Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lenovo Laptop extremely slow. Malware and/or software issues suspected

Started by Jamazz , Aug 15 2022 09:55 AM

  • This topic is locked This topic is locked

#1
Jamazz
Posted 15 August 2022 - 09:55 AM

Jamazz

    Member

  • Member
  • PipPip
  • 90 posts

I received a Lenovo Model 80TV Laptop to check it for issues. The laptop is extremely slow to load, shutdown, restart, etc. After a while, the laptop is somewhat usable, but sluggish. The owner noted taking it to Geek Squad (Problem #1 !) for concerns about his Antivirus program expiring, despite having a receipt showing his payment for time longer than provided.

 

The program was Webroot, or some Suite of variant of it. Also, I noticed that Geek Squad had installed Google Chrome, and Microsoft 365, on the day the owner took it for the concerns about his premature Antivirus expiration.

 

Preliminary troubleshooting was conducted by me. I scanned the HDD drive for errors, and ran an in-house restart disk fix. It processed the restart, disk check/fix and rebooted. There was no change to behavior. The HDD has plenty of space. I ran the disk cleanup tool and attempted to erase 9 Gb of items noted in the tool. The process hung and I aborted it. I also uninstalled Google Chrome and 365, since they were not asked for by the owner, and I had suspected they may have been botched installs by Geek Squad. Both programs were uninstalled, along with Spotify, and Webroot.

 

Multiple restarts, and an impromptu windows 'updating/making changes - do not restart' occurring, which lasted for hours, did not seem to do the trick.

 

The laptop, when started in safe mode, boots up with no issue, fast, and shows no signs of any symptoms.

 

Lastly, I checked startup, and there was nothing out of the ordinary, where I though there might be something hosing the laptop on start up.

 

With my only remaining options being initiating a recovery, or reimage, I wanted to see if the nice folks at Geeks to Go could take a look at it.

 

 

Here's the copy of FRST's files.

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2022 02
Ran by MIKE CATHY (administrator) on LAPTOP-BPIIB8FF (LENOVO 80TV) (15-08-2022 11:19:12)
Running from C:\Users\MIKE CATHY\Desktop
Loaded Profiles: MIKE CATHY
Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: English (United States)
Default browser not detected!
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(SmartInteractAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(explorer.exe ->) () [File not signed] C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(explorer.exe ->) (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(services.exe ->) () [File not signed] C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [809472 2016-05-16] () [File not signed]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (AnchorFree Inc -> McAfee Inc.)
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\Run: [MicrosoftEdgeAutoLaunch_7B46DF534001DA0DC0FF30BF8F71993C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827128 2022-08-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: C:\WINDOWS\system32\CNCALBL.DLL [303104 2012-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\WINDOWS\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-07-08]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Inc. -> Webroot Software, Inc.)
Startup: C:\Users\MIKE CATHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX920 series Printer WS.lnk [2022-08-12]
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C600912-1CDC-4C30-A64E-0F46A41A5334} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0EF7ECB6-ED3D-4F0D-AB26-38433B3869AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {17EA4F2C-D6C7-4BE4-A520-EBE117D9F91D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {18FFB6C8-E7B3-4EE8-B0FF-99CE7E9985D7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\28e6e7a3-b735-4617-8912-d295d3eabc16 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {25580CAB-CA42-4084-A809-0086A61B0EE6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {330C25D8-5F91-48AD-B249-73E40D4FFC2E} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [147864 2022-05-12] (Lenovo -> Lenovo Group Ltd.)
Task: {44244B5A-C2D3-45A4-9B99-2AAACEFF2361} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {47CF87BC-7D80-42CD-A648-E1EBDA7DD450} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f2b2d6fe-d1c5-45a1-b339-c6eff8807f87 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {48C93C30-0F96-4E4F-BFE7-2EAF6B3F8A55} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {4C797DC6-CC26-4F86-87B5-A6843E3636DA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8814c0c9-6b55-4d9a-b3c5-3a8208799964 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {6823AA50-2B74-4A6F-8CCC-A4E6D8C94072} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {7110B5E8-72D7-4E66-87C0-03A2AD43C7A0} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {722B2178-4CEE-4031-AE4F-B68965D0F371} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {8065F946-D1A4-425A-8CFA-C0ADF755BACF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-08] (Adobe Inc. -> Adobe)
Task: {88E591CE-D593-4A2A-B84B-A38C248BE0F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {964D0040-67AD-4E58-AAE2-26C5ED055B60} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\512cb154-b79e-4feb-be57-3b042e08c3d1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9882DD45-532F-4E95-97D5-5226E2508815} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {AA03ECD5-A5C6-4CF1-8744-61A0E6B56F4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD374E3F-D197-4348-A328-F17922BD0AD8} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {AD74FA34-928F-45A8-8EA2-59A92A0F0A26} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-09] (Microsoft Windows -> Microsoft Corporation)
Task: {B23C98A1-DB0E-43C9-9F19-0CA6BE6FAF96} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\46117c33-8f9f-4194-bfe4-abd5eab29c6f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {BF470BCD-BC64-4563-9441-D7773EC5790A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D8D1AE61-AB7C-48C3-BD47-163CB52982FD} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe /AUTO (No File)
Task: {D9650120-11AA-4D1B-B61E-F30A00963BA7} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-09] (Microsoft Windows -> Microsoft Corporation)
Task: {DE5B2EF5-A28F-470B-8651-18120AEF983D} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {F78750E6-6039-4269-A235-DB394B616584} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{4258872f-dbf8-41a8-8f1f-b72eb451eafe}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{f4ca6036-760d-4fbd-a108-907e8e1f8833}: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{f84a3c4a-2052-438d-85ee-d7f4231dced6}: [DhcpNameServer] 96.7.136.14 96.7.137.14
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (AdBlock — best ad blocker) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.13.0.0_neutral__c1wakc4j0nefm [2022-05-05]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\MIKE CATHY\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-15]
Edge Extension: (Web Threat Shield) - C:\Users\MIKE CATHY\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fmkaflbamgddpjacdmjlkhbnpnlemaea [2022-06-11]
Edge HKLM-x32\...\Edge\Extension: [fmkaflbamgddpjacdmjlkhbnpnlemaea]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [146944 2016-05-16] () [File not signed]
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
S3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2018-03-06] (AnchorFree Inc.) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 AppleIPod; C:\WINDOWS\System32\drivers\AppleIPod.sys [30096 2021-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 MpKsl76019e83; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AB6DC376-A4B5-4FAF-A082-94CBE2DE75E9}\MpKslDrv.sys [141576 2022-08-15] (Microsoft Windows -> Microsoft Corporation)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-08-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-08-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-08-07] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-08-15 11:19 - 2022-08-15 11:20 - 000020239 _____ C:\Users\MIKE CATHY\Desktop\FRST.txt
2022-08-15 11:18 - 2022-08-15 11:20 - 000000000 ____D C:\FRST
2022-08-15 11:18 - 2022-08-15 11:18 - 000000000 ____D C:\Users\MIKE CATHY\Desktop\FRST-OlderVersion
2022-08-15 11:06 - 2022-08-15 11:18 - 002371072 _____ (Farbar) C:\Users\MIKE CATHY\Desktop\FRST64.exe
2022-08-14 22:48 - 2022-08-14 22:48 - 000000000 ___HD C:\$SysReset
2022-08-14 22:00 - 2022-08-14 22:01 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-14 21:43 - 2022-08-15 00:11 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-08-14 21:38 - 2022-08-14 21:38 - 000000000 ____D C:\WINDOWS\pss
2022-08-13 19:13 - 2022-08-13 19:13 - 000000000 __SHD C:\found.036
2022-08-13 17:19 - 2022-08-13 17:19 - 000001228 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28 - Shortcut.lnk
2022-08-09 17:21 - 2022-08-09 17:21 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-09 17:21 - 2022-08-09 17:21 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-09 17:20 - 2022-08-09 17:20 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-09 17:19 - 2022-08-09 17:19 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-09 17:18 - 2022-08-09 17:18 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-09 17:18 - 2022-08-09 17:18 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-09 17:18 - 2022-08-09 17:18 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-09 17:18 - 2022-08-09 17:18 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-09 16:19 - 2022-08-09 16:19 - 000000000 ___HD C:\$WinREAgent
2022-08-08 14:32 - 2022-08-08 14:32 - 000160229 _____ C:\Users\MIKE CATHY\Downloads\Kaitlyn D. Ibrahim, MD.pdf
2022-07-23 13:32 - 2022-07-23 13:32 - 000916254 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28.bmp
2022-07-23 13:32 - 2022-07-23 13:32 - 000000079 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28.html
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-08-15 11:11 - 2021-01-19 14:02 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\D3DSCache
2022-08-15 11:04 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-15 11:03 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-15 10:57 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-15 10:57 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-15 10:47 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-15 10:47 - 2020-11-19 03:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-08-15 09:40 - 2016-12-30 13:36 - 000000000 __SHD C:\Users\MIKE CATHY\IntelGraphicsProfiles
2022-08-15 09:39 - 2021-01-20 16:51 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-15 09:39 - 2020-11-19 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-15 09:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-08-15 09:38 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-08-15 08:24 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-08-15 08:19 - 2017-01-03 22:39 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\Google
2022-08-14 21:39 - 2021-01-20 17:02 - 000000000 ____D C:\Users\MIKE CATHY
2022-08-13 17:50 - 2021-01-20 17:11 - 000025524 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-08-13 17:43 - 2017-07-08 19:36 - 000000000 ____D C:\ProgramData\WRData
2022-08-13 17:08 - 2017-07-08 19:36 - 000000000 ____D C:\Program Files\Webroot
2022-08-13 17:06 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-08-13 17:02 - 2017-07-08 19:37 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\lptmp
2022-08-09 23:10 - 2020-11-19 03:30 - 000437736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-09 23:06 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-09 17:33 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-09 17:18 - 2020-11-19 03:32 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-09 16:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-09 16:03 - 2016-12-30 18:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-09 15:51 - 2016-12-30 18:11 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-07 20:01 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-08-07 19:30 - 2016-12-30 16:55 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2022-08-05 19:57 - 2020-03-26 10:07 - 000000000 ____D C:\WINDOWS\TempInst
2022-07-28 12:02 - 2021-12-12 14:39 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3710523834-1862825545-2785641031-1001
2022-07-28 12:02 - 2021-01-20 17:54 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3710523834-1862825545-2785641031-1001
2022-07-28 12:02 - 2021-01-20 17:02 - 000002405 _____ C:\Users\MIKE CATHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-20 17:50 - 2020-11-19 03:32 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-20 17:50 - 2020-11-19 03:32 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
 
==================== Files in the root of some directories ========
 
2022-05-16 13:07 - 2012-09-20 06:00 - 000105472 _____ (CANON INC.) C:\Users\MIKE CATHY\cnmss Canon MX920 series Printer WS (Local).dll
2017-07-08 19:37 - 2017-07-08 19:37 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2022 02
Ran by MIKE CATHY (15-08-2022 11:22:46)
Running from C:\Users\MIKE CATHY\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) (2021-01-20 21:55:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3710523834-1862825545-2785641031-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3710523834-1862825545-2785641031-503 - Limited - Disabled)
Guest (S-1-5-21-3710523834-1862825545-2785641031-501 - Limited - Disabled)
MIKE CATHY (S-1-5-21-3710523834-1862825545-2785641031-1001 - Administrator - Enabled) => C:\Users\MIKE CATHY
WDAGUtilityAccount (S-1-5-21-3710523834-1862825545-2785641031-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {EA22F846-E33A-0128-9418-185509C86920}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Webroot SecureAnywhere (Enabled - Up to date) {DF901FA1-F926-253B-C464-B01C79DCAD48}
AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {64F1FE45-DF1C-2AB5-FED4-8B6E025BE7F5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.31.68 - Conexant)
Dolby Audio X2 Windows API SDK (HKLM\...\{27DBA722-5298-4184-9535-C529EDF3C82D}) (Version: 0.7.1.56 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{C55DB969-8BE0-4D7F-BF27-B8D316D944D6}) (Version: 0.7.1.59 - Dolby Laboratories, Inc.)
H&R Block Deluxe + Efile + State 2016 (HKLM-x32\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.6401 - HRB Technology, LLC.)
H&R Block Pennsylvania 2016 (HKLM-x32\...\{BAECF4E0-1EB0-4CBA-A0D9-09BA014038A3}) (Version: 1.16.3501 - HRB Technology, LLC.)
Intel® Chipset Device Software (HKLM\...\{47DC837D-ECA6-49AF-9904-1427BB94EF4C}) (Version: 10.1.1.27 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{2B8D577D-4E81-4F0B-A63D-0A4D5C897B5A}) (Version: 11.5.0.1015 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4471 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{FBE0EFD3-4A1F-4E28-A26B-6FAD2DD1AAE4}) (Version: 15.0.0.1039 - Intel Corporation) Hidden
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.14.0 - Lenovo Group Ltd.)
McAfee Safe Connect (HKLM-x32\...\{8DF95C34-C5EB-4026-9C86-E49F2A94677A}) (Version: 1.6.0.223 - McAfee, Inc)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.887.051116 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0286 - REALTEK Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
AdBlock -> C:\Program Files\WindowsApps\BetaFish.AdBlock_2.13.0.0_neutral__c1wakc4j0nefm [2022-05-05] (BetaFish)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.224.300.0_x64__kgqvnymyfvs32 [2022-08-13] (king.com)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-19] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2207.2.0_x64__k1h2ywk1493x8 [2022-08-03] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-28] (Microsoft Studios) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-09-06] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-03] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-05] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2022-03-13] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{75399D28-E622-4973-8752-BC0F7DC47AF3}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.36.122\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\MIKE CATHY\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-06-16 04:31 - 2022-06-16 04:31 - 000355840 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\2b8c809e451b1c9f7f7c0b7a9553a86f\Interop.CxHDAudioAPILib.ni.dll
2016-10-26 21:20 - 2016-03-10 22:07 - 001145856 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001 -> DefaultScope {61A5195B-2CE4-4C2C-8783-99F0154EEEDB} URL = 
SearchScopes: HKU\S-1-5-21-3710523834-1862825545-2785641031-1001 -> {61A5195B-2CE4-4C2C-8783-99F0154EEEDB} URL = 
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-07-22] (Webroot Inc. -> Webroot)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-07-22] (Webroot Inc. -> Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MIKE CATHY\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{8af0a3c0-32b2-4326-b3c0-fb6467141d81}.JPG
DNS Servers: 192.168.132.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{65458106-30A1-4EA3-A8AD-00BBCA57408C}C:\users\mike cathy\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\mike cathy\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [UDP Query User{8C80653E-CED2-49E3-BA0F-4A19AFBA182E}C:\users\mike cathy\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\mike cathy\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [TCP Query User{B1F12A83-A4A1-4935-A88B-B77723E4123A}C:\users\mike cathy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mike cathy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe => No File
FirewallRules: [UDP Query User{94B26D4E-460E-4AD4-A56D-3FDBF7133A33}C:\users\mike cathy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mike cathy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe => No File
FirewallRules: [TCP Query User{07256626-A291-4373-B6E8-176FD547F358}C:\users\mike cathy\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\mike cathy\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [UDP Query User{1D0EE52F-7265-4334-A8D4-E20FB7A768B0}C:\users\mike cathy\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\mike cathy\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [{34E3B3EB-53BB-40DC-AA78-A8F42A4CDE09}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{54C02379-8278-49D8-BEF0-2CD1E261B908}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B8B7DA52-9F52-4317-B78C-C1F27664C12F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A307C37-27D1-43A5-B0EB-DBD1B928B4A6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68717F48-52B5-456D-86BD-947D64669C0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B80247AF-1727-42DA-BFA4-876F51ADC2A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6214189B-7538-4E80-BEC3-D696CD974D6D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{95D0D028-FBCD-4B8C-8E11-6AF0E8442F9E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE83B42B-3D52-4398-A9C2-B834F5B69FC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D1EC56FA-9FA1-492A-A47A-8603953F396F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5788E05C-47BA-43BF-9AEB-9A14288D0485}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D4F20F3-9232-40EB-8C52-12752D8611AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EDD93E6D-AEE7-4A06-B714-0544A76B886F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
09-08-2022 16:13:59 Windows Modules Installer
09-08-2022 16:16:06 Windows Modules Installer
15-08-2022 08:20:08 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (08/15/2022 10:36:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 10.0.19041.1806, time stamp: 0x7dcad237
Faulting module name: ntdll.dll, version: 10.0.19041.1806, time stamp: 0x1000a5b9
Exception code: 0xcfffffff
Fault offset: 0x00000000000a0934
Faulting process id: 0xd30
Faulting application start time: 0x01d8b0ac831ec301
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: fbfb8b13-9aa0-4b5a-a37f-60cb77ef3d34
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/15/2022 09:22:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (08/15/2022 09:22:44 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (08/15/2022 09:22:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (08/15/2022 09:22:44 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (08/15/2022 08:11:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (08/13/2022 04:42:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/13/2022 04:42:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
Error: (08/15/2022 10:47:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/15/2022 10:47:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
 
Error: (08/15/2022 10:47:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/15/2022 10:47:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
 
Error: (08/15/2022 10:47:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/15/2022 10:47:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
 
Error: (08/15/2022 10:47:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/15/2022 10:47:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
 
 
Windows Defender:
================
Date: 2022-08-15 11:03:42
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-08-13 20:53:52
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-08-13 20:29:12
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-08-11 21:41:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-08-11 10:33:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2022-08-15 10:35:48
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2022-08-15 09:55:25
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.373.299.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19500.2
Error code: 0x80070050
Error description: The file exists. 
 
Date: 2022-08-15 08:43:43
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.373.299.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19500.2
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2022-08-15 00:11:35
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2022-08-15 00:10:05
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===============
Date: 2022-08-15 10:44:49
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2022-08-13 20:11:00
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2022-08-13 17:02:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\MIKE CATHY\AppData\Local\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRDll.x64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO 3JCN21WW 09/23/2016
Motherboard: LENOVO Torronto 5C2
Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 50%
Total physical RAM: 8092.13 MB
Available physical RAM: 4032.43 MB
Total Virtual: 12700.13 MB
Available Virtual: 8656.04 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:871.27 GB) (Model: ST1000LM035-1RK172) NTFS
Drive e: (TUFF N TINY) (Removable) (Total:7.45 GB) (Free:3.32 GB) FAT32
 
\\?\Volume{ac5da186-41e5-4ccd-bcc1-2afce19b2201}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{0e59f6e8-459f-477a-8c33-1e2f4a6ccc02}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8C20E429)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: B865D5C3)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
 
==================== End of Addition.txt =======================
 
 
 
 
 

  • 0

Advertisements

#2
RKinner
Posted 16 August 2022 - 06:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

No obvious malware in the logs.  I do see:

 

Error: (08/15/2022 10:36:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 10.0.19041.1806, time stamp: 0x7dcad237
Faulting module name: ntdll.dll, version: 10.0.19041.1806, time stamp: 0x1000a5b9
Exception code: 0xcfffffff
Fault offset: 0x00000000000a0934
Faulting process id: 0xd30
Faulting application start time: 0x01d8b0ac831ec301
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

 

 

 
This indicates a problem with Windows. Older laptops are prone to overheating which can cause all sorts of problems so first run Speedfan to monitor your temps in real time:
 
 
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
 
It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  
Win 10 hides icons by default so: Settings, Personalization,  Taskbar, Select which Icons appear on Taskbar,  then turn Speedfan ON.
With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 
 
We don't really want it to go over about 65 under load.  If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink.  However on some PCs this is major surgery.  Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink.  Don't do it too long as the fan may overrev.
 
 
If it's not overheating then let's run SFC and DISM to check your operating system files:
 
Search for
cmd
Right click on Command Prompt and Run as Admin.
type:
 
sfc  /scannow
This will also take a few minutes.  
 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt 
Hit Enter.  Then type::
 
 
notepad %UserProfile%\desktop\junk.txt 

Hit Enter. 

 
 Copy the text from notepad and paste it into a reply.
 

 

Reboot.

 

 

Search for
cmd
Right click on Command Prompt and Run as Admin.
type:
DISM  /Online  /Cleanup-Image  /RestoreHealth

Hit Enter.  Will take some time be patient.

 

 

 

You could also have some bad memory so:

 

https://www.tomshard...how-to-test-ram

 

(X out of the popup)

 

There's a lot of deadwood (references to files that have been removed) in your logs.  I'll give you a fixlist to remove it next time but let's see if it's overheating first.


  • 0

#3
Jamazz
Posted 17 August 2022 - 07:06 AM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Here are the preliminary test results:
 
- HDD is 88F when idle for a while, low 90's F with light use, and 104F when playing music on YouTube, and running a performance scan. It rose to 108F when running a virus scan. 
 
- I'm assuming you meant 65C, which I'm not getting anywhere near, being at 104-108F
 
- No fans show up in Speed Fan, but I can hear/feel one running. I believe the cooling system is working as intended. I will give the laptop ports a burst of air just to be sure.
 
- The virus scan took forever, and had to be left on, overnight. None found.
 
- SFC scan found corrupt files and, thankfully, fixed them. Device was rebooted.
 
- The DISM restore operation completed successfully. If there were any logs or warning messages for DISM, it did not specify as such. So, I'm assuming we're all good with DISM
 
- I ran Win10's in-house mem scan, and it found no issues.
 
Passing the torch back to you! Not surprised there's some dead wood. Looking forward to the fixlist. Thank you.

  • 0

#4
RKinner
Posted 17 August 2022 - 09:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   19.28KB   132 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 
I don't expect that it will speed up much from the fixlist so let's try a few other tests:
 
Multiple replies are OK.  Best to post a log as you get it.
 
Get Process Explorer
 
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
View and check Show Processes From All Users 
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 
Get the free version of Speccy:
 
 
(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
 
Latency Monitor:
 
Go to
 
 
Scroll down to
 
System Monitoring Tools
 
and then find
 
LatencyMon 7.0 (or it may be a higher number if they update)
 
Click on Download free home edition
 
Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for about 20 seconds.  Then hit the red box to stop it. 
 
Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  
 
 
Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it. 
 

  • 0

#5
Jamazz
Posted 17 August 2022 - 04:33 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Here are the two logs after running the fix. I am working on the other items.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2022
Ran by MIKE CATHY (administrator) on LAPTOP-BPIIB8FF (LENOVO 80TV) (17-08-2022 18:26:17)
Running from C:\Users\MIKE CATHY\Desktop
Loaded Profiles: MIKE CATHY
Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(GenericTelemetryAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoSecurityAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(SmartInteractAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer_Service_2022-08-17-18-19-49.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer_Service_2022-08-17-18-19-49.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\tv_w32.exe
(C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer_Service_2022-08-17-18-19-49.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\tv_x64.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <4>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(explorer.exe ->) () [File not signed] C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(explorer.exe ->) (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(services.exe ->) () [File not signed] C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer_Service_2022-08-17-18-19-49.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [809472 2016-05-16] () [File not signed]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [250664 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (AnchorFree Inc -> McAfee Inc.)
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\Run: [MicrosoftEdgeAutoLaunch_7B46DF534001DA0DC0FF30BF8F71993C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827128 2022-08-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: C:\WINDOWS\system32\CNCALBL.DLL [303104 2012-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\WINDOWS\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {12F685D0-3589-4905-97BE-2E1018974EC6} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4965672 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {17EA4F2C-D6C7-4BE4-A520-EBE117D9F91D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {18FFB6C8-E7B3-4EE8-B0FF-99CE7E9985D7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\28e6e7a3-b735-4617-8912-d295d3eabc16 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {25580CAB-CA42-4084-A809-0086A61B0EE6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {330C25D8-5F91-48AD-B249-73E40D4FFC2E} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [147864 2022-05-12] (Lenovo -> Lenovo Group Ltd.)
Task: {44244B5A-C2D3-45A4-9B99-2AAACEFF2361} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {47CF87BC-7D80-42CD-A648-E1EBDA7DD450} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f2b2d6fe-d1c5-45a1-b339-c6eff8807f87 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {48C93C30-0F96-4E4F-BFE7-2EAF6B3F8A55} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {4C797DC6-CC26-4F86-87B5-A6843E3636DA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8814c0c9-6b55-4d9a-b3c5-3a8208799964 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {6823AA50-2B74-4A6F-8CCC-A4E6D8C94072} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {722B2178-4CEE-4031-AE4F-B68965D0F371} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {964D0040-67AD-4E58-AAE2-26C5ED055B60} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\512cb154-b79e-4feb-be57-3b042e08c3d1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9882DD45-532F-4E95-97D5-5226E2508815} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {9BB5E5D9-AB4E-450F-B307-FB150BD0E1AD} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2287472 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {AD374E3F-D197-4348-A328-F17922BD0AD8} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {AD74FA34-928F-45A8-8EA2-59A92A0F0A26} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-09] (Microsoft Windows -> Microsoft Corporation)
Task: {B23C98A1-DB0E-43C9-9F19-0CA6BE6FAF96} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\46117c33-8f9f-4194-bfe4-abd5eab29c6f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D9650120-11AA-4D1B-B61E-F30A00963BA7} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-09] (Microsoft Windows -> Microsoft Corporation)
Task: {DE5B2EF5-A28F-470B-8651-18120AEF983D} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {F78750E6-6039-4269-A235-DB394B616584} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4258872f-dbf8-41a8-8f1f-b72eb451eafe}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{f4ca6036-760d-4fbd-a108-907e8e1f8833}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{f84a3c4a-2052-438d-85ee-d7f4231dced6}: [DhcpNameServer] 96.7.136.14 96.7.137.14
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (AdBlock — best ad blocker) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.13.0.0_neutral__c1wakc4j0nefm [2022-05-05]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\MIKE CATHY\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-17]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [625960 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [625448 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8543840 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [146944 2016-05-16] () [File not signed]
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
S3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2018-03-06] (AnchorFree Inc.) [File not signed]
R2 TeamViewer; C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe [11464096 2022-07-13] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) <==== ATTENTION
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\NisSrv.exe [3125128 2022-08-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MsMpEng.exe [133560 2022-08-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 AppleIPod; C:\WINDOWS\System32\drivers\AppleIPod.sys [30096 2021-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [42000 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [235736 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [389208 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [258128 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [105560 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [24528 2022-08-16] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [48144 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [275176 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [554080 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [114112 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [89176 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [860024 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [670904 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [221656 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [324984 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-08-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [453904 2022-08-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94456 2022-08-15] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-08-17 18:12 - 2022-08-17 18:13 - 000124751 _____ C:\Users\MIKE CATHY\Desktop\Fixlog.txt
2022-08-17 06:17 - 2022-08-17 06:23 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\TeamViewer
2022-08-17 06:17 - 2022-08-17 06:17 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Roaming\TeamViewer
2022-08-17 06:14 - 2022-08-17 06:15 - 025017176 _____ (TeamViewer) C:\Users\MIKE CATHY\Desktop\TeamViewerQS.exe
2022-08-16 20:30 - 2022-08-16 20:30 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2022-08-16 18:04 - 2022-08-16 18:04 - 001728054 _____ C:\Users\MIKE CATHY\Desktop\Virus Scan.bmp
2022-08-16 17:52 - 2022-08-16 17:52 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Roaming\AVG
2022-08-16 17:52 - 2022-08-16 17:52 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\CEF
2022-08-16 17:52 - 2022-08-16 17:52 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\AVG
2022-08-16 17:51 - 2022-08-16 17:51 - 000002082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2022-08-16 17:51 - 2022-08-16 17:51 - 000002070 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2022-08-16 17:49 - 2022-08-16 17:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2022-08-16 17:48 - 2022-08-17 18:20 - 000004266 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2022-08-16 17:48 - 2022-08-16 17:48 - 000860024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000670904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000554080 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000389208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000324984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000275176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000270632 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2022-08-16 17:48 - 2022-08-16 17:48 - 000258128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000235736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000221656 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000114112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000105560 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000089176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000048144 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000042000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000024528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000000000 ____D C:\Program Files\Common Files\AVG
2022-08-16 17:47 - 2022-08-16 17:47 - 000000000 ____D C:\Program Files\AVG
2022-08-16 17:46 - 2022-08-17 18:15 - 000000000 ____D C:\ProgramData\AVG
2022-08-16 17:45 - 2022-08-16 17:45 - 000235248 _____ (AVG Technologies CZ, s.r.o.) C:\Users\MIKE CATHY\Downloads\avg_antivirus_free_setup.exe
2022-08-16 08:48 - 2022-08-17 10:08 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2022-08-16 08:48 - 2022-08-17 10:07 - 000001087 _____ C:\Users\MIKE CATHY\Desktop\SpeedFan.lnk
2022-08-16 08:48 - 2022-08-16 08:48 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2022-08-16 08:47 - 2022-08-16 08:45 - 003086696 _____ C:\Users\MIKE CATHY\Desktop\instspeedfan452_1.exe
2022-08-16 02:09 - 2022-08-16 17:37 - 000000000 ____D C:\Program Files\Lenovo
2022-08-15 11:19 - 2022-08-17 18:26 - 000022228 _____ C:\Users\MIKE CATHY\Desktop\FRST.txt
2022-08-15 11:18 - 2022-08-17 18:25 - 000000000 ____D C:\FRST
2022-08-15 11:18 - 2022-08-17 18:12 - 000000000 ____D C:\Users\MIKE CATHY\Desktop\FRST-OlderVersion
2022-08-15 11:06 - 2022-08-17 18:12 - 002371072 _____ (Farbar) C:\Users\MIKE CATHY\Desktop\FRST64.exe
2022-08-14 22:48 - 2022-08-14 22:48 - 000000000 ___HD C:\$SysReset
2022-08-14 22:00 - 2022-08-14 22:01 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-14 21:38 - 2022-08-14 21:38 - 000000000 ____D C:\WINDOWS\pss
2022-08-13 19:13 - 2022-08-13 19:13 - 000000000 __SHD C:\found.036
2022-08-13 17:19 - 2022-08-13 17:19 - 000001228 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28 - Shortcut.lnk
2022-08-09 17:21 - 2022-08-09 17:21 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-09 17:21 - 2022-08-09 17:21 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-09 17:20 - 2022-08-09 17:20 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-09 17:19 - 2022-08-09 17:19 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-09 17:18 - 2022-08-09 17:18 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-09 17:18 - 2022-08-09 17:18 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-09 17:18 - 2022-08-09 17:18 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-09 17:18 - 2022-08-09 17:18 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-09 16:19 - 2022-08-09 16:19 - 000000000 ___HD C:\$WinREAgent
2022-08-08 14:32 - 2022-08-08 14:32 - 000160229 _____ C:\Users\MIKE CATHY\Downloads\Kaitlyn D. Ibrahim, MD.pdf
2022-07-23 13:32 - 2022-07-23 13:32 - 000916254 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28.bmp
2022-07-23 13:32 - 2022-07-23 13:32 - 000000079 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28.html
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-08-17 18:23 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-17 18:16 - 2016-12-30 13:36 - 000000000 __SHD C:\Users\MIKE CATHY\IntelGraphicsProfiles
2022-08-17 18:15 - 2021-01-20 16:51 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-17 18:15 - 2020-11-19 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-17 18:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-08-17 18:14 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-08-17 18:13 - 2021-01-20 17:02 - 000000000 ____D C:\Users\MIKE CATHY
2022-08-17 18:11 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-17 08:33 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-17 03:57 - 2020-11-19 03:32 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-08-17 03:57 - 2020-11-19 03:32 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-08-16 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-08-16 20:39 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-08-16 17:48 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-08-16 17:44 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-16 02:10 - 2016-12-30 13:55 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\Lenovo
2022-08-15 20:09 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-08-15 12:45 - 2021-12-12 14:39 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3710523834-1862825545-2785641031-1001
2022-08-15 12:45 - 2021-01-20 17:54 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3710523834-1862825545-2785641031-1001
2022-08-15 12:45 - 2021-01-20 17:02 - 000002405 _____ C:\Users\MIKE CATHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-08-15 11:37 - 2021-01-19 14:02 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\D3DSCache
2022-08-15 10:57 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-15 10:47 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-15 10:47 - 2020-11-19 03:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-08-15 08:19 - 2017-01-03 22:39 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\Google
2022-08-13 17:50 - 2021-01-20 17:11 - 000025524 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-08-13 17:43 - 2017-07-08 19:36 - 000000000 ____D C:\ProgramData\WRData
2022-08-13 17:08 - 2017-07-08 19:36 - 000000000 ____D C:\Program Files\Webroot
2022-08-13 17:02 - 2017-07-08 19:37 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\lptmp
2022-08-09 23:10 - 2020-11-19 03:30 - 000437736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-09 23:06 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-09 23:06 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-09 17:18 - 2020-11-19 03:32 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-09 16:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-09 16:03 - 2016-12-30 18:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-09 15:51 - 2016-12-30 18:11 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-07 19:30 - 2016-12-30 16:55 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2022-08-05 19:57 - 2020-03-26 10:07 - 000000000 ____D C:\WINDOWS\TempInst
 
==================== Files in the root of some directories ========
 
2022-05-16 13:07 - 2012-09-20 06:00 - 000105472 _____ (CANON INC.) C:\Users\MIKE CATHY\cnmss Canon MX920 series Printer WS (Local).dll
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
---Addition.txt---
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2022
Ran by MIKE CATHY (17-08-2022 18:27:39)
Running from C:\Users\MIKE CATHY\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) (2021-01-20 21:55:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3710523834-1862825545-2785641031-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3710523834-1862825545-2785641031-503 - Limited - Disabled)
Guest (S-1-5-21-3710523834-1862825545-2785641031-501 - Limited - Disabled)
MIKE CATHY (S-1-5-21-3710523834-1862825545-2785641031-1001 - Administrator - Enabled) => C:\Users\MIKE CATHY
WDAGUtilityAccount (S-1-5-21-3710523834-1862825545-2785641031-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 22.7.3245 - AVG Technologies)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.31.68 - Conexant)
Dolby Audio X2 Windows API SDK (HKLM\...\{27DBA722-5298-4184-9535-C529EDF3C82D}) (Version: 0.7.1.56 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{C55DB969-8BE0-4D7F-BF27-B8D316D944D6}) (Version: 0.7.1.59 - Dolby Laboratories, Inc.)
H&R Block Deluxe + Efile + State 2016 (HKLM-x32\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.6401 - HRB Technology, LLC.)
H&R Block Pennsylvania 2016 (HKLM-x32\...\{BAECF4E0-1EB0-4CBA-A0D9-09BA014038A3}) (Version: 1.16.3501 - HRB Technology, LLC.)
Intel® Chipset Device Software (HKLM\...\{47DC837D-ECA6-49AF-9904-1427BB94EF4C}) (Version: 10.1.1.27 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{2B8D577D-4E81-4F0B-A63D-0A4D5C897B5A}) (Version: 11.5.0.1015 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4471 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{FBE0EFD3-4A1F-4E28-A26B-6FAD2DD1AAE4}) (Version: 15.0.0.1039 - Intel Corporation) Hidden
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.14.0 - Lenovo Group Ltd.)
McAfee Safe Connect (HKLM-x32\...\{8DF95C34-C5EB-4026-9C86-E49F2A94677A}) (Version: 1.6.0.223 - McAfee, Inc)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\OneDriveSetup.exe) (Version: 22.151.0717.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.887.051116 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0286 - REALTEK Semiconductor Corp.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
AdBlock -> C:\Program Files\WindowsApps\BetaFish.AdBlock_2.13.0.0_neutral__c1wakc4j0nefm [2022-05-05] (BetaFish)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.224.300.0_x64__kgqvnymyfvs32 [2022-08-13] (king.com)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-19] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2207.2.0_x64__k1h2ywk1493x8 [2022-08-03] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-28] (Microsoft Studios) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-09-06] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-03] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-05] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2022-03-13] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-06-16 04:31 - 2022-06-16 04:31 - 000355840 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\2b8c809e451b1c9f7f7c0b7a9553a86f\Interop.CxHDAudioAPILib.ni.dll
2016-10-26 21:20 - 2016-03-10 22:07 - 001145856 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{34E3B3EB-53BB-40DC-AA78-A8F42A4CDE09}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{54C02379-8278-49D8-BEF0-2CD1E261B908}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B8B7DA52-9F52-4317-B78C-C1F27664C12F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A307C37-27D1-43A5-B0EB-DBD1B928B4A6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68717F48-52B5-456D-86BD-947D64669C0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B80247AF-1727-42DA-BFA4-876F51ADC2A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6214189B-7538-4E80-BEC3-D696CD974D6D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{95D0D028-FBCD-4B8C-8E11-6AF0E8442F9E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE83B42B-3D52-4398-A9C2-B834F5B69FC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D1EC56FA-9FA1-492A-A47A-8603953F396F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5788E05C-47BA-43BF-9AEB-9A14288D0485}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D4F20F3-9232-40EB-8C52-12752D8611AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EDD93E6D-AEE7-4A06-B714-0544A76B886F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C43D96E-3B6E-4AA8-BB68-D6C1866F4521}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{86E16723-1599-4B8F-BCEC-65971E63D25D}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
 
==================== Restore Points =========================
 
09-08-2022 16:13:59 Windows Modules Installer
09-08-2022 16:16:06 Windows Modules Installer
15-08-2022 08:20:08 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
 
System errors:
=============
Error: (08/17/2022 06:23:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/17/2022 06:23:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
 
Error: (08/17/2022 06:23:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/17/2022 06:23:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
 
Error: (08/17/2022 06:23:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/17/2022 06:23:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.
 
Error: (08/17/2022 06:16:00 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The Conexant SmartAudio service service has reported an invalid current state 14.
 
 
CodeIntegrity:
===============
Date: 2022-08-17 18:19:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.
 
Date: 2022-08-17 18:17:13
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\aswd73be8bd2a6d4108.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2022-08-17 18:16:57
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO 3JCN21WW 09/23/2016
Motherboard: LENOVO Torronto 5C2
Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 54%
Total physical RAM: 8092.13 MB
Available physical RAM: 3714.85 MB
Total Virtual: 12700.13 MB
Available Virtual: 8248.69 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:864.46 GB) (Model: ST1000LM035-1RK172) NTFS
 
\\?\Volume{ac5da186-41e5-4ccd-bcc1-2afce19b2201}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{0e59f6e8-459f-477a-8c33-1e2f4a6ccc02}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8C20E429)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#6
Jamazz
Posted 17 August 2022 - 04:43 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Process Explorer Log

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 96.62 60 K 8 K 0
procexp64.exe 2.27 36,528 K 72,644 K 11936 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
TeamViewer_Desktop.exe 1.14 334,420 K 336,580 K 12820 TeamViewer TeamViewer Germany GmbH (Verified) TeamViewer Germany GmbH
TeamViewer.exe < 0.01 44,900 K 49,052 K 10756 TeamViewer TeamViewer Germany GmbH (Verified) TeamViewer Germany GmbH
TeamViewer_Service.exe < 0.01 90,768 K 50,228 K 4900 TeamViewer TeamViewer Germany GmbH (Verified) TeamViewer Germany GmbH
System < 0.01 240 K 22,656 K 4
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe < 0.01 67,272 K 83,572 K 1276 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
explorer.exe < 0.01 67,820 K 143,140 K 6916 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
FRST64.exe < 0.01 635,568 K 662,928 K 11672 Farbar Recovery Scan Tool Farbar (No signature was present in the subject) Farbar
csrss.exe < 0.01 2,552 K 5,484 K 816 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
AVGUI.exe < 0.01 36,684 K 67,924 K 8844 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
LenovoVantage-(LenovoBoostSystemAddin).exe < 0.01 40,236 K 55,940 K 11500 Lenovo Group Ltd. (Verified) Lenovo
AVGSvc.exe < 0.01 90,216 K 39,656 K 2924 AVG Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
Lenovo.Modern.ImController.exe < 0.01 55,804 K 67,944 K 3876 Lenovo.Modern.ImController Lenovo Group Ltd. (Verified) Lenovo
svchost.exe < 0.01 6,664 K 19,164 K 3040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,524 K 7,944 K 1212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
fmapp.exe < 0.01 1,392 K 6,464 K 9060 FMAPP Application (Verified) Fortemedia Inc
svchost.exe < 0.01 11,992 K 20,776 K 2676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
msedge.exe < 0.01 53,300 K 148,412 K 8820 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
lsass.exe < 0.01 7,452 K 19,460 K 912
RuntimeBroker.exe < 0.01 6,344 K 24,680 K 10896 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
Lenovo.Modern.ImController.PluginHost.Device.exe < 0.01 29,160 K 36,292 K 10008 Lenovo.Modern.ImController.PluginHost Lenovo Group Ltd. (Verified) Lenovo
msedge.exe < 0.01 12,408 K 36,392 K 2456 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
Lenovo.Modern.ImController.PluginHost.SettingsApp.exe < 0.01 44,692 K 51,836 K 5888 Lenovo.Modern.ImController.PluginHost Lenovo Group Ltd. (Verified) Lenovo
DolbyDAX2API.exe < 0.01 29,528 K 32,528 K 3840 DolbyDAX2API (No signature was present in the subject)
svchost.exe < 0.01 3,792 K 21,568 K 7500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Lenovo.Modern.ImController.PluginHost.SettingsApp.exe < 0.01 30,704 K 38,780 K 7364 Lenovo.Modern.ImController.PluginHost Lenovo Group Ltd. (Verified) Lenovo
msedge.exe < 0.01 87,320 K 144,428 K 11868 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 2,452 K 7,652 K 12900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
aswEngSrv.exe < 0.01 59,220 K 93,912 K 5876 AVG Antivirus engine server AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
avgToolsSvc.exe < 0.01 32,808 K 40,532 K 3340 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
svchost.exe < 0.01 2,568 K 10,300 K 1476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
wlanext.exe < 0.01 2,092 K 7,332 K 3200 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 2,580 K 8,520 K 5564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
msedge.exe < 0.01 77,684 K 104,980 K 7788 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 2,844 K 9,992 K 2760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 1,524 K 5,892 K 1388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WUDFHost.exe < 0.01 1,440 K 5,844 K 676 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 3,492 K 9,724 K 2484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,088 K 7,864 K 2764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 6,792 K 21,900 K 6248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,648 K 20,592 K 3000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 7,276 K 14,700 K 1160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
msedge.exe < 0.01 8,784 K 28,292 K 6360 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 4,584 K 15,896 K 9728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,716 K 15,136 K 8852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 14,732 K 23,828 K 3892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,612 K 16,760 K 6804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
tv_w32.exe < 0.01 2,828 K 9,648 K 11212 TeamViewer TeamViewer Germany GmbH (Verified) TeamViewer Germany GmbH
SynTPEnh.exe < 0.01 6,672 K 21,560 K 6156 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
tv_x64.exe < 0.01 2,480 K 9,356 K 11232 TeamViewer TeamViewer Germany GmbH (Verified) TeamViewer Germany GmbH
aswidsagent.exe < 0.01 26,356 K 40,472 K 3932 AVG Software Analyzer AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
LenovoVantageService.exe < 0.01 56,740 K 66,164 K 3952 LenovoVantageService Lenovo Group Ltd. (Verified) Lenovo
svchost.exe < 0.01 81,436 K 90,180 K 1944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 10,088 K 20,860 K 3936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,520 K 12,452 K 4408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
YourPhone.exe Suspended 26,276 K 56,020 K 3068 Microsoft Corporation (Verified) Microsoft Corporation
WUDFHost.exe 1,516 K 5,620 K 1088 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wsc_proxy.exe 4,232 K 11,684 K 2032 AVG remediation exe AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
WmiPrvSE.exe 2,276 K 9,300 K 6120 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,640 K 11,328 K 920 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,428 K 6,716 K 808 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
UserOOBEBroker.exe 2,204 K 10,064 K 11228 User OOBE Broker Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,360 K 6,816 K 3256 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TextInputHost.exe 11,884 K 42,680 K 9896 Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 3,052 K 14,128 K 12300 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 8,792 K 19,844 K 6584 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SystemSettings.exe Suspended 26,888 K 77,456 K 9536 Settings Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,472 K 7,468 K 7044 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe 1,480 K 6,204 K 648 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 3,180 K 14,992 K 6924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,644 K 9,580 K 1740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,524 K 36,576 K 6420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,784 K 12,252 K 2236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,008 K 7,292 K 2904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,080 K 31,152 K 664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,412 K 12,520 K 2660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,248 K 27,656 K 3924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 30,932 K 26,804 K 4072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,480 K 9,916 K 2220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 18,900 K 14,628 K 1616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,424 K 7,400 K 1952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,284 K 8,424 K 2752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,472 K 9,100 K 4280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,644 K 16,416 K 2244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,024 K 7,728 K 3708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,256 K 12,800 K 2624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,020 K 7,600 K 1176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,824 K 8,700 K 1784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,224 K 13,776 K 1576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,308 K 5,688 K 2076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,924 K 10,380 K 4040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,032 K 18,936 K 3628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 22,832 K 38,672 K 3868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,824 K 11,364 K 9080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,868 K 15,544 K 1668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,068 K 16,576 K 7936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,620 K 10,948 K 9548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,048 K 14,124 K 3860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,708 K 8,440 K 1508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,872 K 7,904 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,468 K 6,924 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,016 K 8,364 K 2340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,872 K 7,640 K 2464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,024 K 7,328 K 2492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,576 K 6,428 K 3904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,624 K 6,236 K 4012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,324 K 5,456 K 2296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,968 K 10,784 K 4160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,368 K 5,140 K 4368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,248 K 7,288 K 4680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,344 K 11,832 K 5212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,820 K 8,340 K 6948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,972 K 7,844 K 7128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,592 K 10,808 K 5820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,912 K 11,448 K 9884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,248 K 8,564 K 9360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,516 K 5,960 K 10500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,448 K 6,020 K 13260 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,540 K 8,852 K 7332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe 26,972 K 59,968 K 5512 (Verified) Microsoft Windows
spoolsv.exe 6,808 K 18,000 K 3432 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 1,072 K 1,064 K 512 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
SmartAudio.exe 56,008 K 55,980 K 6776 SmartAudio Conexant Systems, Inc (Verified) Conexant Systems, Inc.
sihost.exe 6,588 K 28,660 K 6048 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 23,348 K 69,932 K 10748 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 5,116 K 7,820 K 10144 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 5,540 K 9,692 K 884 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SecurityHealthSystray.exe 1,968 K 10,100 K 9000 Windows Security notification icon Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 4,828 K 16,172 K 9036 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 21,916 K 28,196 K 5704 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchApp.exe Suspended 88,800 K 163,012 K 7908 Search application Microsoft Corporation (Verified) Microsoft Windows
SearchApp.exe Suspended 307,556 K 375,416 K 10296 Search application Microsoft Corporation (Verified) Microsoft Windows
SASrv.exe 1,396 K 7,008 K 3244 SmartAudio Service Application Conexant Systems, Inc. (Verified) Conexant Systems, Inc.
RuntimeBroker.exe 2,792 K 13,616 K 10652 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 9,368 K 28,736 K 1492 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,044 K 22,920 K 5404 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,844 K 22,512 K 4216 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkBtManServ.exe 1,828 K 7,076 K 4060 Realtek Bluetooth BTDevManager Service Application Realtek Semiconductor Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
Registry 8,392 K 87,440 K 100
procexp.exe 4,236 K 11,600 K 8940 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 25,012 K 17,612 K 6312 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 8,144 K 19,620 K 1328 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 8,588 K 24,652 K 5732 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 15,360 K 35,572 K 11080 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 46,576 K 98,536 K 9276 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 2,592 K 9,096 K 8908 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
Memory Compression 300 K 111,052 K 2264
LenovoVantage-(VantageCoreAddin).exe 43,824 K 46,560 K 9408 Lenovo Group Ltd. (Verified) Lenovo
LenovoVantage-(SmartInteractAddin).exe 28,076 K 35,008 K 12276 Lenovo Group Ltd. (Verified) Lenovo
LenovoVantage-(LenovoServiceBridgeAddin).exe 28,156 K 37,844 K 9740 Lenovo Group Ltd. (Verified) Lenovo
LenovoVantage-(LenovoBoostAddin).exe 41,484 K 47,412 K 11288 Lenovo Group Ltd. (Verified) Lenovo
LenovoVantage-(DeviceSettingsSystemAddin).exe 29,468 K 33,184 K 9376 Lenovo Group Ltd. (Verified) Lenovo
Lenovo.Modern.ImController.PluginHost.SettingsApp.exe 31,504 K 38,008 K 3440 Lenovo.Modern.ImController.PluginHost Lenovo Group Ltd. (Verified) Lenovo
IntelCpHeciSvc.exe 1,464 K 7,092 K 4428 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel® pGFX
IntelCpHDCPSvc.exe 1,468 K 7,208 K 3848 Intel HD Graphics Drivers for Windows® Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 4,308 K 15,612 K 7640 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,868 K 8,756 K 2428 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
IAStorIcon.exe 22,432 K 33,476 K 9952 IAStorIcon Intel Corporation (Verified) Intel® Rapid Storage Technology
IAStorDataMgrSvc.exe 32,092 K 36,248 K 9184 IAStorDataSvc Intel Corporation (Verified) Intel® Rapid Storage Technology
fontdrvhost.exe 3,708 K 7,812 K 680 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 1,604 K 3,480 K 748 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
DolbyDAX2TrayIcon.exe 4,004 K 11,296 K 9164 (No signature was present in the subject)
dllhost.exe 3,652 K 12,076 K 6492 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 3,480 K 9,412 K 4388 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
CxAudMsg64.exe 1,848 K 8,768 K 3832 Conexant Audio Message Service Conexant Systems Inc. (Verified) Conexant Systems, Inc.
ctfmon.exe 4,500 K 20,976 K 1556 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 2,080 K 5,424 K 724 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe 6,236 K 5,248 K 3216 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
CAudioFilterAgent64.exe 2,064 K 9,472 K 8496 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems, Inc.
AVGUI.exe 22,360 K 46,920 K 11596 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
AVGUI.exe 16,176 K 40,488 K 11492 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
AVGUI.exe 15,140 K 34,940 K 12560 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
audiodg.exe 8,212 K 16,236 K 10336 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
ApplicationFrameHost.exe 8,732 K 30,164 K 3088 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows

  • 0

#7
Jamazz
Posted 17 August 2022 - 04:47 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Junk file

 

 

 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                       100 N/A                                         
smss.exe                       512 N/A                                         
csrss.exe                      724 N/A                                         
wininit.exe                    808 N/A                                         
csrss.exe                      816 N/A                                         
services.exe                   884 N/A                                         
lsass.exe                      912 KeyIso, SamSs, VaultSvc                     
winlogon.exe                   920 N/A                                         
svchost.exe                    664 BrokerInfrastructure, DcomLaunch, PlugPlay, 
                                   Power, SystemEventsBroker                   
WUDFHost.exe                   676 N/A                                         
fontdrvhost.exe                680 N/A                                         
fontdrvhost.exe                748 N/A                                         
WUDFHost.exe                  1088 N/A                                         
svchost.exe                   1160 RpcEptMapper, RpcSs                         
svchost.exe                   1212 LSM                                         
dwm.exe                       1276 N/A                                         
svchost.exe                   1388 CoreMessagingRegistrar                      
svchost.exe                   1476 NcbService                                  
svchost.exe                   1508 DisplayEnhancementService                   
svchost.exe                   1576 ProfSvc                                     
svchost.exe                   1584 TimeBrokerSvc                               
svchost.exe                   1616 EventLog                                    
svchost.exe                   1668 Schedule                                    
svchost.exe                   1740 UserManager                                 
svchost.exe                   1784 nsi                                         
svchost.exe                   1952 Dhcp                                        
wsc_proxy.exe                 2032 AvgWscReporter                              
svchost.exe                   1176 EventSystem                                 
svchost.exe                   1356 DispBrokerDesktopSvc                        
svchost.exe                   1944 SysMain                                     
svchost.exe                   2076 Themes                                      
svchost.exe                   2220 camsvc                                      
svchost.exe                   2236 NlaSvc                                      
svchost.exe                   2244 StateRepository                             
Memory Compression            2264 N/A                                         
svchost.exe                   2340 SENS                                        
igfxCUIService.exe            2428 igfxCUIService2.0.0.0                       
svchost.exe                   2464 AudioEndpointBuilder                        
svchost.exe                   2484 netprofm                                    
svchost.exe                   2492 FontCache                                   
svchost.exe                   2624 Audiosrv                                    
svchost.exe                   2752 Dnscache                                    
svchost.exe                   2764 DusmSvc                                     
svchost.exe                   2760 Wcmsvc                                      
svchost.exe                   2904 WinHttpAutoProxySvc                         
svchost.exe                   3040 WlanSvc                                     
svchost.exe                   2676 AppXSvc                                     
svchost.exe                   2660 ShellHWDetection                            
AVGSvc.exe                    2924 AVG Antivirus                               
wlanext.exe                   3200 N/A                                         
conhost.exe                   3216 N/A                                         
avgToolsSvc.exe               3340 AVG Tools                                   
spoolsv.exe                   3432 Spooler                                     
svchost.exe                   3628 BFE, mpssvc                                 
svchost.exe                   3708 LanmanWorkstation                           
CxAudMsg64.exe                3832 CxAudMsg                                    
DolbyDAX2API.exe              3840 DAX2API                                     
IntelCpHDCPSvc.exe            3848 cplspcon                                    
svchost.exe                   3860 CryptSvc                                    
svchost.exe                   3868 DiagTrack                                   
Lenovo.Modern.ImControlle     3876 ImControllerService                         
svchost.exe                   3892 DPS                                         
svchost.exe                   3904 DeviceAssociationService                    
svchost.exe                   3936 Winmgmt                                     
LenovoVantageService.exe      3952 LenovoVantageService                        
svchost.exe                   4012 SstpSvc                                     
RtkBtManServ.exe              4060 RtkBtManServ                                
SASrv.exe                     3244 SAService                                   
SynTPEnhService.exe            648 SynTPEnhService                             
svchost.exe                   2296 TrkWks                                      
svchost.exe                   3000 WpnService                                  
svchost.exe                   4160 iphlpsvc                                    
svchost.exe                   4280 LanmanServer                                
svchost.exe                   4368 WdiServiceHost                              
dasHost.exe                   4388 N/A                                         
svchost.exe                   4408 RasMan                                      
IntelCpHeciSvc.exe            4428 cphs                                        
svchost.exe                   4680 SSDPSRV                                     
TeamViewer_Service.exe        4900 TeamViewer                                  
svchost.exe                   5212 stisvc                                      
svchost.exe                   5564 RmSvc                                       
aswEngSrv.exe                 5876 N/A                                         
WmiPrvSE.exe                  6120 N/A                                         
svchost.exe                   4040 wscsvc                                      
aswidsagent.exe               3932 avgbIDSAgent                                
unsecapp.exe                  3256 N/A                                         
sihost.exe                    6048 N/A                                         
SynTPEnh.exe                  6156 N/A                                         
svchost.exe                   6248 CDPUserSvc_7409f                            
PresentationFontCache.exe     6312 FontCache3.0.0.0                            
svchost.exe                   6420 WpnUserService_7409f                        
taskhostw.exe                 6584 N/A                                         
SmartAudio.exe                6776 N/A                                         
svchost.exe                   6924 TokenBroker                                 
svchost.exe                   6948 Appinfo                                     
svchost.exe                   7128 TabletInputService                          
ctfmon.exe                    1556 N/A                                         
SynTPHelper.exe               7044 N/A                                         
explorer.exe                  6916 N/A                                         
svchost.exe                   6804 CDPSvc                                      
svchost.exe                   5820 PcaSvc                                      
svchost.exe                   7500 cbdhsvc_7409f                               
igfxEM.exe                    7640 N/A                                         
Lenovo.Modern.ImControlle     5888 N/A                                         
Lenovo.Modern.ImControlle     7364 N/A                                         
StartMenuExperienceHost.e     5512 N/A                                         
RuntimeBroker.exe             4216 N/A                                         
SearchApp.exe                 7908 N/A                                         
SearchIndexer.exe             5704 WSearch                                     
RuntimeBroker.exe             5404 N/A                                         
svchost.exe                   7936 LicenseManager                              
YourPhone.exe                 3068 N/A                                         
Lenovo.Modern.ImControlle     3440 N/A                                         
RuntimeBroker.exe             1492 N/A                                         
SecurityHealthSystray.exe     9000 N/A                                         
SecurityHealthService.exe     9036 SecurityHealthService                       
fmapp.exe                     9060 N/A                                         
DolbyDAX2TrayIcon.exe         9164 N/A                                         
CAudioFilterAgent64.exe       8496 N/A                                         
AVGUI.exe                     8844 N/A                                         
msedge.exe                    8820 N/A                                         
msedge.exe                    8908 N/A                                         
msedge.exe                    7788 N/A                                         
msedge.exe                    2456 N/A                                         
msedge.exe                    1328 N/A                                         
msedge.exe                    9276 N/A                                         
svchost.exe                   9728 DoSvc                                       
svchost.exe                   9884 OneSyncSvc_7409f                            
IAStorIcon.exe                9952 N/A                                         
LenovoVantage-(VantageCor     9408 N/A                                         
svchost.exe                   8852 lfsvc                                       
svchost.exe                   9080 StorSvc                                     
IAStorDataMgrSvc.exe          9184 IAStorDataMgrSvc                            
Lenovo.Modern.ImControlle    10008 N/A                                         
SgrmBroker.exe               10144 SgrmBroker                                  
svchost.exe                   9360 UsoSvc                                      
audiodg.exe                  10336 N/A                                         
svchost.exe                  10500 WdiSystemHost                               
ShellExperienceHost.exe      10748 N/A                                         
TeamViewer.exe               10756 N/A                                         
RuntimeBroker.exe            10896 N/A                                         
tv_w32.exe                   11212 N/A                                         
tv_x64.exe                   11232 N/A                                         
RuntimeBroker.exe            10652 N/A                                         
ApplicationFrameHost.exe      3088 N/A                                         
SystemSettings.exe            9536 N/A                                         
svchost.exe                   9548 BthAvctpSvc                                 
TextInputHost.exe             9896 N/A                                         
LenovoVantage-(DeviceSett     9376 N/A                                         
LenovoVantage-(LenovoServ     9740 N/A                                         
LenovoVantage-(LenovoBoos    11288 N/A                                         
LenovoVantage-(LenovoBoos    11500 N/A                                         
LenovoVantage-(SmartInter    12276 N/A                                         
svchost.exe                  13260 lmhosts                                     
taskhostw.exe                12300 N/A                                         
TeamViewer_Desktop.exe       12820 N/A                                         
svchost.exe                  12900 QWAVE                                       
FRST64.exe                   11672 N/A                                         
SearchApp.exe                10296 N/A                                         
dllhost.exe                   6492 N/A                                         
UserOOBEBroker.exe           11228 N/A                                         
AVGUI.exe                    11596 N/A                                         
AVGUI.exe                    11492 N/A                                         
AVGUI.exe                    12560 N/A                                         
msedge.exe                    5732 N/A                                         
msedge.exe                   11868 N/A                                         
msedge.exe                    6360 N/A                                         
msedge.exe                   11080 N/A                                         
procexp.exe                   8940 N/A                                         
procexp64.exe                11936 N/A                                         
svchost.exe                   3924 InstallService                              
svchost.exe                   4072 wuauserv                                    
smartscreen.exe               9680 N/A                                         
SearchProtocolHost.exe       11780 N/A                                         
SearchFilterHost.exe         10768 N/A                                         
dllhost.exe                  10544 N/A                                         
cmd.exe                       3052 N/A                                         
conhost.exe                   7564 N/A                                         
tasklist.exe                 10840 N/A                                         
WmiPrvSE.exe                 12068 N/A                                         

  • 0

#8
Jamazz
Posted 17 August 2022 - 04:55 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Speccy Log attached

Attached Files


  • 0

#9
Jamazz
Posted 17 August 2022 - 05:01 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

LatencyMon Log

 

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system seems to be having difficulty handling real-time audio and other tasks. You may experience drop outs, clicks or pops due to buffer underruns. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. At least one detected problem appears to be network related. In case you are using a WLAN adapter, try disabling it to get better results. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates. 
LatencyMon has been analyzing your system for  0:00:50  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        LAPTOP-BPIIB8FF
OS version:                                           Windows 10, 10.0, version 2009, build: 19044 (x64)
Hardware:                                             80TV, LENOVO
BIOS:                                                 3JCN21WW
CPU:                                                  GenuineIntel Intel® Core™ i7-7500U CPU @ 2.70GHz
Logical processors:                                   4
Processor groups:                                     1
Processor group size:                                 4
RAM:                                                  8092 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed (WMI):                             290 MHz
Reported CPU speed (registry):                        2904 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   683.70
Average measured interrupt to process latency (µs):   5.789438
 
Highest measured interrupt to DPC latency (µs):       629.30
Average measured interrupt to DPC latency (µs):       1.938979
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              68.522727
Driver with highest ISR routine execution time:       ACPI.sys - ACPI Driver for NT, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.000346
Driver with highest ISR total time:                   ACPI.sys - ACPI Driver for NT, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.000346
 
ISR count (execution time <250 µs):                   11
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              1073.004132
Driver with highest DPC routine execution time:       ACPI.sys - ACPI Driver for NT, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.062897
Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.196776
 
DPC count (execution time <250 µs):                   90583
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              23
DPC count (execution time 1000-2000 µs):              1
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 compattelrunner.exe
 
Total number of hard pagefaults                       1484
Hard pagefault count of hardest hit process:          1169
Number of processes hit:                              16
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.603777
CPU 0 ISR highest execution time (µs):                68.522727
CPU 0 ISR total execution time (s):                   0.000696
CPU 0 ISR count:                                      11
CPU 0 DPC highest execution time (µs):                1073.004132
CPU 0 DPC total execution time (s):                   0.290553
CPU 0 DPC count:                                      57321
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.119370
CPU 1 ISR highest execution time (µs):                0.0
CPU 1 ISR total execution time (s):                   0.0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                690.933540
CPU 1 DPC total execution time (s):                   0.008777
CPU 1 DPC count:                                      2271
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.385324
CPU 2 ISR highest execution time (µs):                0.0
CPU 2 ISR total execution time (s):                   0.0
CPU 2 ISR count:                                      0
CPU 2 DPC highest execution time (µs):                745.426653
CPU 2 DPC total execution time (s):                   0.07880
CPU 2 DPC count:                                      27030
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.159969
CPU 3 ISR highest execution time (µs):                0.0
CPU 3 ISR total execution time (s):                   0.0
CPU 3 ISR count:                                      0
CPU 3 DPC highest execution time (µs):                228.831956
CPU 3 DPC total execution time (s):                   0.018003
CPU 3 DPC count:                                      3985
_________________________________________________________________________________________________________

  • 0

#10
Jamazz
Posted 17 August 2022 - 05:07 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Total execution & hard pagefaults  SS

Attached Thumbnails

  • Total Execution ms.jpg
  • Hard Pagefaults.jpg

  • 0

Advertisements

#11
Jamazz
Posted 17 August 2022 - 05:09 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

I need to step away as I have some errands to run, but that should be all of your current requests, for now. Thank you.


  • 0

#12
RKinner
Posted 17 August 2022 - 08:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I see you have added AVG and Teamviewer to the PC.  Please do not add software while we are working on it.  Hard to paint a moving train.  You should probably uninstall McAfee Safe Connect.  Appears to be a VPN program and VPNs always slow down things.

 

 

 

Bring up the FRST program and put 

browser.dll

in the Search Box and then hit Search Files

 

Windows is complaining that the file is missing and unfortunately SFC and DISM did not replace it.

 

Latency Monitor is showing a problem with ACPI.sys.  That's a critical windows file so probably not at fault.  I think it talks to the BIOS so you should try updating the BIOS.  Your current BIOS is dated 2016.  The latest on the Lenovo site for a random Model 80TV

 
is 
 
3JCN31WW 06 Sep 2018
 
 
May not be your exact model so make sure you give them the exact part number or serial number or whatever they ask for.

  • 0

#13
Jamazz
Posted 17 August 2022 - 09:59 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Apologies on the software adds. I needed an antivirus program, at least, to follow one of your steps. I can uninstall them if you need me to, just let me know.


  • 0

#14
Jamazz
Posted 18 August 2022 - 06:10 AM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

The owner gave me a replacement battery, last night. I looked under the hood and learned I had to take the mobo completely out to even get to the battery. It's in pieces at the moment, and I need to clean the whole thing. Lots of dust and gunk. I will touch base once I have it cleaned up, new batt installed, and it fired up again.


  • 0

#15
RKinner
Posted 18 August 2022 - 03:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

You may see a big increase in speed after changing the battery.  A bad battery can cause the operating voltage to drop even when plugged into the wall and this can slow things down.

 

As far as AVG & TeamViewer are concerned you can leave them if you want tho the built-in Windows Defender is a  good enough anti-virus for most users.  


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP