Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lenovo Laptop extremely slow. Malware and/or software issues suspected

Started by Jamazz , Aug 15 2022 09:55 AM

  • This topic is locked This topic is locked

#31
Jamazz
Posted 20 August 2022 - 08:29 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Okay. All system updates are done. I restarted and ran the scans again.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2022
Ran by MIKE CATHY (administrator) on LAPTOP-BPIIB8FF (LENOVO 80TV) (20-08-2022 22:06:59)
Running from C:\Users\MIKE CATHY\Desktop
Loaded Profiles: MIKE CATHY
Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(SmartInteractAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(explorer.exe ->) () [File not signed] C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(explorer.exe ->) (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(services.exe ->) () [File not signed] C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [809472 2016-05-16] () [File not signed]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [250664 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\Run: [MicrosoftEdgeAutoLaunch_7B46DF534001DA0DC0FF30BF8F71993C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827128 2022-08-18] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\Users\MIKE CATHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX920 series Printer WS.lnk [2022-08-12]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {12F685D0-3589-4905-97BE-2E1018974EC6} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4965672 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {17EA4F2C-D6C7-4BE4-A520-EBE117D9F91D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {18FFB6C8-E7B3-4EE8-B0FF-99CE7E9985D7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\28e6e7a3-b735-4617-8912-d295d3eabc16 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {25580CAB-CA42-4084-A809-0086A61B0EE6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {322FBE35-4183-4AAB-BD84-3329718B1AD2} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\Windows\System32\Autopilot.dll [192000 2022-08-20] (Microsoft Windows -> Microsoft Corporation)
Task: {330C25D8-5F91-48AD-B249-73E40D4FFC2E} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [147864 2022-05-12] (Lenovo -> Lenovo Group Ltd.)
Task: {44244B5A-C2D3-45A4-9B99-2AAACEFF2361} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {47CF87BC-7D80-42CD-A648-E1EBDA7DD450} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f2b2d6fe-d1c5-45a1-b339-c6eff8807f87 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {48C93C30-0F96-4E4F-BFE7-2EAF6B3F8A55} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {4C797DC6-CC26-4F86-87B5-A6843E3636DA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8814c0c9-6b55-4d9a-b3c5-3a8208799964 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {5A7D040D-34DB-408A-A9B0-F1513BD59040} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\Windows\System32\Autopilot.dll [192000 2022-08-20] (Microsoft Windows -> Microsoft Corporation)
Task: {6823AA50-2B74-4A6F-8CCC-A4E6D8C94072} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {722B2178-4CEE-4031-AE4F-B68965D0F371} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {964D0040-67AD-4E58-AAE2-26C5ED055B60} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\512cb154-b79e-4feb-be57-3b042e08c3d1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9882DD45-532F-4E95-97D5-5226E2508815} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {9BB5E5D9-AB4E-450F-B307-FB150BD0E1AD} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2287472 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {AD374E3F-D197-4348-A328-F17922BD0AD8} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {B23C98A1-DB0E-43C9-9F19-0CA6BE6FAF96} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\46117c33-8f9f-4194-bfe4-abd5eab29c6f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {DE5B2EF5-A28F-470B-8651-18120AEF983D} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {F78750E6-6039-4269-A235-DB394B616584} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{f4ca6036-760d-4fbd-a108-907e8e1f8833}: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{f84a3c4a-2052-438d-85ee-d7f4231dced6}: [DhcpNameServer] 96.7.136.14 96.7.137.14
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (AdBlock — best ad blocker) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.13.0.0_neutral__c1wakc4j0nefm [2022-08-20]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\MIKE CATHY\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-20]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [625960 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [625448 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8543840 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [146944 2016-05-16] () [File not signed]
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.5-0\NisSrv.exe [3125128 2022-08-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.5-0\MsMpEng.exe [133560 2022-08-15] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [42000 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [235736 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [389208 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [258128 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [105560 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [24528 2022-08-16] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [48144 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [275176 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [554080 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [114112 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [89176 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [860024 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [670904 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [221656 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [324984 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-08-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [453904 2022-08-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94456 2022-08-15] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-08-20 19:33 - 2022-08-20 16:18 - 000000000 ____D C:\Windows.old
2022-08-20 16:25 - 2022-08-20 16:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-08-20 16:23 - 2022-08-20 16:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-08-20 16:18 - 2022-08-20 16:18 - 000000020 ___SH C:\Users\MIKE CATHY\ntuser.ini
2022-08-20 16:16 - 2022-08-20 21:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-20 16:16 - 2022-08-20 16:18 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-08-20 16:16 - 2022-08-20 16:18 - 000003320 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{389C27D4-7454-4BEF-AA7F-32F22C076C60}
2022-08-20 16:16 - 2022-08-20 16:18 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3710523834-1862825545-2785641031-1001
2022-08-20 16:16 - 2022-08-20 16:18 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3710523834-1862825545-2785641031-500
2022-08-20 16:16 - 2022-08-20 16:17 - 000003446 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2022-08-20 16:16 - 2022-08-20 16:17 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-08-20 16:16 - 2022-08-20 16:17 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3710523834-1862825545-2785641031-1001
2022-08-20 16:16 - 2022-08-20 16:16 - 000003250 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2022-08-20 16:16 - 2022-08-20 16:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2022-08-20 16:16 - 2022-08-20 16:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2022-08-20 16:16 - 2020-11-19 03:38 - 000003394 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3538912014-3826891016-3662973680-500
2022-08-20 16:13 - 2022-08-20 16:16 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2022-08-20 16:13 - 2022-08-20 16:16 - 000007623 _____ C:\WINDOWS\diagerr.xml
2022-08-20 15:54 - 2022-08-20 15:54 - 000840808 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-08-20 15:42 - 2022-08-20 15:42 - 000000000 ____D C:\Program Files\Realtek
2022-08-20 15:40 - 2018-05-07 03:15 - 000144808 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2022-08-20 15:40 - 2018-05-07 03:15 - 000119720 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2022-08-20 15:35 - 2022-08-20 22:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-20 15:35 - 2022-08-20 15:35 - 000437736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-20 15:03 - 2022-08-20 19:33 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-08-20 15:01 - 2022-08-20 16:18 - 000000000 ____D C:\Users\MIKE CATHY
2022-08-20 15:01 - 2019-12-07 05:10 - 000001105 _____ C:\Users\MIKE CATHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-08-20 14:59 - 2022-08-20 15:03 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-08-20 13:57 - 2022-08-20 13:57 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-08-20 13:42 - 2022-08-20 13:42 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-20 13:42 - 2022-08-20 13:42 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-20 13:42 - 2022-08-20 13:42 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-08-20 13:42 - 2022-08-20 13:42 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-08-20 13:42 - 2022-08-20 13:42 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-08-20 13:42 - 2022-08-20 13:42 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-08-20 13:42 - 2022-08-20 13:42 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-08-20 13:41 - 2022-08-20 13:41 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-08-20 13:41 - 2022-08-20 13:41 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-08-20 13:41 - 2022-08-20 13:41 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-08-20 13:41 - 2022-08-20 13:41 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-08-20 13:41 - 2022-08-20 13:41 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-08-20 13:41 - 2022-08-20 13:41 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-08-20 13:40 - 2022-08-20 13:40 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-08-20 13:40 - 2022-08-20 13:40 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-08-20 13:40 - 2022-08-20 13:40 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-20 13:38 - 2022-08-20 13:38 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-08-20 13:38 - 2022-08-20 13:38 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-08-20 13:37 - 2022-08-20 13:37 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-08-20 13:36 - 2022-08-20 13:36 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-08-20 13:36 - 2022-08-20 13:36 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-08-20 13:35 - 2022-08-20 13:35 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-08-20 13:34 - 2022-08-20 13:34 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-08-20 13:34 - 2022-08-20 13:34 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-20 13:33 - 2022-08-20 13:33 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-08-20 13:33 - 2022-08-20 13:33 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-08-20 13:33 - 2022-08-20 13:33 - 000093696 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-08-20 13:33 - 2022-08-20 13:33 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-08-20 13:32 - 2022-08-20 13:32 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-08-20 13:32 - 2022-08-20 13:32 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-08-20 13:32 - 2022-08-20 13:32 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-20 13:32 - 2022-08-20 13:32 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-20 13:32 - 2022-08-20 13:32 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-20 13:31 - 2022-08-20 13:31 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-20 11:58 - 2019-10-15 13:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2022-08-20 11:58 - 2019-04-18 18:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2022-08-20 11:50 - 2022-08-20 11:50 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-08-20 11:50 - 2022-08-20 11:50 - 000000000 ____D C:\Program Files\MSBuild
2022-08-20 11:50 - 2022-08-20 11:50 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-08-20 11:50 - 2022-08-20 11:50 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-08-20 11:36 - 2022-08-20 11:36 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-08-20 10:08 - 2022-08-20 16:19 - 000000000 ___DC C:\WINDOWS\Panther
2022-08-20 09:53 - 2022-08-20 10:07 - 000000000 ____D C:\ESD
2022-08-20 09:46 - 2022-08-20 10:02 - 000000000 ____D C:\ISO
2022-08-20 09:46 - 2022-08-20 09:46 - 000000000 ___HD C:\$Windows.~WS
2022-08-19 20:54 - 2022-08-20 22:08 - 000019969 _____ C:\Users\MIKE CATHY\Desktop\FRST.txt
2022-08-19 20:46 - 2022-08-19 20:46 - 000000000 _____ C:\Users\MIKE CATHY\Desktop\Lenovo Warning.bmp
2022-08-18 21:43 - 2022-08-19 11:31 - 000001601 _____ C:\Users\MIKE CATHY\Desktop\Search.txt
2022-08-17 19:06 - 2022-08-17 19:06 - 000536231 _____ C:\Users\MIKE CATHY\Desktop\Hard Pagefaults.zip
2022-08-17 18:58 - 2022-08-17 18:58 - 000000862 _____ C:\Users\MIKE CATHY\Desktop\LatencyMon.lnk
2022-08-17 18:58 - 2022-08-17 18:58 - 000000000 ____D C:\Program Files\LatencyMon
2022-08-17 18:58 - 2021-03-09 15:07 - 000027744 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2022-08-17 18:56 - 2022-08-17 18:57 - 003622480 _____ (Resplendence Software Projects Sp. ) C:\Users\MIKE CATHY\Desktop\LatencyMon.exe
2022-08-17 18:52 - 2022-08-17 18:54 - 000151648 _____ C:\Users\MIKE CATHY\Desktop\Speccy Log.txt
2022-08-17 18:50 - 2022-08-17 18:50 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2022-08-17 18:50 - 2022-08-17 18:50 - 000000000 ____D C:\Program Files\Speccy
2022-08-17 18:48 - 2022-08-17 18:48 - 008995336 _____ (Piriform Software Ltd) C:\Users\MIKE CATHY\Desktop\spsetup132.exe
2022-08-17 18:45 - 2022-08-17 18:45 - 000014987 _____ C:\junk.txt
2022-08-17 18:42 - 2022-08-17 18:42 - 000021640 _____ C:\Users\MIKE CATHY\Desktop\Process Explorer Log.txt
2022-08-17 18:36 - 2022-08-17 18:36 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2022-08-17 18:35 - 2022-08-17 18:35 - 002839416 _____ (Sysinternals - www.sysinternals.com) C:\Users\MIKE CATHY\Desktop\procexp.exe
2022-08-17 06:17 - 2022-08-17 06:23 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\TeamViewer
2022-08-17 06:17 - 2022-08-17 06:17 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Roaming\TeamViewer
2022-08-17 06:14 - 2022-08-17 06:15 - 025017176 _____ (TeamViewer) C:\Users\MIKE CATHY\Desktop\TeamViewerQS.exe
2022-08-16 20:30 - 2022-08-20 19:33 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2022-08-16 18:04 - 2022-08-16 18:04 - 001728054 _____ C:\Users\MIKE CATHY\Desktop\Virus Scan.bmp
2022-08-16 17:52 - 2022-08-16 17:52 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Roaming\AVG
2022-08-16 17:52 - 2022-08-16 17:52 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\CEF
2022-08-16 17:52 - 2022-08-16 17:52 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\AVG
2022-08-16 17:51 - 2022-08-16 17:51 - 000002082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2022-08-16 17:51 - 2022-08-16 17:51 - 000002070 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2022-08-16 17:48 - 2022-08-16 17:48 - 000860024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000670904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000554080 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000389208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000324984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000275176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000270632 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2022-08-16 17:48 - 2022-08-16 17:48 - 000258128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000235736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000221656 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000114112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000105560 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000089176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000048144 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000042000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000024528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000000000 ____D C:\Program Files\Common Files\AVG
2022-08-16 17:47 - 2022-08-16 17:47 - 000000000 ____D C:\Program Files\AVG
2022-08-16 17:46 - 2022-08-20 21:21 - 000000000 ____D C:\ProgramData\AVG
2022-08-16 17:45 - 2022-08-16 17:45 - 000235248 _____ (AVG Technologies CZ, s.r.o.) C:\Users\MIKE CATHY\Downloads\avg_antivirus_free_setup.exe
2022-08-16 08:48 - 2022-08-19 20:54 - 000001087 _____ C:\Users\MIKE CATHY\Desktop\SpeedFan.lnk
2022-08-16 08:48 - 2022-08-19 20:54 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2022-08-16 08:48 - 2022-08-16 08:48 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2022-08-16 08:47 - 2022-08-16 08:45 - 003086696 _____ C:\Users\MIKE CATHY\Desktop\instspeedfan452_1.exe
2022-08-15 11:18 - 2022-08-20 22:08 - 000000000 ____D C:\FRST
2022-08-15 11:18 - 2022-08-17 18:12 - 000000000 ____D C:\Users\MIKE CATHY\Desktop\FRST-OlderVersion
2022-08-15 11:06 - 2022-08-17 18:12 - 002371072 _____ (Farbar) C:\Users\MIKE CATHY\Desktop\FRST64.exe
2022-08-14 22:48 - 2022-08-14 22:48 - 000000000 ___HD C:\$SysReset
2022-08-14 22:00 - 2022-08-14 22:01 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-14 21:38 - 2022-08-14 21:38 - 000000000 ____D C:\WINDOWS\pss
2022-08-13 19:13 - 2022-08-13 19:13 - 000000000 __SHD C:\found.036
2022-08-13 17:19 - 2022-08-13 17:19 - 000001228 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28 - Shortcut.lnk
2022-08-09 16:19 - 2022-08-09 16:19 - 000000000 ___HD C:\$WinREAgent
2022-08-08 14:32 - 2022-08-08 14:32 - 000160229 _____ C:\Users\MIKE CATHY\Downloads\Kaitlyn D. Ibrahim, MD.pdf
2022-07-23 13:32 - 2022-07-23 13:32 - 000916254 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28.bmp
2022-07-23 13:32 - 2022-07-23 13:32 - 000000079 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28.html
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-08-20 21:27 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-20 21:21 - 2016-12-30 13:36 - 000000000 __SHD C:\Users\MIKE CATHY\IntelGraphicsProfiles
2022-08-20 21:19 - 2021-01-20 16:51 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-20 21:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-08-20 21:18 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-20 21:18 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-08-20 19:34 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-08-20 19:33 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-08-20 19:33 - 2017-06-02 03:39 - 000000000 ____D C:\Program Files\Intel
2022-08-20 19:33 - 2017-06-02 03:38 - 000000000 ____D C:\Program Files\CONEXANT
2022-08-20 19:33 - 2017-05-18 11:27 - 000000000 ____D C:\Program Files\UNP
2022-08-20 19:33 - 2017-03-24 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2016
2022-08-20 19:33 - 2017-01-01 04:37 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2022-08-20 19:33 - 2016-12-30 18:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-20 19:33 - 2016-10-26 21:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2022-08-20 19:33 - 2016-10-26 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2022-08-20 19:33 - 2016-10-26 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2022-08-20 18:39 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-20 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-20 18:25 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-08-20 16:36 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-08-20 16:24 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-20 16:20 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-20 16:19 - 2020-11-19 03:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-08-20 16:19 - 2017-11-25 02:20 - 000000000 ___RD C:\Users\MIKE CATHY\3D Objects
2022-08-20 16:18 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-20 16:18 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-08-20 16:16 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-08-20 15:55 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-20 15:55 - 2020-11-19 03:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-08-20 15:53 - 2019-12-07 05:14 - 000000000 __RSD C:\WINDOWS\Media
2022-08-20 15:42 - 2017-06-02 03:40 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2022-08-20 15:41 - 2017-06-02 03:38 - 001701376 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2022-08-20 15:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-08-20 15:27 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup
2022-08-20 15:15 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-08-20 15:14 - 2019-12-07 05:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-08-20 15:04 - 2020-03-11 16:18 - 000000000 ____D C:\WINDOWS\Lenovo
2022-08-20 15:04 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Resources
2022-08-20 15:04 - 2017-06-02 03:40 - 000000000 ____D C:\Program Files\Synaptics
2022-08-20 15:04 - 2017-01-01 04:37 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2022-08-20 15:04 - 2016-10-26 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2022-08-20 15:02 - 2017-11-25 01:41 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\Packages
2022-08-20 13:58 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-20 13:57 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-08-20 13:57 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-08-18 22:47 - 2020-03-13 23:21 - 1100929714 _____ C:\WINDOWS\MEMORY.DMP
2022-08-18 21:34 - 2017-11-10 20:01 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2022-08-16 02:10 - 2016-12-30 13:55 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\Lenovo
2022-08-15 20:09 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-08-15 11:37 - 2021-01-19 14:02 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\D3DSCache
2022-08-15 08:19 - 2017-01-03 22:39 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\Google
2022-08-13 17:43 - 2017-07-08 19:36 - 000000000 ____D C:\ProgramData\WRData
2022-08-13 17:08 - 2017-07-08 19:36 - 000000000 ____D C:\Program Files\Webroot
2022-08-13 17:02 - 2017-07-08 19:37 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\lptmp
2022-08-09 15:51 - 2016-12-30 18:11 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-07 19:30 - 2016-12-30 16:55 - 000803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2022-08-05 19:57 - 2020-03-26 10:07 - 000000000 ____D C:\WINDOWS\TempInst
 
==================== Files in the root of some directories ========
 
2022-05-16 13:07 - 2012-09-20 06:00 - 000105472 _____ (CANON INC.) C:\Users\MIKE CATHY\cnmss Canon MX920 series Printer WS (Local).dll
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2022
Ran by MIKE CATHY (20-08-2022 22:15:20)
Running from C:\Users\MIKE CATHY\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) (2022-08-20 20:18:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3710523834-1862825545-2785641031-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3710523834-1862825545-2785641031-503 - Limited - Disabled)
Guest (S-1-5-21-3710523834-1862825545-2785641031-501 - Limited - Disabled)
MIKE CATHY (S-1-5-21-3710523834-1862825545-2785641031-1001 - Administrator - Enabled) => C:\Users\MIKE CATHY
WDAGUtilityAccount (S-1-5-21-3710523834-1862825545-2785641031-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 22.7.3245 - AVG Technologies)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.31.68 - Conexant)
Dolby Audio X2 Windows API SDK (HKLM\...\{27DBA722-5298-4184-9535-C529EDF3C82D}) (Version: 0.7.1.56 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{C55DB969-8BE0-4D7F-BF27-B8D316D944D6}) (Version: 0.7.1.59 - Dolby Laboratories, Inc.)
H&R Block Deluxe + Efile + State 2016 (HKLM-x32\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.6401 - HRB Technology, LLC.)
H&R Block Pennsylvania 2016 (HKLM-x32\...\{BAECF4E0-1EB0-4CBA-A0D9-09BA014038A3}) (Version: 1.16.3501 - HRB Technology, LLC.)
Intel® Chipset Device Software (HKLM\...\{47DC837D-ECA6-49AF-9904-1427BB94EF4C}) (Version: 10.1.1.27 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{2B8D577D-4E81-4F0B-A63D-0A4D5C897B5A}) (Version: 11.5.0.1015 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4471 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{FBE0EFD3-4A1F-4E28-A26B-6FAD2DD1AAE4}) (Version: 15.0.0.1039 - Intel Corporation) Hidden
LatencyMon 7.20 (HKLM\...\LatencyMon_is1) (Version: 7.20 - Resplendence Software Projects Sp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.14.0 - Lenovo Group Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.63 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 104.0.1293.63 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\OneDriveSetup.exe) (Version: 22.151.0717.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.887.051116 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0286 - REALTEK Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
AdBlock -> C:\Program Files\WindowsApps\BetaFish.AdBlock_2.13.0.0_neutral__c1wakc4j0nefm [2022-08-20] (BetaFish)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.224.300.0_x64__kgqvnymyfvs32 [2022-08-13] (king.com)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-19] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2207.2.0_x64__k1h2ywk1493x8 [2022-08-03] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-08-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-08-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-28] (Microsoft Studios) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-09-06] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-03] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-05] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2022-08-20] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2016-10-26 21:20 - 2016-03-10 22:07 - 001145856 _____ (Conexant Systems, Inc.) [File not signed] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.132.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3204917C-316E-439E-8543-D2AB8BD9E8DB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.63\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5CEFC0EC-CED1-4BC1-ADBA-73BA58341AD1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A50EEA1-39D2-4CB0-BA63-BC687ED6973C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{150E3E1C-B629-4B24-B4BD-B67F1BF6B711}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D8DE283F-7584-40FC-A308-23C7860BA973}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{86E16723-1599-4B8F-BCEC-65971E63D25D}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4C43D96E-3B6E-4AA8-BB68-D6C1866F4521}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{9D4F20F3-9232-40EB-8C52-12752D8611AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5788E05C-47BA-43BF-9AEB-9A14288D0485}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D1EC56FA-9FA1-492A-A47A-8603953F396F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE83B42B-3D52-4398-A9C2-B834F5B69FC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{95D0D028-FBCD-4B8C-8E11-6AF0E8442F9E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6214189B-7538-4E80-BEC3-D696CD974D6D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B80247AF-1727-42DA-BFA4-876F51ADC2A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{68717F48-52B5-456D-86BD-947D64669C0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
 
==================== Restore Points =========================
 
20-08-2022 18:24:25 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (08/20/2022 09:18:04 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (08/20/2022 09:18:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (08/20/2022 09:18:04 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (08/20/2022 09:18:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (08/20/2022 04:18:54 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5312, ProfSvc PID: 2292.
 
Error: (08/20/2022 04:18:54 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe, PID: 3392, ProfSvc PID: 2292.
 
Error: (08/20/2022 03:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SensorDataService.exe, version: 10.0.19041.746, time stamp: 0x9411a0ac
Faulting module name: RsProvider.dll, version: 1.23.0.0, time stamp: 0x56fb7e54
Exception code: 0xc0000005
Fault offset: 0x00000000000990f2
Faulting process id: 0x8f8
Faulting application start time: 0x01d8b4cd51fae867
Faulting application path: C:\WINDOWS\System32\SensorDataService.exe
Faulting module path: C:\Program Files\Realtek\RsProviders\RsProvider.dll
Report Id: 8e76c5ed-67b1-42e9-87c3-ae9308f3d681
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/20/2022 03:42:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SensorDataService.exe, version: 10.0.19041.746, time stamp: 0x9411a0ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x7e4
Faulting application start time: 0x01d8b4cd09a4d817
Faulting application path: C:\WINDOWS\System32\SensorDataService.exe
Faulting module path: unknown
Report Id: 049043b8-50b5-47b6-a207-8074e800d340
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (08/20/2022 09:31:29 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.
 
Error: (08/20/2022 09:29:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (08/20/2022 09:24:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (08/20/2022 09:21:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/20/2022 09:21:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (08/20/2022 09:21:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/20/2022 09:21:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (08/20/2022 09:20:47 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The Conexant SmartAudio service service has reported an invalid current state 14.
 
 
CodeIntegrity:
===============
Date: 2022-08-20 21:28:16
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\asw09902183b6a2d4de.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2022-08-20 21:27:17
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
Date: 2022-08-20 21:27:17
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO 3JCN21WW 09/23/2016
Motherboard: LENOVO Torronto 5C2
Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 54%
Total physical RAM: 8092.13 MB
Available physical RAM: 3641.55 MB
Total Virtual: 12700.13 MB
Available Virtual: 8365.3 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:863.07 GB) (Model: ST1000LM035-1RK172) NTFS
Drive e: (TINY) (Removable) (Total:7.44 GB) (Free:7.42 GB) FAT32
 
\\?\Volume{ac5da186-41e5-4ccd-bcc1-2afce19b2201}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.46 GB) NTFS
\\?\Volume{0e59f6e8-459f-477a-8c33-1e2f4a6ccc02}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8C20E429)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 7.5 GB) (Disk ID: B5263172)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
 
==================== End of Addition.txt =======================

  • 0

Advertisements

#32
Jamazz
Posted 21 August 2022 - 12:42 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Here's the latest search file, too.

 

 

Farbar Recovery Scan Tool (x64) Version: 15-08-2022
Ran by MIKE CATHY (21-08-2022 10:21:48)
Running from C:\Users\MIKE CATHY\Desktop
Boot Mode: Normal
 
================== Search Files: "browser.dll" =============
 
C:\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\browser.dll
[2022-04-13 12:28][2022-04-13 12:28] 000140800 _____ (Microsoft Corporation) 7BA6EDC4B6C3EF293A59E3C4161859E6 [File is digitally signed]
 
C:\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\r\browser.dll
[2022-04-13 11:50][2022-04-03 03:05] 000001320 _____ () 98DA22EDE4F84037D016AE981FF246F0 [File not signed]
 
C:\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\f\browser.dll
[2022-04-13 11:50][2022-04-03 03:05] 000001422 _____ () 7DB29D1CEFC4E0097B8CC39B9F5E50C6 [File not signed]
 
C:\Windows.old\WINDOWS\System32\browser.dll
[2022-08-19 20:48][2022-04-13 12:28] 000140800 _____ (Microsoft Corporation) 7BA6EDC4B6C3EF293A59E3C4161859E6 [File is digitally signed]
 
C:\Windows.old\WINDOWS\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1889.1.16\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\r\browser.dll
[2022-08-09 16:27][2022-08-04 23:18] 000001320 ____N () 98DA22EDE4F84037D016AE981FF246F0 [File not signed]
 
C:\Windows.old\WINDOWS\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1889.1.16\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\f\browser.dll
[2022-08-09 16:27][2022-08-04 23:17] 000001422 ____N () 2C54F49BF1259BF8A9C5E1C5A1AD0452 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1_none_2eda343d3d5bfbe8\browser.dll
[2019-12-07 05:10][2019-12-07 05:52] 000140800 _____ (Microsoft Corporation) 35F152A2299ABF0CFB101DF5001CD7E2 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\browser.dll
[2022-08-20 13:42][2022-08-20 13:42] 000140800 _____ (Microsoft Corporation) 7BA6EDC4B6C3EF293A59E3C4161859E6 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\r\browser.dll
[2022-08-20 13:42][2022-08-20 13:42] 000001320 _____ () 98DA22EDE4F84037D016AE981FF246F0 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-browserservice_31bf3856ad364e35_10.0.19041.1645_none_ed81d0c35351ef0b\f\browser.dll
[2022-08-20 13:42][2022-08-20 13:42] 000001422 _____ () 2C54F49BF1259BF8A9C5E1C5A1AD0452 [File not signed]
 
 
====== End of Search ======

  • 0

#33
RKinner
Posted 21 August 2022 - 01:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

It doesn't seem to be complaining about the browser.dll file being missing any more but the file is still not showing up in the correct location (System32).  I would rerun SFC and DISM as it appears that a couple of Windows services are not starting as they should.  Then do the following:

 

Search for
 
task scheduler
 
When it finds it, right click and Run As Administrator
 
Click on the arrow in front of Task Scheduler Library then
 
Click on the arrow in front of Microsoft
 
Click on the arrow in front of Windows
 
Click on Application Experience.  In the next pane to the right, right click on each Task and Delete.  Should be three or four (later versions) tasks.
 
Click on Customer Experience Improvement Program.  In the next pane to the right, right click on each Task and Delete.  Should be two tasks.
 
Close Task Scheduler.
 
Search for
services.msc
hit Enter
 
Find SysMain
Right click on it and select Properties.  Change the Startup Type from Automatic to Disabled.  OK
 
Find Downloaded Maps Manager
Right click on it and select Properties.  Change the Startup Type from Automatic (Delayed) to Disabled.  OK
 
Close Services
 
Download OOSU10.exe:
 
 
Download and Save it (You will get a popup while it's downloading.  You can X out of it)
then go to the Download folder and Right click on the downloaded file and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.
 
Close the program and reboot.
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
 
* Application
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button and wait.
Notepad will open with the output log.
 
 
Please copy and paste the Output log into your next reply 
 
 
Rerun Latency Monitor and post the summary and a screenshot of the Processes tab.

  • 0

#34
Jamazz
Posted 21 August 2022 - 04:53 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

SFC found the following:

 

Windows Resource Protection found corrupt files and successfully repaired them.

 

Let me know if you need the logfile.


  • 0

#35
RKinner
Posted 21 August 2022 - 04:59 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

No need if SFC is happy.


  • 0

#36
Jamazz
Posted 21 August 2022 - 06:03 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

DISM ran with no errors or reports. Looks like it's all clear for it. Rebooted. Reran scan. Files are below. Moving onto task scheduler.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2022
Ran by MIKE CATHY (administrator) on LAPTOP-BPIIB8FF (LENOVO 80TV) (21-08-2022 19:46:12)
Running from C:\Users\MIKE CATHY\Desktop
Loaded Profiles: MIKE CATHY
Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(BatteryWidgetAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(DeviceSettingsHeartbeatAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(GenericTelemetryAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoSecurityAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoSystemUpdateAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(SmartInteractAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(SmartPrivacyAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\setup\instup.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\tv_w32.exe
(C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\tv_x64.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <4>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(explorer.exe ->) () [File not signed] C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(explorer.exe ->) (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(services.exe ->) () [File not signed] C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
(svchost.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\MIKE CATHY\AppData\Local\Temp\TeamViewer\TeamViewer.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [809472 2016-05-16] () [File not signed]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [250664 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\Run: [MicrosoftEdgeAutoLaunch_7B46DF534001DA0DC0FF30BF8F71993C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827128 2022-08-18] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\Users\MIKE CATHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX920 series Printer WS.lnk [2022-08-12]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {12F685D0-3589-4905-97BE-2E1018974EC6} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4965672 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {17EA4F2C-D6C7-4BE4-A520-EBE117D9F91D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {18FFB6C8-E7B3-4EE8-B0FF-99CE7E9985D7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\28e6e7a3-b735-4617-8912-d295d3eabc16 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {25580CAB-CA42-4084-A809-0086A61B0EE6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {322FBE35-4183-4AAB-BD84-3329718B1AD2} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\Windows\System32\Autopilot.dll [192000 2022-08-20] (Microsoft Windows -> Microsoft Corporation)
Task: {330C25D8-5F91-48AD-B249-73E40D4FFC2E} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [147864 2022-05-12] (Lenovo -> Lenovo Group Ltd.)
Task: {44244B5A-C2D3-45A4-9B99-2AAACEFF2361} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {47CF87BC-7D80-42CD-A648-E1EBDA7DD450} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f2b2d6fe-d1c5-45a1-b339-c6eff8807f87 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {48C93C30-0F96-4E4F-BFE7-2EAF6B3F8A55} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {4C797DC6-CC26-4F86-87B5-A6843E3636DA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8814c0c9-6b55-4d9a-b3c5-3a8208799964 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {5A7D040D-34DB-408A-A9B0-F1513BD59040} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\Windows\System32\Autopilot.dll [192000 2022-08-20] (Microsoft Windows -> Microsoft Corporation)
Task: {6823AA50-2B74-4A6F-8CCC-A4E6D8C94072} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {722B2178-4CEE-4031-AE4F-B68965D0F371} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {964D0040-67AD-4E58-AAE2-26C5ED055B60} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\512cb154-b79e-4feb-be57-3b042e08c3d1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9882DD45-532F-4E95-97D5-5226E2508815} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {9BB5E5D9-AB4E-450F-B307-FB150BD0E1AD} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2287472 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {AD374E3F-D197-4348-A328-F17922BD0AD8} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {B23C98A1-DB0E-43C9-9F19-0CA6BE6FAF96} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\46117c33-8f9f-4194-bfe4-abd5eab29c6f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {DE5B2EF5-A28F-470B-8651-18120AEF983D} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {F78750E6-6039-4269-A235-DB394B616584} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{f4ca6036-760d-4fbd-a108-907e8e1f8833}: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{f84a3c4a-2052-438d-85ee-d7f4231dced6}: [DhcpNameServer] 96.7.136.14 96.7.137.14
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (AdBlock — best ad blocker) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.13.0.0_neutral__c1wakc4j0nefm [2022-08-20]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\MIKE CATHY\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-21]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [625960 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [625448 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8543840 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [146944 2016-05-16] () [File not signed]
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.5-0\NisSrv.exe [3125128 2022-08-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.5-0\MsMpEng.exe [133560 2022-08-15] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [42000 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [235736 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [389208 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [258128 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [105560 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [24528 2022-08-16] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [48144 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [275176 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [554080 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [114112 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [89176 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [860024 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [670904 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [221656 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [324984 2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-08-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [453904 2022-08-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94456 2022-08-15] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-08-21 19:46 - 2022-08-21 19:51 - 000022682 _____ C:\Users\MIKE CATHY\Desktop\FRST.txt
2022-08-20 19:33 - 2022-08-20 16:18 - 000000000 ____D C:\Windows.old
2022-08-20 16:25 - 2022-08-20 16:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-08-20 16:23 - 2022-08-20 16:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-08-20 16:18 - 2022-08-20 16:18 - 000000020 ___SH C:\Users\MIKE CATHY\ntuser.ini
2022-08-20 16:16 - 2022-08-21 19:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-20 16:16 - 2022-08-20 16:18 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-08-20 16:16 - 2022-08-20 16:18 - 000003320 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{389C27D4-7454-4BEF-AA7F-32F22C076C60}
2022-08-20 16:16 - 2022-08-20 16:18 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3710523834-1862825545-2785641031-1001
2022-08-20 16:16 - 2022-08-20 16:18 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3710523834-1862825545-2785641031-500
2022-08-20 16:16 - 2022-08-20 16:17 - 000003446 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2022-08-20 16:16 - 2022-08-20 16:17 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-08-20 16:16 - 2022-08-20 16:17 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3710523834-1862825545-2785641031-1001
2022-08-20 16:16 - 2022-08-20 16:16 - 000003250 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2022-08-20 16:16 - 2022-08-20 16:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2022-08-20 16:16 - 2022-08-20 16:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2022-08-20 16:16 - 2020-11-19 03:38 - 000003394 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3538912014-3826891016-3662973680-500
2022-08-20 16:13 - 2022-08-20 16:16 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2022-08-20 16:13 - 2022-08-20 16:16 - 000007623 _____ C:\WINDOWS\diagerr.xml
2022-08-20 15:54 - 2022-08-21 19:46 - 000840808 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-08-20 15:42 - 2022-08-20 15:42 - 000000000 ____D C:\Program Files\Realtek
2022-08-20 15:40 - 2018-05-07 03:15 - 000144808 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2022-08-20 15:40 - 2018-05-07 03:15 - 000119720 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2022-08-20 15:35 - 2022-08-21 19:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-20 15:35 - 2022-08-20 15:35 - 000437736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-20 15:03 - 2022-08-20 19:33 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-08-20 15:01 - 2022-08-20 16:18 - 000000000 ____D C:\Users\MIKE CATHY
2022-08-20 15:01 - 2019-12-07 05:10 - 000001105 _____ C:\Users\MIKE CATHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-08-20 14:59 - 2022-08-20 15:03 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-08-20 13:57 - 2022-08-20 13:57 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-08-20 13:42 - 2022-08-20 13:42 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-20 13:42 - 2022-08-20 13:42 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-20 13:42 - 2022-08-20 13:42 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-08-20 13:42 - 2022-08-20 13:42 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-08-20 13:42 - 2022-08-20 13:42 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-08-20 13:42 - 2022-08-20 13:42 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-08-20 13:42 - 2022-08-20 13:42 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-08-20 13:41 - 2022-08-20 13:41 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-08-20 13:41 - 2022-08-20 13:41 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-08-20 13:41 - 2022-08-20 13:41 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-08-20 13:41 - 2022-08-20 13:41 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-08-20 13:41 - 2022-08-20 13:41 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-08-20 13:41 - 2022-08-20 13:41 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-08-20 13:40 - 2022-08-20 13:40 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-08-20 13:40 - 2022-08-20 13:40 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-08-20 13:40 - 2022-08-20 13:40 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-20 13:38 - 2022-08-20 13:38 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-08-20 13:38 - 2022-08-20 13:38 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-08-20 13:37 - 2022-08-20 13:37 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-08-20 13:36 - 2022-08-20 13:36 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-08-20 13:36 - 2022-08-20 13:36 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-08-20 13:35 - 2022-08-20 13:35 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-08-20 13:34 - 2022-08-20 13:34 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-08-20 13:34 - 2022-08-20 13:34 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-20 13:33 - 2022-08-20 13:33 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-08-20 13:33 - 2022-08-20 13:33 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-08-20 13:33 - 2022-08-20 13:33 - 000093696 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-08-20 13:33 - 2022-08-20 13:33 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-08-20 13:32 - 2022-08-20 13:32 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-08-20 13:32 - 2022-08-20 13:32 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-08-20 13:32 - 2022-08-20 13:32 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-20 13:32 - 2022-08-20 13:32 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-20 13:32 - 2022-08-20 13:32 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-20 13:31 - 2022-08-20 13:31 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-20 11:58 - 2019-10-15 13:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2022-08-20 11:58 - 2019-04-18 18:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2022-08-20 11:50 - 2022-08-20 11:50 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-08-20 11:50 - 2022-08-20 11:50 - 000000000 ____D C:\Program Files\MSBuild
2022-08-20 11:50 - 2022-08-20 11:50 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-08-20 11:50 - 2022-08-20 11:50 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-08-20 11:36 - 2022-08-20 11:36 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-08-20 10:08 - 2022-08-20 16:19 - 000000000 ___DC C:\WINDOWS\Panther
2022-08-20 09:53 - 2022-08-20 10:07 - 000000000 ____D C:\ESD
2022-08-20 09:46 - 2022-08-20 10:02 - 000000000 ____D C:\ISO
2022-08-20 09:46 - 2022-08-20 09:46 - 000000000 ___HD C:\$Windows.~WS
2022-08-17 18:58 - 2022-08-17 18:58 - 000000862 _____ C:\Users\MIKE CATHY\Desktop\LatencyMon.lnk
2022-08-17 18:58 - 2022-08-17 18:58 - 000000000 ____D C:\Program Files\LatencyMon
2022-08-17 18:58 - 2021-03-09 15:07 - 000027744 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2022-08-17 18:50 - 2022-08-17 18:50 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2022-08-17 18:50 - 2022-08-17 18:50 - 000000000 ____D C:\Program Files\Speccy
2022-08-17 18:45 - 2022-08-17 18:45 - 000014987 _____ C:\junk.txt
2022-08-17 18:36 - 2022-08-17 18:36 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2022-08-17 18:35 - 2022-08-17 18:35 - 002839416 _____ (Sysinternals - www.sysinternals.com) C:\Users\MIKE CATHY\Desktop\procexp.exe
2022-08-17 06:17 - 2022-08-17 06:23 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\TeamViewer
2022-08-17 06:17 - 2022-08-17 06:17 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Roaming\TeamViewer
2022-08-17 06:14 - 2022-08-17 06:15 - 025017176 _____ (TeamViewer) C:\Users\MIKE CATHY\Desktop\TeamViewerQS.exe
2022-08-16 20:30 - 2022-08-20 19:33 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2022-08-16 17:52 - 2022-08-16 17:52 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Roaming\AVG
2022-08-16 17:52 - 2022-08-16 17:52 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\CEF
2022-08-16 17:52 - 2022-08-16 17:52 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\AVG
2022-08-16 17:51 - 2022-08-16 17:51 - 000002082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2022-08-16 17:51 - 2022-08-16 17:51 - 000002070 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2022-08-16 17:48 - 2022-08-16 17:48 - 000860024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000670904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000554080 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000389208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000324984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000275176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000270632 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2022-08-16 17:48 - 2022-08-16 17:48 - 000258128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000235736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000221656 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000114112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000105560 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000089176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000048144 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000042000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000024528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2022-08-16 17:48 - 2022-08-16 17:48 - 000000000 ____D C:\Program Files\Common Files\AVG
2022-08-16 17:47 - 2022-08-16 17:47 - 000000000 ____D C:\Program Files\AVG
2022-08-16 17:46 - 2022-08-21 19:41 - 000000000 ____D C:\ProgramData\AVG
2022-08-16 17:45 - 2022-08-16 17:45 - 000235248 _____ (AVG Technologies CZ, s.r.o.) C:\Users\MIKE CATHY\Downloads\avg_antivirus_free_setup.exe
2022-08-16 08:48 - 2022-08-21 09:45 - 000001087 _____ C:\Users\MIKE CATHY\Desktop\SpeedFan.lnk
2022-08-16 08:48 - 2022-08-21 09:45 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2022-08-16 08:48 - 2022-08-16 08:48 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2022-08-15 11:18 - 2022-08-21 19:50 - 000000000 ____D C:\FRST
2022-08-15 11:18 - 2022-08-17 18:12 - 000000000 ____D C:\Users\MIKE CATHY\Desktop\FRST-OlderVersion
2022-08-15 11:06 - 2022-08-17 18:12 - 002371072 _____ (Farbar) C:\Users\MIKE CATHY\Desktop\FRST64.exe
2022-08-14 22:48 - 2022-08-14 22:48 - 000000000 ___HD C:\$SysReset
2022-08-14 22:00 - 2022-08-14 22:01 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-14 21:38 - 2022-08-14 21:38 - 000000000 ____D C:\WINDOWS\pss
2022-08-13 19:13 - 2022-08-13 19:13 - 000000000 __SHD C:\found.036
2022-08-13 17:19 - 2022-08-13 17:19 - 000001228 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28 - Shortcut.lnk
2022-08-09 16:19 - 2022-08-09 16:19 - 000000000 ___HD C:\$WinREAgent
2022-08-08 14:32 - 2022-08-08 14:32 - 000160229 _____ C:\Users\MIKE CATHY\Downloads\Kaitlyn D. Ibrahim, MD.pdf
2022-07-23 13:32 - 2022-07-23 13:32 - 000916254 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28.bmp
2022-07-23 13:32 - 2022-07-23 13:32 - 000000079 _____ C:\Users\MIKE CATHY\Desktop\WSA_SA_Report-Sat_2022-07-23_13-32-28.html
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-08-21 19:57 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-21 19:46 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-08-21 19:40 - 2016-12-30 13:36 - 000000000 __SHD C:\Users\MIKE CATHY\IntelGraphicsProfiles
2022-08-21 19:38 - 2021-01-20 16:51 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-21 19:38 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-08-21 19:38 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-08-21 19:24 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-21 17:54 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-21 17:54 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-21 03:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-08-20 19:34 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-08-20 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-08-20 19:33 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-08-20 19:33 - 2017-06-02 03:39 - 000000000 ____D C:\Program Files\Intel
2022-08-20 19:33 - 2017-06-02 03:38 - 000000000 ____D C:\Program Files\CONEXANT
2022-08-20 19:33 - 2017-05-18 11:27 - 000000000 ____D C:\Program Files\UNP
2022-08-20 19:33 - 2017-03-24 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2016
2022-08-20 19:33 - 2017-01-01 04:37 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2022-08-20 19:33 - 2016-12-30 18:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-20 19:33 - 2016-10-26 21:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2022-08-20 19:33 - 2016-10-26 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2022-08-20 19:33 - 2016-10-26 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2022-08-20 18:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-20 16:36 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-08-20 16:20 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-20 16:19 - 2020-11-19 03:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-08-20 16:19 - 2017-11-25 02:20 - 000000000 ___RD C:\Users\MIKE CATHY\3D Objects
2022-08-20 16:18 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-20 16:18 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-08-20 16:16 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-08-20 15:55 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-20 15:55 - 2020-11-19 03:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-08-20 15:53 - 2019-12-07 05:14 - 000000000 __RSD C:\WINDOWS\Media
2022-08-20 15:42 - 2017-06-02 03:40 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2022-08-20 15:41 - 2017-06-02 03:38 - 001701376 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2022-08-20 15:27 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup
2022-08-20 15:15 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-08-20 15:14 - 2019-12-07 05:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-08-20 15:04 - 2020-03-11 16:18 - 000000000 ____D C:\WINDOWS\Lenovo
2022-08-20 15:04 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Resources
2022-08-20 15:04 - 2017-06-02 03:40 - 000000000 ____D C:\Program Files\Synaptics
2022-08-20 15:04 - 2017-01-01 04:37 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2022-08-20 15:04 - 2016-10-26 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2022-08-20 15:02 - 2017-11-25 01:41 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\Packages
2022-08-20 13:58 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-20 13:57 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-20 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-08-20 13:57 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-08-18 22:47 - 2020-03-13 23:21 - 1100929714 _____ C:\WINDOWS\MEMORY.DMP
2022-08-18 21:34 - 2017-11-10 20:01 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2022-08-16 02:10 - 2016-12-30 13:55 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\Lenovo
2022-08-15 20:09 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-08-15 11:37 - 2021-01-19 14:02 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\D3DSCache
2022-08-15 08:19 - 2017-01-03 22:39 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\Google
2022-08-13 17:43 - 2017-07-08 19:36 - 000000000 ____D C:\ProgramData\WRData
2022-08-13 17:08 - 2017-07-08 19:36 - 000000000 ____D C:\Program Files\Webroot
2022-08-13 17:02 - 2017-07-08 19:37 - 000000000 ____D C:\Users\MIKE CATHY\AppData\Local\lptmp
2022-08-09 15:51 - 2016-12-30 18:11 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-07 19:30 - 2016-12-30 16:55 - 000803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2022-08-05 19:57 - 2020-03-26 10:07 - 000000000 ____D C:\WINDOWS\TempInst
 
==================== Files in the root of some directories ========
 
2022-05-16 13:07 - 2012-09-20 06:00 - 000105472 _____ (CANON INC.) C:\Users\MIKE CATHY\cnmss Canon MX920 series Printer WS (Local).dll
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2022
Ran by MIKE CATHY (21-08-2022 19:59:16)
Running from C:\Users\MIKE CATHY\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) (2022-08-20 20:18:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3710523834-1862825545-2785641031-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3710523834-1862825545-2785641031-503 - Limited - Disabled)
Guest (S-1-5-21-3710523834-1862825545-2785641031-501 - Limited - Disabled)
MIKE CATHY (S-1-5-21-3710523834-1862825545-2785641031-1001 - Administrator - Enabled) => C:\Users\MIKE CATHY
WDAGUtilityAccount (S-1-5-21-3710523834-1862825545-2785641031-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 22.7.3245 - AVG Technologies)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.31.68 - Conexant)
Dolby Audio X2 Windows API SDK (HKLM\...\{27DBA722-5298-4184-9535-C529EDF3C82D}) (Version: 0.7.1.56 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{C55DB969-8BE0-4D7F-BF27-B8D316D944D6}) (Version: 0.7.1.59 - Dolby Laboratories, Inc.)
H&R Block Deluxe + Efile + State 2016 (HKLM-x32\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.6401 - HRB Technology, LLC.)
H&R Block Pennsylvania 2016 (HKLM-x32\...\{BAECF4E0-1EB0-4CBA-A0D9-09BA014038A3}) (Version: 1.16.3501 - HRB Technology, LLC.)
Intel® Chipset Device Software (HKLM\...\{47DC837D-ECA6-49AF-9904-1427BB94EF4C}) (Version: 10.1.1.27 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{2B8D577D-4E81-4F0B-A63D-0A4D5C897B5A}) (Version: 11.5.0.1015 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4471 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{FBE0EFD3-4A1F-4E28-A26B-6FAD2DD1AAE4}) (Version: 15.0.0.1039 - Intel Corporation) Hidden
LatencyMon 7.20 (HKLM\...\LatencyMon_is1) (Version: 7.20 - Resplendence Software Projects Sp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.14.0 - Lenovo Group Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.63 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 104.0.1293.63 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\OneDriveSetup.exe) (Version: 22.151.0717.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.887.051116 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0286 - REALTEK Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
User Manuals (HKLM-x32\...\{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
AdBlock -> C:\Program Files\WindowsApps\BetaFish.AdBlock_2.13.0.0_neutral__c1wakc4j0nefm [2022-08-20] (BetaFish)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.224.300.0_x64__kgqvnymyfvs32 [2022-08-13] (king.com)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-19] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2207.2.0_x64__k1h2ywk1493x8 [2022-08-03] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-08-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-08-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-28] (Microsoft Studios) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-09-06] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-03] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-05] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2022-08-20] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-08-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-08-21 17:52 - 2022-08-21 17:52 - 000355840 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\2b8c809e451b1c9f7f7c0b7a9553a86f\Interop.CxHDAudioAPILib.ni.dll
2016-10-26 21:20 - 2016-03-10 22:07 - 001145856 _____ (Conexant Systems, Inc.) [File not signed] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.132.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
HKU\S-1-5-21-3710523834-1862825545-2785641031-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3204917C-316E-439E-8543-D2AB8BD9E8DB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.63\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5CEFC0EC-CED1-4BC1-ADBA-73BA58341AD1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A50EEA1-39D2-4CB0-BA63-BC687ED6973C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{150E3E1C-B629-4B24-B4BD-B67F1BF6B711}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D8DE283F-7584-40FC-A308-23C7860BA973}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{86E16723-1599-4B8F-BCEC-65971E63D25D}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4C43D96E-3B6E-4AA8-BB68-D6C1866F4521}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{9D4F20F3-9232-40EB-8C52-12752D8611AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5788E05C-47BA-43BF-9AEB-9A14288D0485}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D1EC56FA-9FA1-492A-A47A-8603953F396F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE83B42B-3D52-4398-A9C2-B834F5B69FC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{95D0D028-FBCD-4B8C-8E11-6AF0E8442F9E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6214189B-7538-4E80-BEC3-D696CD974D6D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B80247AF-1727-42DA-BFA4-876F51ADC2A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{68717F48-52B5-456D-86BD-947D64669C0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
 
==================== Restore Points =========================
 
20-08-2022 18:24:25 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (08/20/2022 09:18:04 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (08/20/2022 09:18:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (08/20/2022 09:18:04 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (08/20/2022 09:18:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (08/20/2022 04:18:54 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5312, ProfSvc PID: 2292.
 
Error: (08/20/2022 04:18:54 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe, PID: 3392, ProfSvc PID: 2292.
 
Error: (08/20/2022 03:44:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SensorDataService.exe, version: 10.0.19041.746, time stamp: 0x9411a0ac
Faulting module name: RsProvider.dll, version: 1.23.0.0, time stamp: 0x56fb7e54
Exception code: 0xc0000005
Fault offset: 0x00000000000990f2
Faulting process id: 0x8f8
Faulting application start time: 0x01d8b4cd51fae867
Faulting application path: C:\WINDOWS\System32\SensorDataService.exe
Faulting module path: C:\Program Files\Realtek\RsProviders\RsProvider.dll
Report Id: 8e76c5ed-67b1-42e9-87c3-ae9308f3d681
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/20/2022 03:42:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SensorDataService.exe, version: 10.0.19041.746, time stamp: 0x9411a0ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x7e4
Faulting application start time: 0x01d8b4cd09a4d817
Faulting application path: C:\WINDOWS\System32\SensorDataService.exe
Faulting module path: unknown
Report Id: 049043b8-50b5-47b6-a207-8074e800d340
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (08/21/2022 07:47:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.
 
Error: (08/21/2022 07:45:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (08/21/2022 07:43:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (08/21/2022 07:40:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/21/2022 07:40:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (08/21/2022 07:39:34 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The Conexant SmartAudio service service has reported an invalid current state 14.
 
Error: (08/21/2022 09:47:36 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (08/21/2022 09:44:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===============
Date: 2022-08-21 19:45:52
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.
 
Date: 2022-08-21 19:42:38
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Temp\aswa61e7d16abb27f81.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2022-08-21 19:42:23
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO 3JCN21WW 09/23/2016
Motherboard: LENOVO Torronto 5C2
Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 60%
Total physical RAM: 8092.13 MB
Available physical RAM: 3193.51 MB
Total Virtual: 12700.13 MB
Available Virtual: 7968.65 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:862.45 GB) (Model: ST1000LM035-1RK172) NTFS
 
\\?\Volume{ac5da186-41e5-4ccd-bcc1-2afce19b2201}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.46 GB) NTFS
\\?\Volume{0e59f6e8-459f-477a-8c33-1e2f4a6ccc02}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8C20E429)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#37
Jamazz
Posted 21 August 2022 - 06:28 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Okay. Did what you needed done in the task scheduler. I ran OOSU10.exe and performed the requested actions. Lastly, I provided the logs for both VEW and LatencyMon.
 
 
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 21/08/2022 8:21:49 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/08/2022 1:18:04 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. . 
 
Log: 'Application' Date/Time: 21/08/2022 1:18:04 AM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 21/08/2022 1:18:04 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. . 
 
Log: 'Application' Date/Time: 21/08/2022 1:18:04 AM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 20/08/2022 8:18:54 PM
Type: Error Category: 0
Event: 1552 Source: Microsoft-Windows-User Profiles Service
User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5312, ProfSvc PID: 2292.
 
Log: 'Application' Date/Time: 20/08/2022 8:18:54 PM
Type: Error Category: 0
Event: 1552 Source: Microsoft-Windows-User Profiles Service
User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe, PID: 3392, ProfSvc PID: 2292.
 
Log: 'Application' Date/Time: 20/08/2022 7:44:54 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SensorDataService.exe, version: 10.0.19041.746, time stamp: 0x9411a0ac Faulting module name: RsProvider.dll, version: 1.23.0.0, time stamp: 0x56fb7e54 Exception code: 0xc0000005 Fault offset: 0x00000000000990f2 Faulting process id: 0x8f8 Faulting application start time: 0x01d8b4cd51fae867 Faulting application path: C:\WINDOWS\System32\SensorDataService.exe Faulting module path: C:\Program Files\Realtek\RsProviders\RsProvider.dll Report Id: 8e76c5ed-67b1-42e9-87c3-ae9308f3d681 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 20/08/2022 7:42:53 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SensorDataService.exe, version: 10.0.19041.746, time stamp: 0x9411a0ac Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x7e4 Faulting application start time: 0x01d8b4cd09a4d817 Faulting application path: C:\WINDOWS\System32\SensorDataService.exe Faulting module path: unknown Report Id: 049043b8-50b5-47b6-a207-8074e800d340 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 20/08/2022 7:42:23 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SensorDataService.exe, version: 10.0.19041.746, time stamp: 0x9411a0ac Faulting module name: KERNELBASE.dll, version: 10.0.19041.1889, time stamp: 0xe9ede6d6 Exception code: 0xc0000002 Fault offset: 0x0000000000034fd9 Faulting process id: 0xe54 Faulting application start time: 0x01d8b4ccf5443bc1 Faulting application path: C:\WINDOWS\System32\SensorDataService.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 4ac685a3-f30b-45c7-834f-f08ee30e6715 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 20/08/2022 7:38:48 PM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/08/2022 1:37:11 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
taskhostw (5752,D,0) WebCacheLocal: A request to write to the file "C:\Users\MIKE CATHY\AppData\Local\Microsoft\Windows\WebCache\V01.chk" at offset 0 (0x0000000000000000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (396 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 21/08/2022 1:31:05 AM
Type: Warning Category: 1
Event: 533 Source: ESENT
taskhostw (5752,D,0) WebCacheLocal: A request to write to the file "C:\Users\MIKE CATHY\AppData\Local\Microsoft\Windows\WebCache\V01.chk" at offset 0 (0x0000000000000000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 20/08/2022 10:37:24 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\CONEXANT\SAII\SmartAudio.exe' (pid 8156) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 20/08/2022 8:26:45 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 6980 did not respond and is being forcibly terminated {filter host process 7016}. 
 
 
Log: 'Application' Date/Time: 20/08/2022 7:36:20 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:20 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:20 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:20 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:20 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:20 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:20 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:20 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:19 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:19 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:19 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:19 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:17 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ProfileAssociationProviderInterop, has been registered in the Windows Management Instrumentation namespace ROOT\Interop to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:17 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ProfileAssociationProviderInterop, has been registered in the Windows Management Instrumentation namespace ROOT\Interop to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:17 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ProfileAssociationProviderInterop, has been registered in the Windows Management Instrumentation namespace ROOT\Interop to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 20/08/2022 7:36:17 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ProfileAssociationProviderInterop, has been registered in the Windows Management Instrumentation namespace ROOT\Interop to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/08/2022 12:19:38 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Delivery Optimization service hung on starting.
 
Log: 'System' Date/Time: 22/08/2022 12:16:04 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 22/08/2022 12:16:04 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Log: 'System' Date/Time: 22/08/2022 12:15:34 AM
Type: Error Category: 0
Event: 7016 Source: Service Control Manager
The Conexant SmartAudio service service has reported an invalid current state 14.
 
Log: 'System' Date/Time: 21/08/2022 11:47:44 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The System Guard Runtime Monitor Broker service hung on starting.
 
Log: 'System' Date/Time: 21/08/2022 11:45:38 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service hung on starting.
 
Log: 'System' Date/Time: 21/08/2022 11:43:31 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Delivery Optimization service hung on starting.
 
Log: 'System' Date/Time: 21/08/2022 11:40:05 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 21/08/2022 11:40:05 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Log: 'System' Date/Time: 21/08/2022 11:39:34 PM
Type: Error Category: 0
Event: 7016 Source: Service Control Manager
The Conexant SmartAudio service service has reported an invalid current state 14.
 
Log: 'System' Date/Time: 21/08/2022 1:47:36 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Delivery Optimization service hung on starting.
 
Log: 'System' Date/Time: 21/08/2022 1:44:03 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 21/08/2022 1:44:03 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Log: 'System' Date/Time: 21/08/2022 1:43:32 PM
Type: Error Category: 0
Event: 7016 Source: Service Control Manager
The Conexant SmartAudio service service has reported an invalid current state 14.
 
Log: 'System' Date/Time: 21/08/2022 1:31:29 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The System Guard Runtime Monitor Broker service hung on starting.
 
Log: 'System' Date/Time: 21/08/2022 1:29:20 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service hung on starting.
 
Log: 'System' Date/Time: 21/08/2022 1:24:01 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Delivery Optimization service hung on starting.
 
Log: 'System' Date/Time: 21/08/2022 1:21:51 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 21/08/2022 1:21:51 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Log: 'System' Date/Time: 21/08/2022 1:21:17 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/08/2022 12:17:21 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user LAPTOP-BPIIB8FF\MIKE CATHY SID (S-1-5-21-3710523834-1862825545-2785641031-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 22/08/2022 12:16:58 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 22/08/2022 12:16:58 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 22/08/2022 12:16:22 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 22/08/2022 12:16:22 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 22/08/2022 12:16:22 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 22/08/2022 12:16:22 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 22/08/2022 12:15:10 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ROOT\SYSTEM\0001.
 
Log: 'System' Date/Time: 22/08/2022 12:15:10 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ROOT\LENOVOVHID\0000.
 
Log: 'System' Date/Time: 22/08/2022 12:14:00 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\Rtlihvs.dll 
 
Log: 'System' Date/Time: 21/08/2022 11:42:10 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user LAPTOP-BPIIB8FF\MIKE CATHY SID (S-1-5-21-3710523834-1862825545-2785641031-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 21/08/2022 11:41:20 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 21/08/2022 11:41:20 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 21/08/2022 11:39:41 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 21/08/2022 11:39:41 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 21/08/2022 11:39:41 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 21/08/2022 11:39:41 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 21/08/2022 11:38:30 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ROOT\SYSTEM\0001.
 
Log: 'System' Date/Time: 21/08/2022 11:38:30 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ROOT\LENOVOVHID\0000.
 
Log: 'System' Date/Time: 21/08/2022 11:37:05 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\Rtlihvs.dll 
 
 
 
 
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system seems to be having difficulty handling real-time audio and other tasks. You may experience drop outs, clicks or pops due to buffer underruns. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. At least one detected problem appears to be network related. In case you are using a WLAN adapter, try disabling it to get better results. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates. 
LatencyMon has been analyzing your system for  0:01:00  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        LAPTOP-BPIIB8FF
OS version:                                           Windows 10, 10.0, version 2009, build: 19044 (x64)
Hardware:                                             80TV, LENOVO
BIOS:                                                 3JCN21WW
CPU:                                                  GenuineIntel Intel® Core™ i7-7500U CPU @ 2.70GHz
Logical processors:                                   4
Processor groups:                                     1
Processor group size:                                 4
RAM:                                                  8092 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed (WMI):                             290 MHz
Reported CPU speed (registry):                        2904 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   1107.30
Average measured interrupt to process latency (µs):   19.760171
 
Highest measured interrupt to DPC latency (µs):       1086.10
Average measured interrupt to DPC latency (µs):       5.418350
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              0.0
Driver with highest ISR routine execution time:       
 
Highest reported total ISR routine time (%):          0.0
Driver with highest ISR total time:                   
 
Total time spent in ISRs (%)                          0.0
 
ISR count (execution time <250 µs):                   0
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              1242.879132
Driver with highest DPC routine execution time:       ntoskrnl.exe - NT Kernel & System, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.053324
Driver with highest DPC total execution time:         afd.sys - Ancillary Function Driver for WinSock, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.158164
 
DPC count (execution time <250 µs):                   50174
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              24
DPC count (execution time 1000-2000 µs):              2
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 lenovovantage-(lenovoboostsystemaddin).exe
 
Total number of hard pagefaults                       28
Hard pagefault count of hardest hit process:          13
Number of processes hit:                              7
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.766272
CPU 0 ISR highest execution time (µs):                0.0
CPU 0 ISR total execution time (s):                   0.0
CPU 0 ISR count:                                      0
CPU 0 DPC highest execution time (µs):                1081.116736
CPU 0 DPC total execution time (s):                   0.188289
CPU 0 DPC count:                                      24583
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.410842
CPU 1 ISR highest execution time (µs):                0.0
CPU 1 ISR total execution time (s):                   0.0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                549.694559
CPU 1 DPC total execution time (s):                   0.002236
CPU 1 DPC count:                                      138
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.999099
CPU 2 ISR highest execution time (µs):                0.0
CPU 2 ISR total execution time (s):                   0.0
CPU 2 ISR count:                                      0
CPU 2 DPC highest execution time (µs):                1242.879132
CPU 2 DPC total execution time (s):                   0.153470
CPU 2 DPC count:                                      20067
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.556430
CPU 3 ISR highest execution time (µs):                0.0
CPU 3 ISR total execution time (s):                   0.0
CPU 3 ISR count:                                      0
CPU 3 DPC highest execution time (µs):                424.251377
CPU 3 DPC total execution time (s):                   0.038072
CPU 3 DPC count:                                      5412
_________________________________________________________________________________________________________

  • 0

#38
Jamazz
Posted 21 August 2022 - 06:29 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Let me know if now is a good time to update BIOS, as I have not had a chance to do that yet.


  • 0

#39
RKinner
Posted 21 August 2022 - 09:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Yes, update the BIOS.  Make sure the laptop is plugged in when you do it.

 

We need to try and delete the Fontcache3.0.0.0.dat  file to see if that will fix these errors:

 

Log: 'System' Date/Time: 22/08/2022 12:16:04 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 22/08/2022 12:16:04 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 

 

 

If you go back into Services.msc you can find

 
Windows Presentation Foundation Font Cache 3.0.0.0,
 
If the service is running it needs to be Stopped.
 
Open File Explorer, click on View then make sure you check File Name Extensions, Hidden Items.  Then navigate to C:\Windows\ServiceProfiles\Appdata\local.
 
You will get several warnings that you don't have access to some of the folders but it lets you in if you tell it to.
 
Right click on Fontcache3.0.0.0.dat  and delete.
 
Close File Explorer.
 
Go back to Services.msc and see if you can start the Windows Presentation Foundation Font Cache 3.0.0.0 service

  • 0

#40
Jamazz
Posted 22 August 2022 - 06:41 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

I successfully installed the BIOS update. Very nerve wracking no matter how many times I've done it.

 

I was able to stop the Fontcache service but was unable to find the DAT file. See attached...

Attached Thumbnails

  • Unable to find Fontcache file.jpg

  • 0

Advertisements

#41
RKinner
Posted 22 August 2022 - 07:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Sorry.  Typo in the path.  Should be:

 

C:\Windows\ServiceProfiles\LocalService\AppData\Local


  • 0

#42
Jamazz
Posted 22 August 2022 - 09:13 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

I removed the file and was still able to start the noted service.


  • 0

#43
RKinner
Posted 22 August 2022 - 10:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

The service didn't want to start before.  I had you remove the file thinking it might be corrupt.  A new one should have been generated when you started the service.

 

Go in to Settings, Update & Security, Delivery Optimization.  Make sure All Downloads From Other PCs is OFF.

 

Search for

event viewer

hit Enter

Click on the arrow in front of Windows Logs

Left Click on Application, select Clear Log then hit Clear.

Left Click on System, select Clear Log then hit Clear.

 

Then reboot (Is it any faster booting?)  and run VEW again as before and post the log.

 

Rerun Latency Monitor and post the summary and screenshots of Processes and Drivers tabs.


  • 0

#44
Jamazz
Posted 23 August 2022 - 06:32 AM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
I decided to stop the FontCache process again and delete the DLL file, but I noticed there was another DLL file in the Windows.old folder (leftover from our repair install). I deleted that one too. With both gone I was still able to start the FontCache service, however, it gave no errors and did not affect system performance. The DLL file is still missing from both Windows and Windows.old path. I had not rebooted at this point, yet.
 
The slider for 'Allow downloads from other PC's' is off, but also, all selections for it are greyed out.
 
I'd say the PC is doing better than it was. It doesn't take 20 min to load. It now takes a few minutes. Once I get to the desktop, during a reboot, I can hear the HDD going crazy, but eventually it stops. I'd say between 3 to 5 min after the desktop loads, is when it is good to start using without waiting for items to open or navigating to be smooth.
 
 
Here's the VEW Log:
 
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 23/08/2022 8:18:05 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/08/2022 12:14:41 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 23/08/2022 12:14:41 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Log: 'System' Date/Time: 23/08/2022 12:14:11 PM
Type: Error Category: 0
Event: 7016 Source: Service Control Manager
The Conexant SmartAudio service service has reported an invalid current state 14.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/08/2022 12:16:36 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user LAPTOP-BPIIB8FF\MIKE CATHY SID (S-1-5-21-3710523834-1862825545-2785641031-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 23/08/2022 12:14:57 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 23/08/2022 12:14:57 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 23/08/2022 12:14:57 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 23/08/2022 12:14:57 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 23/08/2022 12:13:45 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ROOT\SYSTEM\0001.
 
Log: 'System' Date/Time: 23/08/2022 12:13:45 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ROOT\LENOVOVHID\0000.
 
Log: 'System' Date/Time: 23/08/2022 12:12:49 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\Rtlihvs.dll 
 
 
 
 
Here's the LatencyMon Report:
 
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be having trouble handling real-time audio and other tasks. You are likely to experience buffer underruns appearing as drop outs, clicks or pops. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. At least one detected problem appears to be network related. In case you are using a WLAN adapter, try disabling it to get better results. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates. 
LatencyMon has been analyzing your system for  0:01:04  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        LAPTOP-BPIIB8FF
OS version:                                           Windows 10, 10.0, version 2009, build: 19044 (x64)
Hardware:                                             80TV, LENOVO
BIOS:                                                 3JCN31WW
CPU:                                                  GenuineIntel Intel® Core™ i7-7500U CPU @ 2.70GHz
Logical processors:                                   4
Processor groups:                                     1
Processor group size:                                 4
RAM:                                                  8092 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed (WMI):                             290 MHz
Reported CPU speed (registry):                        2904 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   1308.10
Average measured interrupt to process latency (µs):   13.942706
 
Highest measured interrupt to DPC latency (µs):       1232.70
Average measured interrupt to DPC latency (µs):       4.466236
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              74.348485
Driver with highest ISR routine execution time:       ACPI.sys - ACPI Driver for NT, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.000527
Driver with highest ISR total time:                   ACPI.sys - ACPI Driver for NT, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.000527
 
ISR count (execution time <250 µs):                   21
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              2217.697314
Driver with highest DPC routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.099897
Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.281816
 
DPC count (execution time <250 µs):                   80959
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              86
DPC count (execution time 1000-2000 µs):              8
DPC count (execution time 2000-4000 µs):              1
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 avgsvc.exe
 
Total number of hard pagefaults                       3038
Hard pagefault count of hardest hit process:          1935
Number of processes hit:                              35
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       1.318460
CPU 0 ISR highest execution time (µs):                74.348485
CPU 0 ISR total execution time (s):                   0.001352
CPU 0 ISR count:                                      21
CPU 0 DPC highest execution time (µs):                1801.069559
CPU 0 DPC total execution time (s):                   0.564051
CPU 0 DPC count:                                      55973
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.355659
CPU 1 ISR highest execution time (µs):                0.0
CPU 1 ISR total execution time (s):                   0.0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                721.014463
CPU 1 DPC total execution time (s):                   0.024055
CPU 1 DPC count:                                      7754
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.641958
CPU 2 ISR highest execution time (µs):                0.0
CPU 2 ISR total execution time (s):                   0.0
CPU 2 ISR count:                                      0
CPU 2 DPC highest execution time (µs):                1539.281680
CPU 2 DPC total execution time (s):                   0.080364
CPU 2 DPC count:                                      12083
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.400248
CPU 3 ISR highest execution time (µs):                0.0
CPU 3 ISR total execution time (s):                   0.0
CPU 3 ISR count:                                      0
CPU 3 DPC highest execution time (µs):                2217.697314
CPU 3 DPC total execution time (s):                   0.054386
CPU 3 DPC count:                                      5244
_________________________________________________________________________________________________________

Attached Thumbnails

  • LatencyMon HE.jpg
  • LatencyMon PF.jpg

  • 0

#45
RKinner
Posted 23 August 2022 - 08:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Not sure what DLL you are talking about.  The file for the font cache is a .dat.  If it's not created when you restart the service then it may be recreated at boot or perhaps the first time you use a WPF based program.

 

The other browser.dll was the one I was worried about but Windows isn't complaining about it any more so I'm going to let it go.

 

Apparently we are still having a problem with the font cache service. 

Log: 'System' Date/Time: 23/08/2022 12:14:41 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 

 

Odd since it does start OK manually.  Perhaps a Windows bug.  I don't like to see services not start since it waits 30 seconds for the service to start and this can slow down the boot.

 

The Delivery Optimization error is now gone so that's good.

 

We are seeing a problem with the conexant audio driver. 

Log: 'System' Date/Time: 23/08/2022 12:14:11 PM

Type: Error Category: 0
Event: 7016 Source: Service Control Manager
The Conexant SmartAudio service service has reported an invalid current state 14.
 

 

There is a newer one 8.66.46.65 which may fix the problem:  

https://support.leno...64-bit-notebook

(Again this may not be your exact model so go to the Lenovo Support site for your model.)

 

Looking at your Latency Monitor files we are getting a lot of pagefaults from AVG.  Can you uninstall it for now?  Also check your Lenovo site for a new WiFi driver.  You are using Realtek 8821AE Wireless.  Realtek has had problems with their Win 10 wireless drivers and there have been several iterations in the last year.  Might be better to get get the driver directly from Realtek. 

https://www.realtek....8821ae-software

The second one is strictly for the Wireless.  The top one includes bluetooth software.  Realtek has a funny Captcha system.  Instead of repeating what they show you you have to solve the addition or subtraction problem and just type the answer:  Example that I just got was 1+ 7 so had to type 8 to get the download.  The download is a zip file so you need to find the downloaded file then right click on it and Extract All, Extract then right click on Install.bat and Run As Admin.

 

Errors like these:

 

Log: 'System' Date/Time: 23/08/2022 12:14:57 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 

 

Are usually caused by Intel's Speedstep software.  This is also why Latency Monitor says:

 
Reported CPU speed (WMI):                             290 MHz
Reported CPU speed (registry):                        2904 MHz

 

Speedstep is supposed to save power by slowing the CPU down when it doesn't have a lot of work to do.  I'm not convinced that it works very well.  I would go into the BIOS setup and turn it off.  See if it makes a difference in the speed of boot or in general. 

 

Unless you are using RAID to control multiple drives (unlikely with a laptop) you can do without Intel® Rapid Storage Technology software so I would uninstall it and then reboot.

 

Finally close your browser and rerun Latency Monitor and let's see if it still complains.   If not then bring up your browser and see if Latency Monitor is happy with it.  If starting the browser cause Latency Monitor to complain then try installing Ublock Origin extension for Edge https://ublockorigin.com/ (or whatever browser you are using)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP