8%                          ] 
 
[========                   14.0%                          ] 
 
[========                   14.1%                          ] 
 
[========                   14.2%                          ] 
 
[========                   14.3%                          ] 
 
[========                   14.3%                          ] 
 
[========                   14.6%                          ] 
 
[========                   14.6%                          ] 
 
[========                   14.8%                          ] 
 
[========                   14.9%                          ] 
 
[========                   15.1%                          ] 
 
[========                   15.2%                          ] 
 
[========                   15.4%                          ] 
 
[=========                  15.5%                          ] 
 
[=========                  15.8%                          ] 
 
[=========                  15.8%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  16.3%                          ] 
 
[=========                  16.5%                          ] 
 
[=========                  16.5%                          ] 
 
[=========                  16.8%                          ] 
 
[=========                  17.1%                          ] 
 
[==========                 17.3%                          ] 
 
[==========                 17.4%                          ] 
 
[==========                 17.5%                          ] 
 
[==========                 17.7%                          ] 
 
[==========                 17.9%                          ] 
 
[==========                 18.9%                          ] 
 
[===========                19.6%                          ] 
 
[===========                20.1%                          ] 
 
[===========                20.3%                          ] 
 
[===========                20.6%                          ] 
 
[============               20.8%                          ] 
 
[============               21.1%                          ] 
 
[============               21.4%                          ] 
 
[============               21.4%                          ] 
 
[============               21.7%                          ] 
 
[============               22.0%                          ] 
 
[============               22.2%                          ] 
 
[============               22.3%                          ] 
 
[=============              22.6%                          ] 
 
[=============              22.9%                          ] 
 
[=============              23.2%                          ] 
 
[=============              23.6%                          ] 
 
[=============              23.9%                          ] 
 
[==============             24.2%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.8%                          ] 
 
[==============             24.9%                          ] 
 
[==============             25.1%                          ] 
 
[==============             25.3%                          ] 
 
[==============             25.5%                          ] 
 
[==============             25.6%                          ] 
 
[==============             25.7%                          ] 
 
[==============             25.7%                          ] 
 
[===============            25.9%                          ] 
 
[===============            26.0%                          ] 
 
[===============            26.3%                          ] 
 
[===============            26.3%                          ] 
 
[===============            26.6%                          ] 
 
[===============            26.6%                          ] 
 
[===============            26.9%                          ] 
 
[===============            26.9%                          ] 
 
[===============            26.9%                          ] 
 
[===============            27.0%                          ] 
 
[===============            27.0%                          ] 
 
[===============            27.0%                          ] 
 
[===============            27.1%                          ] 
 
[===============            27.2%                          ] 
 
[===============            27.2%                          ] 
 
[===============            27.4%                          ] 
 
[===============            27.5%                          ] 
 
[================           27.6%                          ] 
 
[================           27.7%                          ] 
 
[================           27.8%                          ] 
 
[================           28.1%                          ] 
 
[================           28.3%                          ] 
 
[================           28.5%                          ] 
 
[================           28.7%                          ] 
 
[================           28.8%                          ] 
 
[================           28.8%                          ] 
 
[================           28.9%                          ] 
 
[================           29.1%                          ] 
 
[================           29.1%                          ] 
 
[================           29.2%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.5%                          ] 
 
[=================          29.7%                          ] 
 
[=================          29.7%                          ] 
 
[=================          29.8%                          ] 
 
[=================          30.0%                          ] 
 
[=================          30.2%                          ] 
 
[=================          30.4%                          ] 
 
[=================          30.6%                          ] 
 
[=================          30.9%                          ] 
 
[=================          31.0%                          ] 
 
[==================         31.2%                          ] 
 
[==================         31.2%                          ] 
 
[==================         31.3%                          ] 
 
[==================         31.5%                          ] 
 
[==================         31.7%                          ] 
 
[==================         31.8%                          ] 
 
[==================         31.9%                          ] 
 
[==================         32.1%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.5%                          ] 
 
[==================         32.6%                          ] 
 
[===================        32.8%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.3%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.9%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.1%                          ] 
 
[===================        34.2%                          ] 
 
[===================        34.4%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.9%                          ] 
 
[====================       34.9%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.5%                          ] 
 
[====================       35.6%                          ] 
 
[====================       35.7%                          ] 
 
[====================       35.9%                          ] 
 
[====================       36.2%                          ] 
 
[=====================      36.2%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      36.8%                          ] 
 
[=====================      36.9%                          ] 
 
[=====================      36.9%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.2%                          ] 
 
[=====================      37.4%                          ] 
 
[=====================      37.5%                          ] 
 
[=====================      37.6%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.2%                          ] 
 
[======================     38.2%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.4%                          ] 
 
[======================     38.4%                          ] 
 
[======================     38.5%                          ] 
 
[======================     38.5%                          ] 
 
[======================     38.5%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.7%                          ] 
 
[======================     38.7%                          ] 
 
[======================     38.8%                          ] 
 
[======================     38.9%                          ] 
 
[======================     38.9%                          ] 
 
[======================     38.9%                          ] 
 
[======================     39.0%                          ] 
 
[======================     39.0%                          ] 
 
[======================     39.0%                          ] 
 
[======================     39.1%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.3%                          ] 
 
[======================     39.4%                          ] 
 
[======================     39.4%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.6%                          ] 
 
[=======================    39.7%                          ] 
 
[=======================    39.7%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.9%                          ] 
 
[=======================    40.0%                          ] 
 
[=======================    40.0%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.3%                          ] 
 
[=======================    40.3%                          ] 
 
[=======================    40.4%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.6%                          ] 
 
[=======================    40.7%                          ] 
 
[=======================    40.8%                          ] 
 
[=======================    40.8%                          ] 
 
[=======================    40.9%                          ] 
 
[=======================    40.9%                          ] 
 
[=======================    41.0%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.2%                          ] 
 
[=======================    41.3%                          ] 
 
[=======================    41.4%                          ] 
 
[=======================    41.4%                          ] 
 
[========================   41.5%                          ] 
 
[========================   41.5%                          ] 
 
[========================   41.6%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.8%                          ] 
 
[========================   41.9%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.1%                          ] 
 
[========================   42.1%                          ] 
 
[========================   42.2%                          ] 
 
[========================   42.3%                          ] 
 
[========================   42.3%                          ] 
 
[========================   42.4%                          ] 
 
[========================   42.4%                          ] 
 
[========================   42.6%                          ] 
 
[========================   42.7%                          ] 
 
[========================   42.9%                          ] 
 
[========================   42.9%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.4%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.7%                          ] 
 
[=========================  43.8%                          ] 
 
[=========================  44.1%                          ] 
 
[=========================  44.2%                          ] 
 
[=========================  44.4%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.7%                          ] 
 
[========================== 44.9%                          ] 
 
[========================== 44.9%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.2%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 45.6%                          ] 
 
[========================== 45.7%                          ] 
 
[========================== 45.9%                          ] 
 
[========================== 46.0%                          ] 
 
[========================== 46.1%                          ] 
 
[========================== 46.2%                          ] 
 
[========================== 46.3%                          ] 
 
[========================== 46.4%                          ] 
 
[===========================46.6%                          ] 
 
[===========================46.6%                          ] 
 
[===========================46.8%                          ] 
 
[===========================46.9%                          ] 
 
[===========================47.0%                          ] 
 
[===========================47.1%                          ] 
 
[===========================47.3%                          ] 
 
[===========================47.5%                          ] 
 
[===========================47.5%                          ] 
 
[===========================47.6%                          ] 
 
[===========================47.7%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.9%                          ] 
 
[===========================48.0%                          ] 
 
[===========================48.1%                          ] 
 
[===========================48.2%                          ] 
 
[===========================48.3%                          ] 
 
[===========================48.5%                          ] 
 
[===========================48.7%                          ] 
 
[===========================48.8%                          ] 
 
[===========================48.9%                          ] 
 
[===========================49.1%                          ] 
 
[===========================49.3%                          ] 
 
[===========================49.5%                          ] 
 
[===========================49.7%                          ] 
 
[===========================49.8%                          ] 
 
[===========================50.0%                          ] 
 
[===========================50.3%                          ] 
 
[===========================50.6%                          ] 
 
[===========================50.9%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.5%                          ] 
 
[===========================51.8%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.9%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.9%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================57.6%=                         ] 
 
[===========================57.9%=                         ] 
 
[===========================57.9%=                         ] 
 
[===========================58.0%=                         ] 
 
[===========================58.7%==                        ] 
 
[===========================59.1%==                        ] 
 
[===========================59.5%==                        ] 
 
[===========================59.6%==                        ] 
 
[===========================60.0%==                        ] 
 
[===========================60.2%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
========= findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log =========
 
FINDSTR: Cannot open \windows\logs\cbs\cbs.log
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 23:23:49 ====
 
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by Bill (administrator) on WAFNAFINCA (LENOVO 80TJ) (07-03-2021 23:04:34)
Running from F:\FRST & Logs
Loaded Profiles: Bill
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Bill\AppData\Roaming\uTorrent\updates\3.5.5_45852\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\Lenovo.Vantage.AddinHost.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\CCSDK\CCSDKUpdateAgent.exe
(LENOVO -> Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Opera Software AS -> Opera Software) C:\Users\Bill\AppData\Local\Programs\Opera\73.0.3856.329\opera_autoupdate.exe <6>
(Opera Software AS -> Opera Software) C:\Users\Bill\AppData\Local\Programs\Opera\launcher.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Bill\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16735744 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029064 2016-12-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Run: [uTorrent] => C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe [2142936 2020-12-21] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Run: [Opera Browser Assistant] => C:\Users\Bill\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-24] (Opera Software AS -> Opera Software)
HKLM\...\Print\Monitors\HP BC11 Status Monitor: C:\WINDOWS\system32\hpinkstsBC11LM.dll [329576 2012-04-02] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\WINDOWS\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04412891-24BC-4138-B241-9ACBB5B10BD1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ba3e974b-7a54-4d01-9b35-5642074231e5 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {0B9E4782-3F11-4BD9-B502-ACB8C8DDB50F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0D01D7CF-0142-4E3A-8CDA-44DDE5E68B0A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [190744 2016-10-07] (CyberLink Corp. -> CyberLink)
Task: {125D2278-CFDB-4F9B-9A81-3738DF7F4082} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {128AEEA2-FA81-4CC0-B80B-6639618A482E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\70f1a305-0974-46c4-81b9-a832b5d80daf => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {1F3CFE37-7A3D-4008-92E1-A38238D2920D} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-07-14] (CyberLink Corp. -> CyberLink Corp.)
Task: {1F63ECA0-3DC8-4C71-84BD-9A845C9CE4B6} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {428E159E-C567-4192-B35A-B507EF56DB81} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe
Task: {4306E8EE-D875-4E21-8AD2-6CF06E2B86A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {505C736C-43A3-4950-A4AD-169F7968A0CC} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [347416 2016-09-20] (CyberLink Corp. -> CyberLink Corp.)
Task: {5B32D5FD-7F77-4BC0-B5F7-4C15E8668D0D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1476b519-d184-4f7a-9639-ac6abb60e632 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {7161AC20-430F-490E-9004-D314D1D38F49} - System32\Tasks\Opera scheduled assistant Autoupdate 1602450481 => C:\Users\Bill\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-05] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Bill\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {71DF2009-9FD8-4B03-BDD1-EE40C0276588} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7dde65bf-09bf-4af8-be6a-488d904ac14a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {83AB5A5A-3768-481A-9979-3F5875BFF45A} - System32\Tasks\App Explorer => C:\Users\Bill\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7949992 2020-09-04] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {863EFABC-F3FE-490D-915E-11A545A1245B} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {8EF39545-6CAB-48E6-8BBA-760B4B6E0A84} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {912F49DB-15A7-4E3D-B991-F2D73DA1D7B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {985E9A96-5B7A-42AA-8857-01DB5DA9FEB7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A396DD8D-1D0E-4C7E-9BC0-CDEECE6432CA} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {A3F065C0-3BFD-47C0-B5F5-35C1035099BA} - System32\Tasks\GoogleUpdateTaskMachineCore1d577d8762cc324 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {A9E6EAA3-31FB-41FB-9340-2DD4077F7FB3} - System32\Tasks\GoogleUpdateTaskMachineUA1d577d876fd0f06 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-03] (Google Inc -> Google Inc.)
Task: {B02115C7-7BF7-41D2-A3DB-C97460DBAE5D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {BE7E0F4A-5C05-49F3-A56E-52388FCEBD6F} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\ScheduleEventAction.exe [24408 2020-11-05] (Lenovo -> Lenovo Group Ltd.)
Task: {D066E7FF-C582-440E-8C49-FC05B23CBA00} - System32\Tasks\Opera scheduled Autoupdate 1602450444 => C:\Users\Bill\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-05] (Opera Software AS -> Opera Software)
Task: {D08A6BAB-F153-4FD0-ABDC-DEC2F67B7AC1} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [144312 2020-09-15] (Lenovo -> Lenovo Group Ltd.)
Task: {E7B6FACF-DCB0-4669-ABE0-529E742E026E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F21BC763-6A7A-401E-814A-337A9B1CAB8B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62280 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {FF18E6DB-F8D9-4B4A-A3E6-6C43D51FFFF1} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0f40e668-a797-4afa-99ef-56ed6e63d747}: [NameServer] 8.8.8.8,4.2.2.1
Tcpip\..\Interfaces\{0f40e668-a797-4afa-99ef-56ed6e63d747}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Edge: 
=======
DownloadDir: C:\Users\Bill\Downloads
Edge Notifications: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> hxxps://www.youtube.com
Edge Profile: C:\Users\Bill\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-06]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-06-11] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2020-12-07]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://ijbhodgieeokalkdiehlkbekkfobohgd/newtab/quicknewtabpage.html"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-03]
CHR Extension: (Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-03]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-28]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-03]
CHR Extension: (YouTube Music) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2020-05-18]
CHR Extension: (Sheets) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-28]
CHR Extension: (Track My Package) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbhodgieeokalkdiehlkbekkfobohgd [2018-11-09]
CHR Extension: (Disney+) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbjafbmjpcimpkkihihoideiofnoalmh [2019-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
Opera: 
=======
OPR Profile: C:\Users\Bill\AppData\Roaming\Opera Software\Opera Stable [2021-03-07]
OPR Notifications: Opera Stable -> hxxps://app.slack.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Bill\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-25]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\LenovoVantageService.exe [29520 2020-11-05] (Lenovo -> Lenovo Group Ltd.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [947280 2020-06-11] (McAfee, LLC -> McAfee, LLC)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1356872 2019-11-13] (McAfee, LLC. -> McAfee, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AQFileRestore; C:\WINDOWS\System32\DRIVERS\AQFileRestore.sys [21008 2013-03-06] (Avanquest North America Inc. -> )
S3 MpKsl4ecfc8ad; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5A02A22-F607-4E48-AA84-EE85B657569F}\MpKslDrv.sys [91376 2021-01-20] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslf9b7ea3a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5A02A22-F607-4E48-AA84-EE85B657569F}\MpKslDrv.sys [91376 2021-01-20] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-03-03 23:26 - 2021-03-05 23:28 - 000000000 ____D C:\Users\Bill\AppData\LocalLow\uTorrent
2021-02-28 00:44 - 2021-02-28 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{E6F67BE4-0486-4A0C-AAEF-9B6F3FE4C745}
2021-02-26 01:13 - 2021-02-26 01:13 - 000000000 _____ C:\Users\Bill\AppData\Local\{A4CC12BE-8D91-4277-B4D4-C92D06C59722}
2021-02-25 00:44 - 2021-02-25 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{87B047B3-45E8-4752-9873-2F68E5AD6A48}
2021-02-23 01:13 - 2021-02-23 01:13 - 000000000 _____ C:\Users\Bill\AppData\Local\{874F44C6-BA94-4E63-B606-2E990B65E529}
2021-02-22 00:44 - 2021-02-22 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{82766F52-5FF2-459C-9262-508855615D52}
2021-02-20 01:13 - 2021-02-20 01:13 - 000000000 _____ C:\Users\Bill\AppData\Local\{DE1705CE-D04F-4140-A427-BBE96784712B}
2021-02-19 00:44 - 2021-02-19 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{AEB668B4-B64F-4F92-9259-B0A37B8DACC3}
2021-02-18 00:44 - 2021-02-18 00:44 - 000000000 _____ C:\Users\Bill\AppData\Local\{990E0723-0F61-4385-8F35-879297D37975}
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-03-07 23:07 - 2019-07-07 08:02 - 000000000 ____D C:\Users\Bill\AppData\Roaming\uTorrent
2021-03-07 23:05 - 2019-10-11 13:02 - 000000000 ____D C:\FRST
2021-03-07 22:59 - 2020-06-20 18:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-07 22:59 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-07 22:04 - 2018-06-13 16:54 - 000000000 ____D C:\Users\Bill\AppData\Local\Host App Service
2021-03-07 20:44 - 2020-06-20 19:07 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D592D06A-5E9D-4972-914E-084C4C3AA140}
2021-03-06 21:31 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-05 23:26 - 2020-06-20 19:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-05 23:25 - 2019-03-18 20:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-05 23:25 - 2017-08-28 16:47 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-03-05 23:04 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-03 23:21 - 2020-06-20 18:49 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-03 23:21 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-28 23:39 - 2020-09-03 19:47 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Zoom
2021-02-28 23:37 - 2019-06-08 17:02 - 000000000 ____D C:\Users\Bill\AppData\Roaming\vlc
2021-02-28 21:56 - 2020-06-20 18:34 - 000000000 ____D C:\Users\Bill
2021-02-27 01:38 - 2021-01-24 22:16 - 000000000 ____D C:\Users\Bill\AppData\Local\ElevatedDiagnostics
2021-02-05 23:39 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories ========
 
2019-06-05 11:04 - 2019-06-05 11:04 - 000000017 _____ () C:\Users\Bill\AppData\Local\resmon.resmoncfg
2021-02-22 00:44 - 2021-02-22 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{82766F52-5FF2-459C-9262-508855615D52}
2021-02-23 01:13 - 2021-02-23 01:13 - 000000000 _____ () C:\Users\Bill\AppData\Local\{874F44C6-BA94-4E63-B606-2E990B65E529}
2021-02-25 00:44 - 2021-02-25 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{87B047B3-45E8-4752-9873-2F68E5AD6A48}
2021-02-18 00:44 - 2021-02-18 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{990E0723-0F61-4385-8F35-879297D37975}
2021-02-26 01:13 - 2021-02-26 01:13 - 000000000 _____ () C:\Users\Bill\AppData\Local\{A4CC12BE-8D91-4277-B4D4-C92D06C59722}
2021-02-19 00:44 - 2021-02-19 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{AEB668B4-B64F-4F92-9259-B0A37B8DACC3}
2021-02-20 01:13 - 2021-02-20 01:13 - 000000000 _____ () C:\Users\Bill\AppData\Local\{DE1705CE-D04F-4140-A427-BBE96784712B}
2021-02-28 00:44 - 2021-02-28 00:44 - 000000000 _____ () C:\Users\Bill\AppData\Local\{E6F67BE4-0486-4A0C-AAEF-9B6F3FE4C745}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Bill (07-03-2021 23:09:07)
Running from F:\FRST & Logs
Windows 10 Home Version 1909 18363.1316 (X64) (2020-06-21 03:09:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1122014046-1530283893-1328058983-500 - Administrator - Disabled)
Bill (S-1-5-21-1122014046-1530283893-1328058983-1003 - Administrator - Enabled) => C:\Users\Bill
DefaultAccount (S-1-5-21-1122014046-1530283893-1328058983-503 - Limited - Disabled)
Guest (S-1-5-21-1122014046-1530283893-1328058983-501 - Limited - Disabled)
hogsp (S-1-5-21-1122014046-1530283893-1328058983-1001 - Administrator - Enabled) => C:\Users\hogsp
WDAGUtilityAccount (S-1-5-21-1122014046-1530283893-1328058983-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{DB929D3C-5DF3-95A0-456F-403306EE69B6}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5F16D84E-851C-29BB-3CBE-A480DBAE3A09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{13D096A7-D644-944F-F99D-82A17015AAE0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{EE08C0D5-792F-B256-A499-ECEC56915562}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{37F9C96B-294A-D6A7-183D-930C8A2F5D68}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DAC91F38-7D04-90FC-19CB-AC1C608012ED}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{40E57BA2-6029-7A5D-A2BE-7D47039159D0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{7A54ECFD-70B7-08DF-D581-8CD04B4CDA09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0F8A189-4C96-0179-ACEE-A98F618FD472}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{60694907-C4DE-A4AE-8DD0-E2E50E3A9C14}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{592C6F67-5D6B-8E34-90B9-2E9D44FC537B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{06B55CAD-9FF0-EE80-954C-32FA86AED3BF}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{3B613BFA-C0AC-5FBF-29B1-3C362DFE417B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3364BA9-283A-2B4C-2DED-90C284A54B8D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{6E30A3B3-5427-9D91-5878-BD61820C5671}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{1E282415-8F60-005E-58C2-8FA7A7A391FB}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{8384ACC1-D00D-3818-8C45-E41E3C3FC6F9}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{DA4880B9-F477-386C-B07D-E13A7F4565C4}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{0FEDC0A5-8ED6-1A59-78A4-35E82784E3E0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3BF8C0EC-3127-F42D-78B7-7C5C9E682657}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{3F6354FB-8E86-4BEF-A53F-141D1493EE6D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Kindle Create (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Kindle Create) (Version: 1.38.37.0 - Amazon)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo App Explorer (HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Host App Service) (Version: 0.273.4.172 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.4.16.0 - Lenovo Group Ltd.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.109 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 - Mojang)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation)
OpenOffice 4.1.7 Language Pack (English) (HKLM-x32\...\{307DADC3-1571-4391-95FB-11FD2A73D6E0}) (Version: 4.17.9800 - Apache Software Foundation)
Opera Stable 73.0.3856.329 (HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\Opera 73.0.3856.329) (Version: 73.0.3856.329 - Opera Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Checkbook HD -> C:\Program Files\WindowsApps\iBearLLC.CheckbookHD_1.0.1.24_x64__pyxe037ww88ja [2017-09-01] (iBear LLC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-08-28] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2011.20.0_x64__k1h2ywk1493x8 [2020-11-26] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.8.12113.0_x64__8wekyb3d8bbwe [2021-01-08] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
MobileDiscord PTB -> C:\Program Files\WindowsApps\11359TimothyLiang.MobileDiscordPTB_1.1.7.0_x64__x50kx86and41j [2019-05-21] (Timothy Liang)
PDF Reader - View, Edit, Share -> C:\Program Files\WindowsApps\0D9A1B2D.PDFReaderUWP_1.11.0.0_x64__jhretta7p24aw [2020-11-18] (Kdan Mobile Software Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-11] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-16] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Bill\Desktop\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Bill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
 
==================== Loaded Modules (Whitelisted) =============
 
2016-06-29 18:13 - 2016-06-29 18:13 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-12-29 23:45 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2020-06-20 19:21 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-06-29 18:13 - 2016-06-29 18:13 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> DefaultScope {C2D675D5-F7B8-4FCF-930A-DCEC2DE6332F} URL = 
SearchScopes: HKU\S-1-5-21-1122014046-1530283893-1328058983-1003 -> {C2D675D5-F7B8-4FCF-930A-DCEC2DE6332F} URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-06-11] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-06-11] (McAfee, LLC -> McAfee, LLC)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 03:47 - 2016-07-16 03:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1122014046-1530283893-1328058983-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 8.8.8.8 - 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-1122014046-1530283893-1328058983-1003\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EE64224A-5E83-49CE-9627-BF8061046D31}] => (Allow) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B41F501C-260B-4E9E-BC8B-5A2668457803}] => (Allow) C:\Users\Bill\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CCAE9208-600C-47D2-A2D3-216686CA70D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{0545FF5F-8239-477C-8C0E-EF5179531532}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{6F5BAF2B-F0AB-4FE4-B28F-87A1B2EB9C06}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{443D41B2-980E-49A0-8A7F-403411B44938}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9333D96B-683A-4D19-A1A0-E593FFCAAE5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8AC95417-3A08-442F-AB06-9D7E55C0D733}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{176C77FE-F7F4-4448-B335-95C5EA3E2C3C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{055F68B6-A0C7-4E2B-87A3-18843AE8DFE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{12F08132-AE67-4E0C-8C5C-5F74A81A8DC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E19529CF-0BBB-4021-8B71-317076A31EB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3ADCD76C-B00C-48A7-B7AA-3CA0FE939727}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{48E17121-9BF0-4E1A-A726-FE9BDFA7E3EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{76B01ED0-A0C8-41E3-832E-6F492FF32AF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3392EEA0-501E-4374-8A06-F27C09C686F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CA995C1B-55EE-4DA4-9994-9628FD027F31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{870DB8C2-4266-430A-9D8D-D06A8B059F40}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4702B7FB-9B51-4099-81F1-6C562B37033B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E97C6C2-DC7D-47CD-BE21-DB7060060548}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E153186-4238-47AC-B865-30F45C8C2D1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A941C41B-CC11-4044-B7F3-0AB219D02388}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3B53591-09C4-4970-961F-7D3083EDBC4A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0E5B540E-9A02-4C0C-B289-7DE71EF1602A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{915018EF-5462-49EF-A704-C485AF06365F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C5F75F58-C770-4733-83D6-2CFE28F1B243}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{2AC84A23-C1D4-47B6-8281-32F0BCCD40F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
 
==================== Restore Points =========================
 
12-02-2021 15:41:51 Scheduled Checkpoint
04-03-2021 09:22:46 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname WafnaFinca.local already in use; will try WafnaFinca-2.local instead
 
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 WafnaFinca.local. Addr 192.168.0.7
 
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353   16 WafnaFinca.local. AAAA 2600:8801:DD0A:5800:09C9:2558:429F:AEB1
 
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 WafnaFinca.local. AAAA FE80:0000:0000:0000:D14A:0697:D7A5:1661
 
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353   16 WafnaFinca.local. AAAA 2600:8801:DD0A:5800:09C9:2558:429F:AEB1
 
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 WafnaFinca.local. AAAA 2600:8801:DD0A:5800:70A3:4DC2:7088:3967
 
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353   16 WafnaFinca.local. AAAA 2600:8801:DD0A:5800:09C9:2558:429F:AEB1
 
Error: (03/06/2021 11:20:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 WafnaFinca.local. AAAA 2600:8801:DD0A:5800:D14A:0697:D7A5:1661
 
 
System errors:
=============
Error: (03/07/2021 10:33:45 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/07/2021 09:31:53 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/07/2021 08:31:41 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/07/2021 07:32:00 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/07/2021 07:26:35 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/07/2021 06:34:00 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/07/2021 05:33:47 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (03/07/2021 04:33:45 PM) (Source: DCOM) (EventID: 10010) (User: WAFNAFINCA)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2020-08-08 20:34:58.125
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\chrome_elf.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-07-31 14:25:13.532
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2020-07-31 14:25:13.514
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2020-07-31 14:25:09.052
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2020-07-31 14:25:09.006
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2020-07-31 14:25:08.853
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2020-07-31 14:25:08.832
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2020-07-31 14:25:02.318
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2020-07-31 14:25:01.440
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2021-03-07 05:26:36.918
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-03-06 23:46:04.820
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-06 23:46:04.817
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-06 23:46:04.815
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-06 23:45:00.885
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-03-06 23:45:00.883
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.2393.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee2
Error description: The operation timed out 
 
==================== Memory info =========================== 
 
BIOS: Lenovo 1QCN32WW 08/18/2016
Motherboard: LENOVO Nano 5A8
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 70%
Total physical RAM: 3490.6 MB
Available physical RAM: 1043.63 MB
Total Virtual: 7842.6 MB
Available Virtual: 4671.69 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:421.72 GB) (Free:58.07 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.65 GB) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive f: (Lexar) (Removable) (Total:59.61 GB) (Free:59.2 GB) FAT32
 
\\?\Volume{fffa446e-bbc3-470c-bdda-07cab47dc692}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{9e3476dd-c963-469d-aa8f-4bc29e9838d9}\ (LENOVO_PART) (Fixed) (Total:16.82 GB) (Free:6.24 GB) NTFS
\\?\Volume{840cf185-c678-4fc9-8a86-f21efa62129e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F73B760)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 59.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 

Attached Files


  • 0

#13
RKinner
Posted 08 March 2021 - 05:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

You can uninstall Speccy now.

 

The Fix ran as expected and found no errors.

 

Speccy shows the temps are good, hard drive is healthy (at least it's as healthy as a Seagate drive ever is.  I do not trust Seagate.  Have had too many of them fail on me.  Just make sure you have any irreplaceable date (pictures, videos, documents, tax forms) backed up in a separate place.)  Your WiFi is set to use Channel 11 but there are several other routers on the same Channel - one is just as strong as Westport 2.4 so must be interfering with it.  I see a Westport 5.0 which must be the same router.  It operates on the newer 5.0 band.  See what speed you get now:

Go to:

https://www.speedtest.net/

hit GO.  Note your download speed when it finishes.

 

Now connect to Westport 5.0 - should be the same password - and repeat the speedtest.  Any difference?

 

Oddly enough there is another signal on Channel 157 call CoxWiFi so it may not be any better.   (With so many channels available it is unusual to see competing signals on the new bad.   Perhaps it is from the same router?  It doesn't have any encryption on it so could be used by anyone.) 

 

If you own or control the router it would be wise to log onto it and change the WiFi Channel from Auto to another channel that has no interference.  There is a program called Insidder that will show you the competing signals which will help you pick a better channel.

 

Download inssider
https://www.techspot...6-inssider.html
Double click to install it. Then run it by right click and Run As Admin.

It will show you a graph in the bottom right that has your signal in blue and competing signals in orange and yellow.  It may also recommend a different channel which might have less interference.

Moving to a different channel (by logging on to your router) can drastically improve performance.  If you do not know how tell me the Router's make and model number.  If supplied by your ISP there is usually a password written on a sticker on the back or bottom fo the router.

 

Let's get a benchmark to see how your PC is running:

 

 

https://www.userbenchmark.com


Click on Free Download.  Save the file then right click and Run As Admin.  Close all programs and pause your antivirus before starting.


When it finishes it will open a browser.  Copy the URL and paste it into a Reply.


  • 0

#14
Wafna
Posted 09 March 2021 - 03:23 AM

Wafna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Yeah, I don't trust Seagate either; had a couple of their drives fail over the years. It's on a cheap laptop (Lenovo) that was available when I needed one, and I'm writing this thread on it's replacement (HP)... but I'd rather like to keep using it as a plex server / backup so the replacement doesn't get bogged down. I've been transferring log files and programs between systems via USB sticks.

I'll attach some screenshots, I felt that most of what I tried tonight was ineffective, but there was something interesting I noticed when comparing results between the Lenovo and HP.

 

I'm not the owner/operator of the router, I just rent here. Westport 5.0 and Westport 2.4 are the same router, and I suspect the open Cox network is also hosted by our router. It's one of those things the ISP does without asking permission (and it wouldn't actually let me connect. I screenshot that, but it doesn't really show anything.). Not much I can do about that without being the account holder / router owner. Westport5.0 didn't have the same password three months ago, but did today... so that's fun. Running Speedtest on either network had the same results; it couldn't connect to the site (See SpeedtestWP24). That's actually a different result from all other websites I've tried (See GoogleWP24).

InSSIDer results seemed fine... until I compared the Lenovo (problem machine) with the HP (replacement). See screenshots InSSIDerLenovo & InSSIDerHP to see what I mean... though I don't know what the differences mean. It seems to me that the Lenovo isn't seeing the whole picture... which makes sense since it claims to be connecting to the internet but isn't actually receiving any info.

 

And running Benchmark failed, because it couldn't check in with it's own servers to verify update status (See Benchmark1).

 

Attached Thumbnails

  • SpeedtestWP24.jpg
  • GoogleWP24.jpg
  • inSSIDerHP.jpg
  • inSSIDerLenovo.jpg
  • Benchmark1.jpg

  • 0

#15
RKinner
Posted 09 March 2021 - 05:45 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Something wrong with Opera or with your clock.  The speedtest.net site does provide HTTPS connections which are secure.  In contrast geekstogo.com does not.  You need an accurate clock in order to connect with HTTPS so make sure the time and date are correct AND synced to Internet time. 

See: https://www.groovypo...et-atomic-time/

 

Also these days the option to use secure DNS is available on most browsers.  Most will use Secure DNS if they can but will use unsecure if they have to.  I don't have Opera so I don't know for sure what they do.  Perhaps Opera is set to only use Secure DNS and that's why it started working when we manually changed the DNS.  (Changing the network to the 5.0 one is probably considered a new network so defaults back to the original DNS)  Go into Opera's settings and see if you can find out what they do for DNS.  

 

See if it works in Chrome which FRST says you have.  The Secure DNS setting in Chrome is click on the three dots in the upper right then on Settings then on Privacy & Security then Use Secure DNS (off by default)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP