Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chkdsk windows 10 [Solved]


  • This topic is locked This topic is locked

#16
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

I think the drive is dying. I can not send a log. Every time I tap a button or move the mouse, the drive whirs up and runs forever. When doing so the computer will not respond.


  • 0

Advertisements


#17
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

DISM log

 

2022-01-07 17:03:37, Info                  DISM   PID=11136 TID=8520 DismCore.dll version: 10.0.19041.746 - CDISMManager::FinalConstruct
2022-01-07 17:03:37, Info                  DISM   Initialized Panther logging at C:\WINDOWS\Logs\DISM\dism.log
2022-01-07 17:03:37, Info                  DISM   PID=11136 TID=8520 Successfully loaded the ImageSession at "C:\WINDOWS\system32\Dism" - CDISMManager::LoadLocalImageSession
2022-01-07 17:03:37, Info                  DISM   Initialized Panther logging at C:\WINDOWS\Logs\DISM\dism.log
2022-01-07 17:03:37, Info                  DISM   DISM Provider Store: PID=11136 TID=8520 Found and Initialized the DISM Logger. - CDISMProviderStore::Internal_InitializeLogger
2022-01-07 17:03:37, Info                  DISM   DISM Provider Store: PID=11136 TID=8520 Failed to get and initialize the PE Provider.  Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
2022-01-07 17:03:37, Info                  DISM   DISM Provider Store: PID=11136 TID=8520 Finished initializing the Provider Map. - CDISMProviderStore::Final_OnConnect
2022-01-07 17:03:37, Info                  DISM   Initialized Panther logging at C:\WINDOWS\Logs\DISM\dism.log
2022-01-07 17:03:37, Info                  DISM   DISM Manager: PID=11136 TID=8520 Successfully created the local image session and provider store. - CDISMManager::CreateLocalImageSession
2022-01-07 17:03:37, Info                  DISM   DISM.EXE: 
2022-01-07 17:03:37, Info                  DISM   DISM.EXE: <----- Starting Dism.exe session ----->
2022-01-07 17:03:37, Info                  DISM   DISM.EXE: 
2022-01-07 17:03:37, Info                  DISM   DISM.EXE: Host machine information: OS Version=10.0.19043, Running architecture=amd64, Number of processors=4
2022-01-07 17:03:37, Info                  DISM   DISM.EXE: Dism.exe version: 10.0.19041.844
2022-01-07 17:03:37, Info                  DISM   DISM.EXE: Executing command line: DISM.exe  /Online /Cleanup-Image /Restorehealth
2022-01-07 17:03:37, Info                  DISM   DISM Provider Store: PID=11136 TID=8520 Connecting to the provider located at C:\WINDOWS\system32\Dism\FolderProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:37, Info                  DISM   DISM Manager: PID=11136 TID=8520 physical location path: C:\ - CDISMManager::CreateImageSession
2022-01-07 17:03:37, Info                  DISM   DISM Manager: PID=11136 TID=8520 Event name for current DISM session is Global\{38B1EF81-69A8-4487-9453-5B043B51C293} - CDISMManager::CheckSessionAndLock
2022-01-07 17:03:37, Info                  DISM   DISM Manager: PID=11136 TID=8520 Create session event 0x20c for current DISM session and event name is Global\{38B1EF81-69A8-4487-9453-5B043B51C293}  - CDISMManager::CheckSessionAndLock
2022-01-07 17:03:37, Info                  DISM   DISM Manager: PID=11136 TID=8520 Copying DISM from "C:\WINDOWS\System32\Dism" - CDISMManager::CreateImageSessionFromLocation
2022-01-07 17:03:38, Info                  DISM   DISM Manager: PID=11136 TID=8520 Successfully loaded the ImageSession at "C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8" - CDISMManager::LoadRemoteImageSession
2022-01-07 17:03:38, Info                  DISM   DISM Image Session: PID=6340 TID=10200 Instantiating the Provider Store. - CDISMImageSession::get_ProviderStore
2022-01-07 17:03:38, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Initializing a provider store for the IMAGE session type. - CDISMProviderStore::Final_OnConnect
2022-01-07 17:03:38, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\OSProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:38, Info                  DISM   DISM OS Provider: PID=6340 TID=10200 Defaulting SystemPath to C:\ - CDISMOSServiceManager::Final_OnConnect
2022-01-07 17:03:38, Info                  DISM   DISM OS Provider: PID=6340 TID=10200 Defaulting Windows folder to C:\Windows - CDISMOSServiceManager::Final_OnConnect
2022-01-07 17:03:38, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Attempting to initialize the logger from the Image Session. - CDISMProviderStore::Final_OnConnect
2022-01-07 17:03:38, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\LogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:38, Info                  DISM   Initialized Panther logging at C:\WINDOWS\Logs\DISM\dism.log
2022-01-07 17:03:38, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Found and Initialized the DISM Logger. - CDISMProviderStore::Internal_InitializeLogger
2022-01-07 17:03:38, Warning               DISM   DISM Provider Store: PID=6340 TID=10200 Failed to load the provider: C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\PEProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)
2022-01-07 17:03:38, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Failed to get and initialize the PE Provider.  Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
2022-01-07 17:03:38, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finished initializing the Provider Map. - CDISMProviderStore::Final_OnConnect
2022-01-07 17:03:38, Info                  DISM   Initialized Panther logging at C:\WINDOWS\Logs\DISM\dism.log
2022-01-07 17:03:38, Info                  DISM   Initialized Panther logging at C:\WINDOWS\Logs\DISM\dism.log
2022-01-07 17:03:38, Info                  DISM   DISM Manager: PID=11136 TID=8520 Image session successfully loaded from the temporary location: C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8 - CDISMManager::CreateImageSession
2022-01-07 17:03:38, Info                  DISM   DISM.EXE: Target image information: OS Version=10.0.19043.1415, Image architecture=amd64
2022-01-07 17:03:38, Info                  DISM   DISM.EXE: Image session version: 10.0.19041.746
2022-01-07 17:03:38, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Getting the collection of providers from an image provider store type. - CDISMProviderStore::GetProviderCollection
2022-01-07 17:03:38, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\CbsProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:38, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:38, Info                  CSI    00000001 Shim considered [l:126]'\??\C:\WINDOWS\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\wcp.dll' : got STATUS_OBJECT_PATH_NOT_FOUND
2022-01-07 17:03:38, Info                  CSI    00000002 Shim considered [l:123]'\??\C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\wcp.dll' : got STATUS_SUCCESS
2022-01-07 17:03:39, Info                  DISM   DISM OS Provider: PID=6340 TID=10200 Determined System directory to be C:\Windows\System32 - CDISMOSServiceManager::get_SystemDirectory
2022-01-07 17:03:39, Info                  DISM   DISM Package Manager: PID=6340 TID=10200 Finished initializing the CbsConUI Handler. - CCbsConUIHandler::Initialize
2022-01-07 17:03:39, Info                  CSI    00000001 Shim considered [l:126]'\??\C:\WINDOWS\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\wcp.dll' : got STATUS_OBJECT_PATH_NOT_FOUND
2022-01-07 17:03:39, Info                  CSI    00000002 Shim considered [l:123]'\??\C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\wcp.dll' : got STATUS_SUCCESS
2022-01-07 17:03:39, Info                  DISM   DISM Package Manager: PID=6340 TID=10200 CBS is being initialized for online use. More information about CBS actions can be located at: %windir%\logs\cbs\cbs.log - CDISMPackageManager::Initialize
2022-01-07 17:03:39, Info                  DISM   DISM Package Manager: PID=6340 TID=10200 Loaded servicing stack for online use only. - CDISMPackageManager::CreateCbsSession
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\MsiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\IntlProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\IBSProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\DmiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  CSI    00000001 Shim considered [l:126]'\??\C:\WINDOWS\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\wcp.dll' : got STATUS_OBJECT_PATH_NOT_FOUND
2022-01-07 17:03:39, Info                  CSI    00000002 Shim considered [l:123]'\??\C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\wcp.dll' : got STATUS_SUCCESS
2022-01-07 17:03:39, Info                  DISM   DISM Driver Manager: PID=6340 TID=10200 Further logs for driver related operations can be found in the target operating system at %WINDIR%\inf\setupapi.offline.log - CDriverManager::Initialize
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\UnattendProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\SmiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Warning               DISM   DISM Provider Store: PID=6340 TID=10200 Failed to load the provider: C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\EmbeddedProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\AppxProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\ProvProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\AssocProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\GenericProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\OfflineSetupProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\SysprepProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\TransmogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Transmog Provider: PID=6340 TID=10200 Current image session is [ONLINE] - CTransmogManager::GetMode
2022-01-07 17:03:39, Info                  DISM   DISM Transmog Provider: PID=6340 TID=10200 Audit Mode: [No] - CTransmogManager::Initialize
2022-01-07 17:03:39, Info                  DISM   DISM Transmog Provider: PID=6340 TID=10200 GetProductType: ProductType = [WinNT] - CTransmogManager::GetProductType
2022-01-07 17:03:39, Info                  DISM   DISM Transmog Provider: PID=6340 TID=10200 Product Type: [WinNT] - CTransmogManager::Initialize
2022-01-07 17:03:39, Info                  DISM   DISM Transmog Provider: PID=6340 TID=10200 Product Type ServerNT : [No] - CTransmogManager::Initialize
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Connecting to the provider located at C:\Users\CUSTOM~1\AppData\Local\Temp\5E1543AD-604D-460D-999D-B29A3D919BD8\SetupPlatformProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Got the collection of providers. Now enumerating them to build the command table.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: DISM Log Provider
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: OSServices
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: DISM Package Manager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: DISM Package Manager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: MsiManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: MsiManager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: IntlManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: IntlManager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: IBSManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: DriverManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: DriverManager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: DISM Unattend Manager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: DISM Unattend Manager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: SmiManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: AppxManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: AppxManager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: ProvManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: ProvManager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: AssocManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: AssocManager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: GenericManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: GenericManager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: OfflineSetupManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: OfflineSetupManager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: SysprepManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: SysprepManager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: Edition Manager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: Edition Manager.
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Attempting to add the commands from provider: SetupPlatformManager
2022-01-07 17:03:39, Info                  DISM   DISM.EXE: Succesfully registered commands for the provider: SetupPlatformManager.
2022-01-07 17:03:39, Info                  DISM   DISM Package Manager: PID=6340 TID=10200 Processing the top level command token(cleanup-image). - CPackageManagerCLIHandler::Private_ValidateCmdLine
2022-01-07 17:03:39, Info                  DISM   DISM Package Manager: PID=6340 TID=10200 Attempting to route to appropriate command handler. - CPackageManagerCLIHandler::ExecuteCmdLine
2022-01-07 17:03:39, Info                  DISM   DISM Package Manager: PID=6340 TID=10200 Routing the command... - CPackageManagerCLIHandler::ExecuteCmdLine
2022-01-07 17:03:39, Info                  DISM   DISM Package Manager: PID=6340 TID=10200 CBS session options=0x40100! - CDISMPackageManager::Internal_Finalize
2022-01-07 17:06:12, Info                  DISM   DISM Package Manager: PID=6340 TID=11112  Error in operation: (null) (CBS HRESULT=0x80070017) - CCbsConUIHandler::Error
2022-01-07 17:06:12, Error                 DISM   DISM Package Manager: PID=6340 TID=10200 Failed finalizing changes. - CDISMPackageManager::Internal_Finalize(hr:0x80070017)
2022-01-07 17:06:12, Error                 DISM   DISM Package Manager: PID=6340 TID=10200 Failed processing package changes with session option CbsSessionOptionRepairStoreCorruption - CDISMPackageManager::RestoreHealth(hr:0x80070017)
2022-01-07 17:06:12, Error                 DISM   DISM Package Manager: PID=6340 TID=10200 Failed to restore the image health. - CPackageManagerCLIHandler::ProcessCmdLine_CleanupImage(hr:0x80070017)
2022-01-07 17:06:12, Error                 DISM   DISM Package Manager: PID=6340 TID=10200 Failed while processing command cleanup-image. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x80070017)
2022-01-07 17:06:12, Info                  DISM   DISM Package Manager: PID=6340 TID=10200 Further logs for online package and feature related operations can be found at %WINDIR%\logs\CBS\cbs.log - CPackageManagerCLIHandler::ExecuteCmdLine
2022-01-07 17:06:12, Error                 DISM   DISM.EXE: DISM Package Manager processed the command line but failed. HRESULT=80070017
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Found the OSServices.  Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Found the OSServices.  Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Found the PE Provider.  Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(DISM Package Manager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Package Manager: PID=6340 TID=10200 Finalizing CBS core. - CDISMPackageManager::Finalize
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: DISM Package Manager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(MsiManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: MsiManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(IntlManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: IntlManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(IBSManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: IBSManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(DriverManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: DriverManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(DISM Unattend Manager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: DISM Unattend Manager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(SmiManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: SmiManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(AppxManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: AppxManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(ProvManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: ProvManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(AssocManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: AssocManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(GenericManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: GenericManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(OfflineSetupManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: OfflineSetupManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(SysprepManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: SysprepManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(Edition Manager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: Edition Manager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Finalizing the servicing provider(SetupPlatformManager) - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: SetupPlatformManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Releasing the local reference to OSServices. - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Disconnecting Provider: OSServices - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=6340 TID=10200 Releasing the local reference to DISMLogger.  Stop logging. - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Manager: PID=11136 TID=8520 Closing session event handle 0x20c - CDISMManager::CleanupImageSessionEntry
2022-01-07 17:06:12, Info                  DISM   DISM.EXE: Image session has been closed. Reboot required=no.
2022-01-07 17:06:12, Info                  DISM   DISM.EXE: 
2022-01-07 17:06:12, Info                  DISM   DISM.EXE: <----- Ending Dism.exe session ----->
2022-01-07 17:06:12, Info                  DISM   DISM.EXE: 
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=11136 TID=8520 Found the OSServices.  Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=11136 TID=8520 Disconnecting Provider: FolderManager - CDISMProviderStore::Internal_DisconnectProvider
2022-01-07 17:06:12, Info                  DISM   DISM Provider Store: PID=11136 TID=8520 Releasing the local reference to DISMLogger.  Stop logging. - CDISMProviderStore::Internal_DisconnectProvider

  • 0

#18
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

Says CBS file too large

 


  • 0

#19
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

Did get an error with CHKDSK. Said it put it in file. Not there.


Edited by tjmcs, 07 January 2022 - 06:59 PM.

  • 0

#20
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
There were errors running DISM
 
To fix the this and use a local disc image of Windows 10, you need to first download the Windows 10 image. You can get it from Microsoft.
 
 
  • Visit the official Microsoft Windows 10 download page.
  • Click the ‘Download tool now’ button under the ‘Create installation media’ section.
  • Run the tool. Accept the agreement, and select the ‘Create installation media’ option.
  • On the ‘Choose which media to use’ screen, select ISO file.
  • Allow the file to download.
 
 
Run DISM Restore health
 

 

  • Now that you’ve got the Windows 10 ISO image, you can run a restore health command.
  • Open File Explorer and navigate to where the ISO file has been downloaded.
  • Right-click the file, and select ‘Mount’ from the context menu.
  • Navigate to This PC in File Explorer.
  • You will see a new virtual DVD drive has been mounted.
  • Open the drive.
  • Go to the Sources folder.
  • Look for either the install.esd file, or the install.wim file. Only one of these files will be present and they will determine the command that is going to run.
  • Copy the path to the install.esd or the install.wim file.
  • Open Command Prompt with admin rights and run the following command. Update the path to the install.esd/install.wim file before you run it.
  • DISM /Online /Cleanup-Image /RestoreHealth /Source:"path to install.esd/install.wim' file"
 

Note: In my case the iso file was saved in My Documents. I Mounted the ISO and a new virtual drive was created as F:\ESD-ISO. The file with an extension .esd, was found on F:\Sources\Install.esd.

 
Example to run DISM on my case was:
 
DISM /Online /Cleanup-Image /RestoreHealth /Source:F:\Sources\install.esd
 
Allow the command to finish, and problems with your Windows 10 installation should be resolved.
 
After running this command then try the System File Checker:
 
SFC /ScanNow
 
Keep me posted.

  • 0

#21
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

Tried several times. "Unable to run tool on PC". Error code 0x80080005-0x90018


  • 0

#22
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
Let me take a look at the system:
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  • Right click FRST(64) and select Run as administrator.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
 

  • 0

#23
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021
Ran by customerservice (administrator) on LENOVO-PC (LENOVO F0AW0034US) (08-01-2022 19:18:39)
Running from C:\Users\customerservice\Downloads
Loaded Profiles: customerservice
Platform: Microsoft Windows 10 Home Version 21H1 19043.1415 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
() [File not signed] C:\Windows\jmesoft\Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\customerservice\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <34>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Nitro PDF Software -> Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software -> Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Lenovo Motion\PG_Service_Launcher.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Lenovo Motion\PGService.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Lenovo Motion\WebcamSplitterServer.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] () [File not signed]
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo (Beijing) Limited -> Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2014-04-25] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168920 2014-04-25] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo -> Lenovo)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\RunLEDS.exe [1752920 2012-09-18] (Lenovo -> Lenovo)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (No File)
HKLM\...\Windows x64\Print Processors\hpcpp140: C:\Windows\System32\spool\prtprocs\x64\hpcpp140.DLL [559616 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\sxr2mPC: C:\Windows\System32\spool\prtprocs\x64\sxr2mpc.dll [37376 2012-11-06] (Windows ® Server 2003 DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\xp3315pp: C:\Windows\System32\spool\prtprocs\x64\xp3315pp.dll [114688 2012-11-07] (Windows ® Codename Longhorn DDK provider) [File not signed]
HKLM\...\Print\Monitors\glocom3: C:\WINDOWS\system32\glocom3_fax.dll [6009856 2018-08-27] (Bicom Systems) [File not signed]
HKLM\...\Print\Monitors\HP D911 Status Monitor: C:\WINDOWS\system32\hpinkstsD911LM.dll [393352 2017-03-27] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\WINDOWS\system32\nitrolocalmon9.dll [29704 2013-12-12] (Nitro PDF Software -> Nitro PDF Software)
HKLM\...\Print\Monitors\rica1Zlm: C:\WINDOWS\system32\rica1Zlm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\...\Print\Monitors\ricu0llm: C:\WINDOWS\system32\ricu0llm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\...\Print\Monitors\sxr2m Langmon: C:\WINDOWS\system32\sxr2mlm.dll [34304 2011-08-05] () [File not signed]
HKLM\...\Print\Monitors\sxr2x Langmon: C:\WINDOWS\system32\sxr2xlm.dll [34304 2011-08-05] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-05] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Motion.lnk [2014-07-31]
ShortcutTarget: Lenovo Motion.lnk -> C:\Program Files (x86)\Lenovo\Lenovo Motion\PG_Tray.exe (PointGrab Ltd -> PointGrab LTD)
Startup: C:\Users\customerservice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk /k:C * 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000D3822-5246-48C5-80A7-056475DCFEEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {03C56F68-AB18-4303-9099-499A310CFA10} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {05C420AC-D6E7-4960-8EAE-9D76F7BCBB39} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {05F69063-9E05-4AD0-BB3F-7432B6CC3469} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {09E4FB88-3387-4BB2-A758-87A8E22DCDF1} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (No File)
Task: {0A17DC7E-8A47-4423-A39D-AA91FBDA12AF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2c83096e-78c4-4bd2-a179-86bbf78c1279 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {0F4EA361-145C-4B94-BF07-16ED3B70C1CE} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [263504 2016-06-02] (LENOVO -> )
Task: {1155BD0F-2583-435D-A981-DA5E2AA37436} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {184E9436-65FD-4C7F-91C4-0309E21F1491} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {185CD1E4-DD2D-4AAF-AB0D-E93D3642209F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {1CA63DCA-CA00-4FEF-AC41-69E27D8D11A2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2014-04-25] (CyberLink -> CyberLink)
Task: {20A37501-0E20-4ED4-9967-07DAE3013F99} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {32350E40-71D7-45AE-A2FE-CBCDF9721DE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-06] (Google Inc -> Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {3B63D030-AC55-4665-9001-84DD8D238E44} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe (No File)
Task: {3CD38725-41A2-458A-B1D9-771D566B1679} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1168067149-1418559455-1623139670-1001 => C:\Users\customerservice\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [88408 2021-12-29] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {4432FAEA-EB32-4C06-A656-EAD35869C8DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {45A2D13D-7D6A-4FDD-BC29-0F6B82BC623C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-06] (Google Inc -> Google Inc.)
Task: {4B134E1B-F25F-42E2-B899-668935F1E630} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {4ED9668F-E7F0-46B7-B064-F45745B77154} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {69E71E3B-38E4-4044-8BB5-A945D59E72DF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {69FEED23-F89C-4941-8B08-86167CDD9A3E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6C9D8729-5D28-4B7F-B826-0992ED4E38E9} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {6D68C7E8-D4E6-47CF-A498-941A88DA2C46} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-01-08] (Lenovo -> )
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7819A85D-D55E-4005-B7AA-8315CD13267E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {79A4B4F3-135D-4A57-84B7-F2F2AB8F6A3F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A14EA68-2EEB-461D-9F90-045485227020} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7A217303-1D1E-405F-80A2-F17A8D91F38F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8107C03D-2C7C-4129-A571-68EB5D71317E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82067E66-73B0-4F99-B015-A3B858AD8FC8} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [3645192 2016-05-18] (McAfee, Inc. -> McAfee, Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8BB857B5-02C6-45D2-8E0E-F7754B96B087} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform)
Task: {8E8109CA-8A59-4147-8328-D680E5F24ACE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {94B1D677-D691-42F8-805A-208B065E631E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {95C746C1-1AB3-4033-9CAA-4D516433803C} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321296 2016-06-02] (LENOVO -> Lenovo)
Task: {991B6EBC-0923-4C82-AFF5-3CD5F8BBACB4} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {9CED8A54-F3A6-4AD6-9901-4147F292BBA5} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {9D794DC9-46C5-42BF-B90C-4CA106E36E43} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {AA1AF704-E393-47D2-8AA8-61A8235E604C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No File)
Task: {AC3691EC-7F55-47B8-B663-25F2F1A68B97} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f1edce1a-0c7d-4bbd-8183-33de09074d9f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {AE9D377D-074C-495E-AC7D-960A3B522B72} - \WPD\SqmUpload_S-1-5-21-1168067149-1418559455-1623139670-1001 -> No File <==== ATTENTION
Task: {B47378CA-0DB0-4F99-9544-B40A3C5C1A6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B48EB9AB-88CA-42FE-9C3D-1E577ABFC0A1} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {B77FAA68-E9F4-435D-82DC-4C028ADEFB58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BA5C84BB-707A-4B9A-B669-01E8C65793E4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-01-08] (Lenovo -> )
Task: {C0B6EE2B-0C7B-4D38-8C02-135D6FA6BBE1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e89f8144-0b20-4bd6-b5e9-469a87297551 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {C2A2CE6B-EE81-4153-B214-B02C7B10C6CB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C648CF77-CC56-4C22-89E4-F8E0DCB2B9AC} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {C8F62D32-1E9B-4258-96A7-FA06C62768FD} - System32\Tasks\Pokki => C:\Users\customerservice\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe /LOGON (No File)
Task: {C914F64F-A58E-4218-ABD3-DEB57B09CEB2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d8c5c5aa-38bb-4f2a-a498-828091d20d1e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {CD54645E-AF5A-4F97-BBB2-35F2603E97F6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CF46A063-1511-4D0E-8840-212603E34C9B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D33ED754-908A-41A6-B2C6-76889A3C7685} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {E4CD31FB-427D-41B4-852E-F3DA7BB0626F} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {F11084D8-2EDE-4161-8ECC-23912273CADC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F37CE2F0-9FC9-4AFB-BB19-8AA8B1D50EB0} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [63728 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {F9FF23E2-CC5F-4D8E-9A6C-77246D458FDB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {FB50DE00-BFD4-4927-A6F4-5D3AA05F0B67} - System32\Tasks\CCleanerSkipUAC - customerservice => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 24.48.160.2 24.48.160.3
Tcpip\..\Interfaces\{b4be4a7d-48fa-4e16-9eda-4c942dd5d8f5}: [DhcpNameServer] 24.48.160.2 24.48.160.3
Tcpip\..\Interfaces\{fc864522-7d89-4bd9-a682-3386cfcf72b8}: [DhcpNameServer] 24.48.160.2 24.48.160.3
 
Edge: 
=======
DownloadDir: C:\Users\customerservice\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\customerservice\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-08]
 
FireFox:
========
FF DefaultProfile: xkr65u9a.default
FF ProfilePath: C:\Users\customerservice\AppData\Roaming\Mozilla\Firefox\Profiles\xkr65u9a.default [2020-06-13]
FF ProfilePath: C:\Users\customerservice\AppData\Roaming\Mozilla\Firefox\Profiles\bfgmw39l.default-release [2022-01-08]
FF Notifications: Mozilla\Firefox\Profiles\bfgmw39l.default-release -> hxxps://www.wesh.com; hxxps://www.tvguide.com
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\customerservice\AppData\Local\Google\Chrome\User Data\Default [2022-01-08]
CHR Extension: (Adobe Acrobat) - C:\Users\customerservice\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-05]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\customerservice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\customerservice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-05]
CHR HKU\S-1-5-21-1168067149-1418559455-1623139670-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe [31016 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (LENOVO -> Lenovo)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software -> Nitro PDF Software)
R2 nlsX86cc; C:\windows\SysWOW64\NLSSRV32.EXE [69640 2013-12-12] (Nitro PDF Software -> Nalpeiron Ltd.)
R2 PGService; C:\Program Files (x86)\Lenovo\Lenovo Motion\PGService.exe [142600 2014-03-06] (PointGrab Ltd -> PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Lenovo Motion\PG_Service_Launcher.exe [488200 2014-03-06] (PointGrab Ltd -> PointGrab LTD)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 atapi; C:\WINDOWS\System32\drivers\atapi.sys [30032 2021-10-18] () [File not signed]
S0 iaStorV; C:\WINDOWS\System32\drivers\iaStorV.sys [412176 2019-12-07] (Microsoft Windows -> Intel Corporation) [File not signed]
R3 MpKsleda7cf35; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5160DEE-9ADA-4000-9A52-29D814055E0A}\MpKslDrv.sys [134376 2022-01-08] (Microsoft Windows -> Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-15] (Microsoft Windows -> Microsoft Corporation)
R0 WinI2C-DDC; C:\WINDOWS\System32\drivers\DDCDrv.sys [20832 2008-04-08] (PC Micro Systems Inc. -> Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Lenovo (Beijing) Limited -> Nicomsoft Ltd.)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
S3 AppleKmdfFilter; \SystemRoot\System32\drivers\AppleKmdfFilter.sys [X]
S3 AppleLowerFilter; \SystemRoot\System32\drivers\AppleLowerFilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-01-08 19:18 - 2022-01-08 19:19 - 000030163 _____ C:\Users\customerservice\Downloads\FRST.txt
2022-01-08 19:17 - 2022-01-08 19:19 - 000000000 ____D C:\FRST
2022-01-08 19:16 - 2022-01-08 19:16 - 002311168 _____ (Farbar) C:\Users\customerservice\Downloads\FRST64.exe
2022-01-08 13:06 - 2022-01-08 13:06 - 000000000 ___HD C:\$Windows.~WS
2022-01-08 09:03 - 2022-01-08 13:10 - 000000000 ____D C:\ESD
2022-01-08 09:00 - 2022-01-08 09:00 - 000000000 ____D C:\$WINDOWS.~BT
2022-01-07 17:36 - 2022-01-07 17:54 - 000000000 ____D C:\WINDOWS\pss
2022-01-05 22:07 - 2022-01-06 08:09 - 000040080 _____ C:\Users\customerservice\Downloads\MTB.txt
2022-01-05 22:06 - 2022-01-05 22:06 - 000892416 _____ (Farbar) C:\Users\customerservice\Downloads\MiniToolBox.exe
2022-01-05 21:13 - 2022-01-08 12:02 - 000000000 _____ C:\Recovery.txt
2022-01-04 18:49 - 2022-01-04 18:49 - 000000112 ___SH C:\bootTel.dat
2022-01-04 18:49 - 2022-01-04 18:49 - 000000000 __SHD C:\found.001
2022-01-01 17:53 - 2022-01-01 17:53 - 000000000 __SHD C:\found.000
2022-01-01 16:17 - 2022-01-01 16:17 - 000153528 _____ (Intel) C:\Users\customerservice\Downloads\DSAUninstaller (1).exe
2022-01-01 15:35 - 2022-01-07 17:53 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-01-01 15:33 - 2022-01-01 16:10 - 000304780 _____ C:\WINDOWS\ntbtlog.txt
2022-01-01 11:39 - 2022-01-01 22:31 - 000000000 ____D C:\WINDOWS\Minidump
2022-01-01 09:20 - 2022-01-01 09:20 - 000001521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2022-01-01 09:16 - 2022-01-01 09:16 - 005934808 _____ (Intel) C:\Users\customerservice\Downloads\Intel-Driver-and-Support-Assistant-Installer (1).exe
2021-12-31 09:22 - 2021-12-31 09:22 - 000007634 _____ C:\Users\customerservice\AppData\Local\Resmon.ResmonCfg
2021-12-20 20:10 - 2022-01-01 09:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-12-18 09:48 - 2021-12-18 09:48 - 000000394 _____ C:\WINDOWS\storelibdebug.txt
2021-12-17 22:15 - 2021-12-17 22:15 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-17 17:17 - 2021-12-17 17:17 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-17 17:17 - 2021-12-17 17:17 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-17 17:16 - 2021-12-17 17:16 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-17 17:16 - 2021-12-17 17:16 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-16 19:53 - 2021-12-16 19:53 - 000000000 ___HD C:\$WinREAgent
2021-12-10 18:24 - 2021-12-10 18:24 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1168067149-1418559455-1623139670-1001
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-01-08 19:18 - 2020-06-19 16:09 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-08 19:18 - 2020-06-19 16:09 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-08 19:05 - 2015-03-06 10:05 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-08 19:02 - 2020-11-26 21:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-08 19:02 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-08 13:20 - 2015-03-06 23:19 - 000000000 ____D C:\Users\customerservice\AppData\Roaming\Nitro PDF
2022-01-08 13:10 - 2020-11-25 21:51 - 000000000 ___DC C:\WINDOWS\Panther
2022-01-08 13:06 - 2020-02-14 21:06 - 000000000 ____D C:\Program Files\CCleaner
2022-01-08 13:04 - 2020-11-26 21:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-08 13:04 - 2020-11-26 21:19 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-08 13:04 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-01-08 13:04 - 2017-07-13 07:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-01-08 13:04 - 2015-03-06 23:09 - 000000000 __SHD C:\Users\customerservice\IntelGraphicsProfiles
2022-01-08 12:54 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-08 12:33 - 2020-02-14 20:51 - 000000000 ____D C:\Users\customerservice\AppData\LocalLow\Mozilla
2022-01-08 09:44 - 2020-11-26 16:02 - 000000000 ____D C:\Users\customerservice
2022-01-07 17:36 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-07 17:06 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-06 08:11 - 2020-11-26 21:40 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-05 21:59 - 2020-03-07 08:37 - 000000000 ____D C:\Users\customerservice\AppData\Local\LenovoServiceBridge
2022-01-05 17:57 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-05 17:49 - 2020-02-15 08:34 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-05 17:49 - 2020-02-15 08:34 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-04 16:38 - 2020-11-26 21:35 - 000842482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-04 16:38 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-01 22:31 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-01 18:48 - 2014-07-31 09:28 - 000000000 ____D C:\ProgramData\Realtek
2022-01-01 16:18 - 2014-07-31 09:28 - 000000000 ____D C:\Program Files (x86)\Intel
2022-01-01 16:17 - 2018-06-15 08:08 - 000000000 ____D C:\Users\customerservice\AppData\Local\D3DSCache
2022-01-01 16:14 - 2020-03-07 15:12 - 000000000 ____D C:\Users\customerservice\AppData\Local\ElevatedDiagnostics
2022-01-01 09:23 - 2020-02-14 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-01 09:21 - 2014-07-31 09:28 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-01 09:20 - 2014-07-31 09:31 - 000000000 ____D C:\ProgramData\Intel
2021-12-21 17:08 - 2020-05-04 19:30 - 000007820 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-12-20 20:22 - 2021-10-10 14:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-12-20 20:22 - 2020-02-14 20:51 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-12-18 09:48 - 2014-07-31 09:47 - 000000000 ____D C:\ProgramData\Lenovo
2021-12-17 22:16 - 2020-11-26 21:19 - 000317984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-17 22:15 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-17 22:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-17 22:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-17 22:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-17 22:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-17 22:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-17 22:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-17 22:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-17 22:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-17 22:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-17 22:08 - 2020-11-26 21:40 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-12-16 19:49 - 2015-03-10 07:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-16 19:47 - 2015-03-10 07:26 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-15 20:54 - 2018-02-28 07:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
 
==================== Files in the root of some directories ========
 
2018-11-09 14:29 - 2018-11-09 14:29 - 000000272 _____ () C:\Users\customerservice\AppData\Roaming\.backup.dm
2018-05-25 08:43 - 2018-05-25 08:43 - 000827679 _____ () C:\Users\customerservice\AppData\Local\1000024480029810688.jpg
2018-05-29 15:05 - 2018-05-29 15:11 - 001021894 _____ () C:\Users\customerservice\AppData\Local\1001570250071666688.jpg
2018-05-30 14:13 - 2018-05-30 14:34 - 000098110 _____ () C:\Users\customerservice\AppData\Local\1001919543420833792.jpg
2018-06-04 06:53 - 2018-06-04 06:53 - 000101148 _____ () C:\Users\customerservice\AppData\Local\1003620364114120704.jpg
2018-06-04 09:07 - 2018-06-04 09:07 - 000854908 _____ () C:\Users\customerservice\AppData\Local\1003654478678642688.jpg
2018-06-04 11:52 - 2018-06-04 11:52 - 000566147 _____ () C:\Users\customerservice\AppData\Local\1003696025956724736.jpg
2018-06-08 07:21 - 2018-06-08 07:21 - 000893983 _____ () C:\Users\customerservice\AppData\Local\1005076181426302976.jpg
2018-06-12 15:34 - 2018-06-12 15:34 - 000148783 _____ () C:\Users\customerservice\AppData\Local\1006649039801733120.jpg
2018-06-15 14:04 - 2018-06-15 14:10 - 000735100 _____ () C:\Users\customerservice\AppData\Local\1007715012638072832.jpg
2018-06-18 09:19 - 2018-06-18 09:19 - 001009877 _____ () C:\Users\customerservice\AppData\Local\1008730532711682048.jpg
2018-06-29 12:33 - 2018-06-29 13:19 - 000481097 _____ () C:\Users\customerservice\AppData\Local\1012757966422700032.jpg
2018-06-29 12:04 - 2018-06-29 13:19 - 000809509 _____ () C:\Users\customerservice\AppData\Local\1012758336611950592.jpg
2018-07-06 11:08 - 2018-07-06 11:09 - 000259187 _____ () C:\Users\customerservice\AppData\Local\1015281193988550656.jpg
2018-07-10 13:28 - 2018-07-10 13:28 - 000484863 _____ () C:\Users\customerservice\AppData\Local\1016765937864351744.jpg
2018-07-16 10:45 - 2018-07-16 10:45 - 000939887 _____ () C:\Users\customerservice\AppData\Local\1018899040913268736.jpg
2018-07-17 08:01 - 2018-07-17 08:04 - 000284306 _____ () C:\Users\customerservice\AppData\Local\1019220073688014848.jpg
2018-07-17 11:20 - 2018-07-17 12:34 - 000315467 _____ () C:\Users\customerservice\AppData\Local\1019270421328064512.jpg
2018-07-25 08:36 - 2018-07-25 10:59 - 000917115 _____ () C:\Users\customerservice\AppData\Local\1022127876180008960.jpg
2018-07-25 08:36 - 2018-07-25 08:36 - 000489913 _____ () C:\Users\customerservice\AppData\Local\1022127878130360320.jpg
2018-07-25 10:28 - 2018-07-25 10:59 - 000914684 _____ () C:\Users\customerservice\AppData\Local\1022156692537462784.jpg
2018-07-26 08:15 - 2018-07-26 08:15 - 000972436 _____ () C:\Users\customerservice\AppData\Local\1022484934016409600.jpg
2018-07-30 11:34 - 2018-07-30 11:34 - 000478524 _____ () C:\Users\customerservice\AppData\Local\1023985069560700928.jpg
2018-07-30 12:35 - 2018-07-30 12:35 - 000332986 _____ () C:\Users\customerservice\AppData\Local\1023999136283217920.jpg
2018-08-17 07:06 - 2018-08-17 07:06 - 000408700 _____ () C:\Users\customerservice\AppData\Local\1030440552736067584.jpg
2018-08-17 09:52 - 2018-08-17 09:52 - 000757218 _____ () C:\Users\customerservice\AppData\Local\1030482338254700544.jpg
2018-08-23 13:51 - 2018-08-23 13:52 - 000212556 _____ () C:\Users\customerservice\AppData\Local\1032716529410637824.jpg
2018-08-24 12:28 - 2018-08-24 12:31 - 000770392 _____ () C:\Users\customerservice\AppData\Local\1033058283888529408.jpg
2018-08-27 07:16 - 2018-08-27 07:16 - 001008578 _____ () C:\Users\customerservice\AppData\Local\1034067015938240512.jpg
2018-08-31 06:57 - 2018-08-31 06:57 - 000807220 _____ () C:\Users\customerservice\AppData\Local\1035511703337590784.jpg
2018-09-04 07:14 - 2018-09-04 07:29 - 000286407 _____ () C:\Users\customerservice\AppData\Local\1035968532194734080.jpg
2018-09-04 07:16 - 2018-09-04 07:17 - 000450657 _____ () C:\Users\customerservice\AppData\Local\1036966064248942592.jpg
2018-09-05 11:41 - 2018-09-05 11:41 - 001028431 _____ () C:\Users\customerservice\AppData\Local\1037394966972899328.jpg
2018-09-05 11:47 - 2018-09-05 12:01 - 001017676 _____ () C:\Users\customerservice\AppData\Local\1037396606547402752.jpg
2018-09-05 12:20 - 2018-09-05 12:22 - 001031510 _____ () C:\Users\customerservice\AppData\Local\1037405180199694336.jpg
2018-09-05 13:42 - 2018-09-05 13:42 - 000994547 _____ () C:\Users\customerservice\AppData\Local\1037421996036919296.jpg
2018-09-07 10:20 - 2018-09-07 10:20 - 000106468 _____ () C:\Users\customerservice\AppData\Local\1038099609277313024.jpg
2018-09-11 07:30 - 2018-09-11 07:30 - 001011636 _____ () C:\Users\customerservice\AppData\Local\1039506452285407232.jpg
2018-09-11 07:32 - 2018-09-11 07:32 - 000993918 _____ () C:\Users\customerservice\AppData\Local\1039507021729435648.jpg
2018-09-11 07:38 - 2018-09-11 07:38 - 000971008 _____ () C:\Users\customerservice\AppData\Local\1039508104497278976.jpg
2018-09-11 13:26 - 2018-09-11 13:26 - 000132198 _____ () C:\Users\customerservice\AppData\Local\1039585705081446400.jpg
2018-09-11 14:58 - 2018-09-11 14:58 - 000820384 _____ () C:\Users\customerservice\AppData\Local\1039619260968869888.jpg
2018-09-12 08:55 - 2018-09-12 08:56 - 000251149 _____ () C:\Users\customerservice\AppData\Local\1039888735332798464.jpg
2018-09-13 07:00 - 2018-09-13 07:00 - 000136583 _____ () C:\Users\customerservice\AppData\Local\1040217707375681536.jpg
2018-09-17 08:05 - 2018-09-17 08:06 - 000109598 _____ () C:\Users\customerservice\AppData\Local\1041689402288640000.jpg
2018-09-17 09:29 - 2018-09-17 09:29 - 000645032 _____ () C:\Users\customerservice\AppData\Local\1041710601647235072.jpg
2018-09-18 11:39 - 2018-09-18 12:28 - 000860771 _____ () C:\Users\customerservice\AppData\Local\1042105611685339136.jpg
2018-09-21 06:53 - 2018-09-21 06:53 - 000859993 _____ () C:\Users\customerservice\AppData\Local\1042902333047312384.jpg
2018-09-27 09:03 - 2018-09-27 09:05 - 000202704 _____ () C:\Users\customerservice\AppData\Local\1045327863465811968.jpg
2018-09-28 08:47 - 2018-09-28 08:47 - 000994122 _____ () C:\Users\customerservice\AppData\Local\1045686390516408320.jpg
2018-09-28 12:22 - 2018-09-28 12:24 - 000427784 _____ () C:\Users\customerservice\AppData\Local\1045740152471805952.jpg
2018-10-05 08:42 - 2018-10-05 08:42 - 001024120 _____ () C:\Users\customerservice\AppData\Local\1046752947829071872.jpg
2018-10-01 13:51 - 2018-10-01 13:52 - 000998633 _____ () C:\Users\customerservice\AppData\Local\1046850033597661184.jpg
2018-10-03 09:35 - 2018-10-03 09:35 - 000965686 _____ () C:\Users\customerservice\AppData\Local\1047507359526608896.jpg
2018-10-08 10:43 - 2018-10-08 10:43 - 000835224 _____ () C:\Users\customerservice\AppData\Local\1049339379840090112.jpg
2018-10-08 10:43 - 2018-10-08 10:43 - 000923178 _____ () C:\Users\customerservice\AppData\Local\1049339393421242368.jpg
2018-10-09 12:20 - 2018-10-09 12:20 - 000092415 _____ () C:\Users\customerservice\AppData\Local\1049725690572759040.jpg
2018-10-11 13:06 - 2018-10-11 13:06 - 000760299 _____ () C:\Users\customerservice\AppData\Local\1050462540371468288.jpg
2018-10-12 06:38 - 2018-10-12 06:38 - 000111944 _____ () C:\Users\customerservice\AppData\Local\1050723826321727488.jpg
2018-10-12 07:19 - 2018-10-12 07:19 - 000930757 _____ () C:\Users\customerservice\AppData\Local\1050737782260088832.jpg
2018-10-15 09:54 - 2018-10-15 09:54 - 000641068 _____ () C:\Users\customerservice\AppData\Local\1051863633848528896.jpg
2018-10-15 13:32 - 2018-10-15 13:35 - 000098266 _____ () C:\Users\customerservice\AppData\Local\1051918633278701568.jpg
2018-10-15 13:34 - 2018-10-15 13:34 - 000947542 _____ () C:\Users\customerservice\AppData\Local\1051918941132263424.jpg
2018-10-17 15:18 - 2018-10-17 15:18 - 000110539 _____ () C:\Users\customerservice\AppData\Local\1052631757011120128.jpg
2018-10-18 09:18 - 2018-10-19 10:48 - 000970383 _____ () C:\Users\customerservice\AppData\Local\1052940442027565056.jpg
2018-10-19 10:49 - 2018-10-19 10:49 - 000898013 _____ () C:\Users\customerservice\AppData\Local\1053326809752526848.jpg
2018-10-22 07:07 - 2018-10-22 07:07 - 000517396 _____ () C:\Users\customerservice\AppData\Local\1054357985808183296.jpg
2018-10-22 08:20 - 2018-10-24 13:22 - 000774859 _____ () C:\Users\customerservice\AppData\Local\1054374515262496768.jpg
2018-10-24 08:23 - 2018-10-24 08:23 - 000846078 _____ () C:\Users\customerservice\AppData\Local\1055102323211304960.jpg
2018-10-24 11:13 - 2018-10-24 11:13 - 000969146 _____ () C:\Users\customerservice\AppData\Local\1055144271062167552.jpg
2018-10-24 12:42 - 2018-10-24 12:42 - 000210089 _____ () C:\Users\customerservice\AppData\Local\1055167361523625984.jpg
2018-10-24 13:21 - 2018-10-24 13:21 - 000842388 _____ () C:\Users\customerservice\AppData\Local\1055177492021886976.jpg
2018-10-25 07:20 - 2018-10-25 07:20 - 000451258 _____ () C:\Users\customerservice\AppData\Local\1055448743357378560.jpg
2018-10-25 07:21 - 2018-10-25 07:21 - 000976105 _____ () C:\Users\customerservice\AppData\Local\1055448783668883456.jpg
2018-10-29 13:40 - 2018-10-29 13:40 - 000436655 _____ () C:\Users\customerservice\AppData\Local\1056993878897561600.jpg
2018-10-30 08:34 - 2018-10-30 08:34 - 001031702 _____ () C:\Users\customerservice\AppData\Local\1057279469803524096.jpg
2018-10-30 13:12 - 2018-10-30 13:12 - 000397123 _____ () C:\Users\customerservice\AppData\Local\1057347563481657344.jpg
2018-10-30 13:31 - 2018-10-30 13:31 - 000869941 _____ () C:\Users\customerservice\AppData\Local\1057354392546828288.jpg
2018-10-30 13:45 - 2018-10-30 13:45 - 000869941 _____ () C:\Users\customerservice\AppData\Local\1057357674375778304.jpg
2018-10-30 15:46 - 2018-10-30 15:46 - 000872981 _____ () C:\Users\customerservice\AppData\Local\1057388208720154624.jpg
2018-10-31 11:55 - 2018-10-31 11:55 - 000699748 _____ () C:\Users\customerservice\AppData\Local\1057692370058067968.jpg
2018-11-05 10:14 - 2018-11-05 10:14 - 000480994 _____ () C:\Users\customerservice\AppData\Local\1059470561705693184.jpg
2018-11-05 10:17 - 2018-11-05 10:17 - 001153453 _____ () C:\Users\customerservice\AppData\Local\1059479655061630976.jpg
2018-11-07 10:15 - 2018-11-07 10:46 - 000129900 _____ () C:\Users\customerservice\AppData\Local\1060203564018950144.jpg
2018-11-12 10:08 - 2018-11-12 10:08 - 000416522 _____ () C:\Users\customerservice\AppData\Local\1062014228349833216.jpg
2018-11-12 11:47 - 2018-11-12 11:47 - 000115410 _____ () C:\Users\customerservice\AppData\Local\1062039051469832192.jpg
2018-11-13 15:49 - 2018-11-13 15:49 - 001018915 _____ () C:\Users\customerservice\AppData\Local\1062462277463240704.jpg
2018-11-13 16:18 - 2018-11-13 16:18 - 000683158 _____ () C:\Users\customerservice\AppData\Local\1062469673195626496.jpg
2018-11-15 15:28 - 2018-11-15 15:28 - 000870668 _____ () C:\Users\customerservice\AppData\Local\1063181957903589376.jpg
2018-11-21 12:45 - 2018-11-21 12:45 - 000867161 _____ () C:\Users\customerservice\AppData\Local\1065315034666864640.jpg
2018-11-27 09:35 - 2018-11-27 09:35 - 000495703 _____ () C:\Users\customerservice\AppData\Local\1067441705012342784.jpg
2018-11-28 07:55 - 2018-11-28 07:55 - 000105284 _____ () C:\Users\customerservice\AppData\Local\1067777001709027328.jpg
2018-11-28 09:16 - 2018-11-28 10:33 - 000982866 _____ () C:\Users\customerservice\AppData\Local\1067798784986255360.jpg
2018-11-28 09:44 - 2018-11-28 10:33 - 000910777 _____ () C:\Users\customerservice\AppData\Local\1067805883971530752.jpg
2018-11-28 12:32 - 2018-11-29 09:04 - 000865935 _____ () C:\Users\customerservice\AppData\Local\1067847430784073728.jpg
2018-11-29 11:40 - 2018-11-29 11:40 - 000528781 _____ () C:\Users\customerservice\AppData\Local\1068198052540583936.jpg
2018-12-03 08:23 - 2018-12-03 08:23 - 000918178 _____ () C:\Users\customerservice\AppData\Local\1069593898456961024.jpg
2018-12-11 09:12 - 2018-12-11 09:12 - 000599890 _____ () C:\Users\customerservice\AppData\Local\1072495780103770112.jpg
2017-10-10 13:41 - 2017-10-10 13:41 - 000352741 _____ () C:\Users\customerservice\AppData\Local\917837557592657920.jpg
2017-11-02 08:18 - 2017-11-02 08:18 - 000845206 _____ () C:\Users\customerservice\AppData\Local\926091002657501184.jpg
2017-11-08 13:59 - 2017-11-08 13:59 - 000881322 _____ () C:\Users\customerservice\AppData\Local\928351051572457472.jpg
2017-11-08 13:59 - 2017-11-08 13:59 - 000763676 _____ () C:\Users\customerservice\AppData\Local\928351183101636608.jpg
2017-11-15 08:43 - 2017-11-15 15:35 - 000762839 _____ () C:\Users\customerservice\AppData\Local\930808277025341440.jpg
2017-11-22 13:40 - 2017-11-22 13:57 - 000223354 _____ () C:\Users\customerservice\AppData\Local\933419769461850112.jpg
2017-12-07 12:13 - 2017-12-07 12:13 - 001015014 _____ () C:\Users\customerservice\AppData\Local\938033667661996032.jpg
2017-12-12 10:42 - 2017-12-12 10:42 - 000642090 _____ () C:\Users\customerservice\AppData\Local\940622550883168256.jpg
2018-01-04 11:48 - 2018-01-04 11:48 - 000898862 _____ () C:\Users\customerservice\AppData\Local\948974136655159296.jpg
2018-03-06 12:57 - 2018-03-06 12:57 - 000566722 _____ () C:\Users\customerservice\AppData\Local\971097283344015360.jpg
2018-03-09 10:05 - 2018-03-09 10:05 - 000343251 _____ () C:\Users\customerservice\AppData\Local\972141170334420992.jpg
2018-03-15 07:59 - 2018-03-15 07:59 - 000918370 _____ () C:\Users\customerservice\AppData\Local\974282547688415232.jpg
2018-03-15 08:52 - 2018-03-15 08:52 - 000619190 _____ () C:\Users\customerservice\AppData\Local\974297096324562944.jpg
2018-03-15 10:42 - 2018-03-15 10:42 - 001033101 _____ () C:\Users\customerservice\AppData\Local\974324777820798976.jpg
2018-03-20 12:21 - 2018-03-20 12:24 - 000355794 _____ () C:\Users\customerservice\AppData\Local\976161751166795776.jpg
2018-03-29 10:12 - 2018-03-29 10:12 - 000273257 _____ () C:\Users\customerservice\AppData\Local\979390073358340096.jpg
2018-04-04 07:34 - 2018-04-04 07:34 - 000926950 _____ () C:\Users\customerservice\AppData\Local\981524584246345728.jpg
2018-04-05 07:13 - 2018-04-05 07:13 - 000806676 _____ () C:\Users\customerservice\AppData\Local\981882255671635968.jpg
2018-04-05 07:14 - 2018-04-05 07:14 - 001028981 _____ () C:\Users\customerservice\AppData\Local\981882334562295808.jpg
2018-04-05 07:16 - 2018-04-05 07:16 - 000965176 _____ () C:\Users\customerservice\AppData\Local\981882400769388544.jpg
2018-04-05 07:19 - 2018-04-05 07:19 - 000791447 _____ () C:\Users\customerservice\AppData\Local\981882720782200832.jpg
2018-04-05 07:17 - 2018-04-05 07:17 - 000782193 _____ () C:\Users\customerservice\AppData\Local\981882750620467200.jpg
2018-04-05 07:20 - 2018-04-05 07:20 - 001038842 _____ () C:\Users\customerservice\AppData\Local\981882776558047232.jpg
2018-04-05 07:20 - 2018-04-05 07:20 - 000781398 _____ () C:\Users\customerservice\AppData\Local\981882941155119104.jpg
2018-04-05 07:21 - 2018-04-05 07:21 - 000949283 _____ () C:\Users\customerservice\AppData\Local\981883016157659136.jpg
2018-04-05 07:22 - 2018-04-05 07:36 - 000882563 _____ () C:\Users\customerservice\AppData\Local\981883179894906880.jpg
2018-04-05 07:22 - 2018-04-05 07:22 - 000884031 _____ () C:\Users\customerservice\AppData\Local\981883239982514176.jpg
2018-04-05 07:29 - 2018-04-05 07:29 - 000918805 _____ () C:\Users\customerservice\AppData\Local\981886159947890688.jpg
2018-04-05 07:30 - 2018-04-05 07:30 - 000990291 _____ () C:\Users\customerservice\AppData\Local\981886677231423488.jpg
2018-04-05 07:34 - 2018-04-05 07:34 - 000901445 _____ () C:\Users\customerservice\AppData\Local\981887324320239616.jpg
2018-04-09 11:49 - 2018-04-09 11:51 - 000508199 _____ () C:\Users\customerservice\AppData\Local\983401208470380544.jpg
2018-04-16 07:11 - 2018-04-16 07:11 - 000487549 _____ () C:\Users\customerservice\AppData\Local\985867787406053376.jpg
2018-04-25 09:26 - 2018-04-25 09:32 - 000823007 _____ () C:\Users\customerservice\AppData\Local\989163679685165056.jpg
2018-04-25 09:54 - 2018-04-25 10:03 - 000882770 _____ () C:\Users\customerservice\AppData\Local\989169692777852928.jpg
2018-04-27 08:34 - 2018-04-27 08:34 - 000494515 _____ () C:\Users\customerservice\AppData\Local\989875275998232576.jpg
2018-04-30 08:13 - 2018-04-30 08:14 - 001034107 _____ () C:\Users\customerservice\AppData\Local\990956724013056000.jpg
2018-04-30 08:13 - 2018-04-30 08:13 - 000773900 _____ () C:\Users\customerservice\AppData\Local\990956812764524544.jpg
2018-05-01 08:26 - 2018-05-01 08:26 - 000847948 _____ () C:\Users\customerservice\AppData\Local\991322607541862400.jpg
2018-05-02 09:06 - 2018-05-02 09:06 - 000996723 _____ () C:\Users\customerservice\AppData\Local\991695401488281600.jpg
2018-05-04 12:49 - 2018-05-04 13:22 - 000878147 _____ () C:\Users\customerservice\AppData\Local\992476023525888000.jpg
2018-05-04 12:53 - 2018-05-04 12:53 - 000812283 _____ () C:\Users\customerservice\AppData\Local\992477247918710784.jpg
2018-05-10 07:14 - 2018-05-10 07:14 - 000795547 _____ () C:\Users\customerservice\AppData\Local\994566170128199680.jpg
2018-05-10 15:54 - 2018-05-10 15:54 - 000817710 _____ () C:\Users\customerservice\AppData\Local\994697252060303360.jpg
2018-05-22 12:47 - 2018-05-22 12:47 - 001025972 _____ () C:\Users\customerservice\AppData\Local\998995902513217536.jpg
2018-05-24 07:09 - 2018-05-24 09:55 - 000241380 _____ () C:\Users\customerservice\AppData\Local\999415695494029312.jpg
2018-05-24 07:00 - 2018-05-24 07:02 - 000497559 _____ () C:\Users\customerservice\AppData\Local\999635597844742144.jpg
2015-03-06 23:09 - 2016-07-27 15:33 - 000841906 _____ () C:\Users\customerservice\AppData\Local\BTServer.log
2021-12-31 09:22 - 2021-12-31 09:22 - 000007634 _____ () C:\Users\customerservice\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2021
Ran by customerservice (08-01-2022 19:20:52)
Running from C:\Users\customerservice\Downloads
Microsoft Windows 10 Home Version 21H1 19043.1415 (X64) (2020-11-27 03:40:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1168067149-1418559455-1623139670-500 - Administrator - Disabled)
customerservice (S-1-5-21-1168067149-1418559455-1623139670-1001 - Administrator - Enabled) => C:\Users\customerservice
DefaultAccount (S-1-5-21-1168067149-1418559455-1623139670-503 - Limited - Disabled)
Guest (S-1-5-21-1168067149-1418559455-1623139670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1168067149-1418559455-1623139670-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1168067149-1418559455-1623139670-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{3138F992-045B-4F55-825C-53B231E647CA}) (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.4.0516.0 - Lenovo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.88 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
Find the Differences (HKLM-x32\...\{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Find the Differences (HKLM-x32\...\InstallShield_{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (HKLM-x32\...\{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Fruits (HKLM-x32\...\{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.71 - Google LLC)
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5107 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.60516 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.60516 - Lenovo)
Lenovo Motion (HKLM-x32\...\{27499255-BA4B-48ED-A32B-12D297B2EF25}) (Version: 04.07.00.05275 - PointGrab) Hidden
Lenovo Motion (HKLM-x32\...\InstallShield_{27499255-BA4B-48ED-A32B-12D297B2EF25}) (Version: 04.07.00.05275 - PointGrab)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.0.197 - Stoneware, Inc.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-1168067149-1418559455-1623139670-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.9 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0092 - Lenovo)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10275 - Realtek Semiconductor Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.10.26.0 - Lenovo Group Ltd.)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.5225 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.5225 - CyberLink Corp.)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.01.0429 - Lenovo)
Mammals (HKLM-x32\...\{33492EF5-7931-45B9-B74F-E4A99068B7C9}) (Version: 1.20.2014.0509 - Tong child Research & Planning Co.,Ltd)
Matching Roles (HKLM-x32\...\{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.55 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.5389.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1168067149-1418559455-1623139670-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 95.0.2 (x64 en-US)) (Version: 95.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5389.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5389.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5389.1000 - Microsoft Corporation) Hidden
Puzzle (HKLM-x32\...\{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.810.812.042214 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29073 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek Wireless LAN Adapter Software (HKLM-x32\...\{E462B252-195B-47EA-98E2-BAC3C2DF7D37}) (Version: 11.00.0056.0 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.243 - REALTEK Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Speedtest by Ookla (HKLM\...\{2F376A46-C44C-4500-8CF3-1086F7000AF9}) (Version: 1.4.53.001 - Ookla)
sudoku (HKLM-x32\...\{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1058 - SUPERAntiSpyware.com)
timer (HKLM-x32\...\{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WebPrint (HKLM-x32\...\WebPrint) (Version:  - )
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-06-13] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.208.400.0_x86__kgqvnymyfvs32 [2021-12-08] (king.com)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2022-01-07] (eBay, Inc)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.27.5.0_x86__q4d96b2w5wcc2 [2021-12-14] (Evernote)
FishingJoy -> C:\Program Files\WindowsApps\E0469640.FishingJoy_1.0.1.0_x86__5grkq8ppsgwt4 [2020-06-13] (LENOVO INC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6 [2021-12-14] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-10-29] (Apple Inc.) [Startup Task]
Lanier Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.LanierDriverUtility_4.7.0.0_x86__fxme7667cy4q4 [2021-03-24] (Ricoh Company, Ltd.)
Lenovo Dress-up -> C:\Program Files\WindowsApps\E0469640.MagicDressup_1.0.1.39_x64__5grkq8ppsgwt4 [2020-06-13] (LENOVO INC)
Lenovo Forest Adventure -> C:\Program Files\WindowsApps\E0469640.JungleMobilization_1.0.1.84_x64__5grkq8ppsgwt4 [2020-06-13] (LENOVO INC)
Lenovo Support -> C:\Program Files\WindowsApps\E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8 [2020-06-13] (Lenovo, INC.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2112.10.0_x64__k1h2ywk1493x8 [2021-12-28] (LENOVO INC.)
Live TV -> C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716 [2020-06-13] (FilmOn TV Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-06-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2020-06-13] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2020-06-13] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2020-06-13] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-05] (Microsoft Corporation)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2021-10-01] (Ookla)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2021-10-01] (Matt Hafner)
YouCam for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.YouCamforLenovoIdea_1.0.3624.30505_x86__hgg5mn3xps74a [2020-06-13] (CYBERLINK COM CORPORATION)
YouSendIt for Lenovo -> C:\Program Files\WindowsApps\YouSendIt.YouSendItForLenovo_1.0.5.1412_neutral__069rkrpjefrbc [2020-06-13] (YouSendIt)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2020-06-13] (Zinio LLC)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1168067149-1418559455-1623139670-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\9.0\NPShellExtension64.dll [2013-12-12] (Nitro PDF Software -> Nitro PDF)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\customerservice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\cdf2bfb41418ba7\TickTick - Todo & Task List.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=diankknpkndanachmlckaikddgcehkod
 
==================== Loaded Modules (Whitelisted) =============
 
2014-07-31 09:31 - 2011-05-17 14:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll
2015-06-16 15:36 - 2011-08-05 18:11 - 000034304 _____ () [File not signed] C:\WINDOWS\System32\sxr2mlm.dll
2011-08-05 06:52 - 2011-08-05 06:52 - 000034304 _____ () [File not signed] C:\WINDOWS\System32\sxr2xlm.dll
2019-03-22 11:19 - 2018-08-27 06:39 - 006009856 _____ (Bicom Systems) [File not signed] C:\WINDOWS\System32\glocom3_fax.dll
2009-09-16 17:44 - 2009-09-16 17:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 10:44 - 2009-09-16 10:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2021-12-14 19:52 - 2021-12-14 19:53 - 116802560 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6\HP.Smart.dll
2021-11-01 17:58 - 2021-11-01 17:58 - 007170048 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
2021-07-08 17:04 - 2021-07-08 17:04 - 005172224 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\Speech_OneCore\Common\sapi_onecore.dll
2015-06-16 15:36 - 2012-11-07 18:58 - 000114688 _____ (Windows ® Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\xp3315pp.dll
2015-06-16 15:36 - 2012-11-06 14:48 - 000037376 _____ (Windows ® Server 2003 DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\sxr2mpc.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1168067149-1418559455-1623139670-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
HKU\S-1-5-21-1168067149-1418559455-1623139670-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1168067149-1418559455-1623139670-1001\...\pestpac.com -> hxxps://classic.pestpac.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2018-12-03 07:50 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-1168067149-1418559455-1623139670-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\customerservice\Downloads\real-hot-mermaid.jpg
DNS Servers: 24.48.160.2 - 24.48.160.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Lenovo Motion.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "CDAServer"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "DSCRun"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-1168067149-1418559455-1623139670-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1168067149-1418559455-1623139670-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1168067149-1418559455-1623139670-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BCC16A2D-D80A-4FC7-BBC2-566B59A6BDC0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{F384D2E1-D271-4E19-9A45-11182B2D7993}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{5510F913-BEAC-4B7F-8C79-710D4B8F0B86}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{266C9D37-FA2A-4BA8-9902-6F740406C3C1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{09E900DD-36D8-436A-8703-3E953A1EEA1D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7D0321DD-FFEF-4C25-A58A-08D846345E8C}] => (Allow) C:\Users\customerservice\AppData\Local\Temp\7zS4845\HP.EasyStart.exe => No File
FirewallRules: [TCP Query User{1796E9B8-A0ED-453E-BAC4-5E5B8FCACB58}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{A7FD3486-511B-43E4-8116-5EF64079D0C8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BB5465F2-F838-4327-A3FB-8493B6AE0196}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CE71B3DB-5F23-4E85-963B-1B2A360FC785}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D6D5D3C6-BD71-4037-A997-BCBE76405BB2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{78039008-0D61-49D4-9211-73FA65AD365C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1EAE35DA-41CF-485E-8C4C-6779773ABCCB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3C0879A6-287E-4059-88AC-2AB6D0A8B664}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ABB50EAC-0F5D-4411-A128-2A61E64C6663}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B7669D21-AE43-48A9-99CE-670BA951E63E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C8E7D641-0681-4004-A599-97B8D5241759}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{145B075D-13DB-4BC2-8634-2F91ABC9BC40}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{34599229-A89E-43BA-B27C-4FD15A2FA8EC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7A1B53E6-8997-4EA7-BD54-279A23D3E0CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7F523E59-1589-4A47-93E8-365410D462AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
02-01-2022 11:08:20 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (01/08/2022 07:56:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\upnp.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\System32\upnp.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000242
Disk type: 3
 
Error: (01/08/2022 07:56:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000006
Fault offset: 0x0000000000030f64
Faulting process id: 0x18bc
Faulting application start time: 0x01d804fc21e46ddb
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 6fa220d2-2ce1-4806-816c-bc43b274b3d6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/08/2022 07:54:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\upnp.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\System32\upnp.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000242
Disk type: 3
 
Error: (01/08/2022 07:54:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000006
Fault offset: 0x0000000000030f64
Faulting process id: 0x2818
Faulting application start time: 0x01d804fbda55d3a0
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: bbcffce2-3b56-4382-9417-7d17d761e302
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/08/2022 07:52:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000005
Fault offset: 0x00000000000a0bf9
Faulting process id: 0xe10
Faulting application start time: 0x01d804fb92c74c46
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e44f79f4-9d61-460d-afb6-5516d3bdeeee
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/08/2022 07:50:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\upnp.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\System32\upnp.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000242
Disk type: 3
 
Error: (01/08/2022 07:50:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000006
Fault offset: 0x0000000000030f64
Faulting process id: 0x11f0
Faulting application start time: 0x01d804fb4b365345
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: fab50758-44a5-49c5-ac87-e8cb5ac55789
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/08/2022 07:48:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\upnp.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\System32\upnp.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000242
Disk type: 3
 
 
System errors:
=============
Error: (01/08/2022 07:56:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 23 time(s).
 
Error: (01/08/2022 07:56:35 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
 
Error: (01/08/2022 07:54:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 22 time(s).
 
Error: (01/08/2022 07:54:35 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {659CDEA7-489E-11D9-A9CD-000D56965251} did not register with DCOM within the required timeout.
 
Error: (01/08/2022 07:52:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 21 time(s).
 
Error: (01/08/2022 07:52:35 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {F087771F-D74F-4C1A-BB8A-E16ACA9124EA} did not register with DCOM within the required timeout.
 
Error: (01/08/2022 07:50:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 20 time(s).
 
Error: (01/08/2022 07:50:35 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: The server {659CDEA7-489E-11D9-A9CD-000D56965251} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2022-01-08 13:25:29
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-08 13:16:35
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-08 12:53:32
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-08 12:40:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-01-08 09:27:31
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2022-01-07 17:53:14
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2022-01-07 17:39:26
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2022-01-01 16:10:32
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2022-01-01 15:34:41
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2021-11-23 17:20:20
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
==================== Memory info =========================== 
 
BIOS: LENOVO O0CKT16AUS 05/13/2014
Motherboard: LENOVO HASWELLREFRESHDT
Processor: Intel® Core™ i3-4160T CPU @ 3.10GHz
Percentage of memory in use: 24%
Total physical RAM: 16301.2 MB
Available physical RAM: 12348.15 MB
Total Virtual: 17325.2 MB
Available Virtual: 13069.09 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:856.9 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{39b73aff-cf83-4572-a3d6-495acb04763d}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.62 GB) NTFS
\\?\Volume{334835b7-703b-4ca3-91e6-4f0ba1e43de0}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:11.73 GB) NTFS
\\?\Volume{0a52b5cb-b8f2-4e6b-89e6-9eae1ae23a04}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4103829F)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#24
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
  • Highlight the entire content of the quote box below.

Start:: 
SystemRestore: On 
CreateRestorePoint: 
CloseProcesses: 
Startpowershell:
 # Determine if Secure Boot is enabled or not
  $SBS=Confirm-SecureBootUEFI
  echo "Secure Boot Status: $SBS" 
 
  # Function Get-Drive by Raghu Dodda from stackoverflow
  function Get-Drive {
  
    foreach($disk in Get-CimInstance Win32_Diskdrive) {
  
      $diskMetadata = Get-Disk | Where-Object { $_.Number -eq $disk.Index } | Select-Object -First 1
  
      $partitions = Get-CimAssociatedInstance -ResultClassName Win32_DiskPartition -InputObject $disk
  
      foreach($partition in $partitions) {
  
        $drives = Get-CimAssociatedInstance -ResultClassName Win32_LogicalDisk -InputObject $partition
  
        foreach($drive in $drives) {
  
          $totalSpace = [math]::Round($drive.Size / 1GB, 3)
          $freeSpace  = [math]::Round($drive.FreeSpace / 1GB, 3)
          $usedSpace  = [math]::Round($totalSpace - $freeSpace, 3)
  
          $volume     = Get-Volume |
                        Where-Object { $_.DriveLetter -eq $drive.DeviceID.Trim(":") } |
                        Select-Object -First 1
  
          [PSCustomObject] @{
                              DriveLetter   = $drive.DeviceID
                              Number        = $disk.Index
  
                              Label         = $volume.FileSystemLabel
                              Manufacturer  = $diskMetadata.Manufacturer
                              Model         = $diskMetadata.Model
                              SerialNumber  = $diskMetadata.SerialNumber.Trim() 
                              Name          = $disk.Caption
  
                              FileSystem    = $volume.FileSystem
                              PartitionKind = $diskMetadata.PartitionStyle
  
                              TotalSpace    = $totalSpace
                              FreeSpace     = $freeSpace
                              UsedSpace     = $usedSpace
  
                              Drive         = $drive
                              Partition     = $partition
                              Disk          = $disk
          }
  
        }
      }
    }
  }
  
  Get-Drive | Sort -Property DriveLetter | Format-List
Endpowershell:
Startpowershell:
get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-file "$env:userprofile\Desktop\CHKDSKResults.txt"
Endpowershell:
CMD: Type %userprofile%\Desktop\CHKDSKResults.txt
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] 
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] 
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] 
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found 
S3 AppleKmdfFilter; \SystemRoot\System32\drivers\AppleKmdfFilter.sys [X] 
S3 AppleLowerFilter; \SystemRoot\System32\drivers\AppleLowerFilter.sys [X] 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION 
Task: {000D3822-5246-48C5-80A7-056475DCFEEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION 
Task: {03C56F68-AB18-4303-9099-499A310CFA10} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION 
Task: {05C420AC-D6E7-4960-8EAE-9D76F7BCBB39} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION 
Task: {05F69063-9E05-4AD0-BB3F-7432B6CC3469} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {1155BD0F-2583-435D-A981-DA5E2AA37436} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION 
Task: {184E9436-65FD-4C7F-91C4-0309E21F1491} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION 
Task: {20A37501-0E20-4ED4-9967-07DAE3013F99} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION 
Task: {4432FAEA-EB32-4C06-A656-EAD35869C8DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION 
Task: {69FEED23-F89C-4941-8B08-86167CDD9A3E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION 
Task: {6C9D8729-5D28-4B7F-B826-0992ED4E38E9} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION 
Task: {7819A85D-D55E-4005-B7AA-8315CD13267E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION 
Task: {94B1D677-D691-42F8-805A-208B065E631E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION 
Task: {AE9D377D-074C-495E-AC7D-960A3B522B72} - \WPD\SqmUpload_S-1-5-21-1168067149-1418559455-1623139670-1001 -> No File <==== ATTENTION 
Task: {B47378CA-0DB0-4F99-9544-B40A3C5C1A6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION 
Task: {B77FAA68-E9F4-435D-82DC-4C028ADEFB58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION 
Task: {C2A2CE6B-EE81-4153-B214-B02C7B10C6CB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION 
Task: {CD54645E-AF5A-4F97-BBB2-35F2603E97F6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION 
Task: {CF46A063-1511-4D0E-8840-212603E34C9B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION 
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (No File) 
Task: {000D3822-5246-48C5-80A7-056475DCFEEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION 
Task: {03C56F68-AB18-4303-9099-499A310CFA10} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION 
Task: {05C420AC-D6E7-4960-8EAE-9D76F7BCBB39} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION 
Task: {05F69063-9E05-4AD0-BB3F-7432B6CC3469} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {09E4FB88-3387-4BB2-A758-87A8E22DCDF1} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (No File) 
Task: {1155BD0F-2583-435D-A981-DA5E2AA37436} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION 
Task: {184E9436-65FD-4C7F-91C4-0309E21F1491} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION 
Task: {185CD1E4-DD2D-4AAF-AB0D-E93D3642209F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File) 
Task: {20A37501-0E20-4ED4-9967-07DAE3013F99} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION 
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File) 
Task: {3B63D030-AC55-4665-9001-84DD8D238E44} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe (No File) 
Task: {4432FAEA-EB32-4C06-A656-EAD35869C8DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION 
Task: {69FEED23-F89C-4941-8B08-86167CDD9A3E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION 
Task: {6C9D8729-5D28-4B7F-B826-0992ED4E38E9} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION 
Task: {7819A85D-D55E-4005-B7AA-8315CD13267E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION 
Task: {94B1D677-D691-42F8-805A-208B065E631E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION 
Task: {991B6EBC-0923-4C82-AFF5-3CD5F8BBACB4} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File) 
Task: {AA1AF704-E393-47D2-8AA8-61A8235E604C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No File) 
Task: {AE9D377D-074C-495E-AC7D-960A3B522B72} - \WPD\SqmUpload_S-1-5-21-1168067149-1418559455-1623139670-1001 -> No File <==== ATTENTION 
Task: {B47378CA-0DB0-4F99-9544-B40A3C5C1A6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION 
Task: {B77FAA68-E9F4-435D-82DC-4C028ADEFB58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION 
Task: {C2A2CE6B-EE81-4153-B214-B02C7B10C6CB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION 
Task: {C8F62D32-1E9B-4258-96A7-FA06C62768FD} - System32\Tasks\Pokki => C:\Users\customerservice\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe /LOGON (No File) 
Task: {CD54645E-AF5A-4F97-BBB2-35F2603E97F6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION 
Task: {CF46A063-1511-4D0E-8840-212603E34C9B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION 
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File] 
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File] 
CustomCLSID: HKU\S-1-5-21-1168067149-1418559455-1623139670-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File 
FirewallRules: [{7D0321DD-FFEF-4C25-A58A-08D846345E8C}] => (Allow) C:\Users\customerservice\AppData\Local\Temp\7zS4845\HP.EasyStart.exe => No File 
FirewallRules: [{7D0321DD-FFEF-4C25-A58A-08D846345E8C}] => (Allow) C:\Users\customerservice\AppData\Local\Temp\7zS4845\HP.EasyStart.exe => No File 
FirewallRules: [{7D0321DD-FFEF-4C25-A58A-08D846345E8C}] => (Allow) C:\Users\customerservice\AppData\Local\Temp\7zS4845\HP.EasyStart.exe => No File 
CMD: "C:\WINDOWS\SYSTEM32\lodctr.exe" /R  
CMD: "C:\WINDOWS\SysWOW64\lodctr.exe" /R  
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R  
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R  
CMD: fltmc instances 
CMD: netsh advfirewall reset 
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog 
CMD: netsh int ip reset C:\resettcpip.txt 
CMD: Bitsadmin /Reset /Allusers 
C:\Windows\Temp\*.* 
C:\WINDOWS\system32\*.tmp 
C:\WINDOWS\syswow64\*.tmp 
EMPTYTEMP: 
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply
 
Open FRST. Type the following in the dialog box, next to search.
 
upnp.dll
 
Click on the search Files button. A log will be produced in the same location FRST was ran. Please Post its contents in your next reply.


  • 0

#25
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-12-2021
Ran by customerservice (09-01-2022 07:44:32) Run:1
Running from C:\Users\customerservice\Desktop
Loaded Profiles: customerservice
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
SystemRestore: On 
CreateRestorePoint: 
CloseProcesses: 
Startpowershell:
 # Determine if Secure Boot is enabled or not
  $SBS=Confirm-SecureBootUEFI
  echo "Secure Boot Status: $SBS" 
 
  # Function Get-Drive by Raghu Dodda from stackoverflow
  function Get-Drive {
  
    foreach($disk in Get-CimInstance Win32_Diskdrive) {
  
      $diskMetadata = Get-Disk | Where-Object { $_.Number -eq $disk.Index } | Select-Object -First 1
  
      $partitions = Get-CimAssociatedInstance -ResultClassName Win32_DiskPartition -InputObject $disk
  
      foreach($partition in $partitions) {
  
        $drives = Get-CimAssociatedInstance -ResultClassName Win32_LogicalDisk -InputObject $partition
  
        foreach($drive in $drives) {
  
          $totalSpace = [math]::Round($drive.Size / 1GB, 3)
          $freeSpace  = [math]::Round($drive.FreeSpace / 1GB, 3)
          $usedSpace  = [math]::Round($totalSpace - $freeSpace, 3)
  
          $volume     = Get-Volume |
                        Where-Object { $_.DriveLetter -eq $drive.DeviceID.Trim(":") } |
                        Select-Object -First 1
  
          [PSCustomObject] @{
                              DriveLetter   = $drive.DeviceID
                              Number        = $disk.Index
  
                              Label         = $volume.FileSystemLabel
                              Manufacturer  = $diskMetadata.Manufacturer
                              Model         = $diskMetadata.Model
                              SerialNumber  = $diskMetadata.SerialNumber.Trim() 
                              Name          = $disk.Caption
  
                              FileSystem    = $volume.FileSystem
                              PartitionKind = $diskMetadata.PartitionStyle
  
                              TotalSpace    = $totalSpace
                              FreeSpace     = $freeSpace
                              UsedSpace     = $usedSpace
  
                              Drive         = $drive
                              Partition     = $partition
                              Disk          = $disk
          }
  
        }
      }
    }
  }
  
  Get-Drive | Sort -Property DriveLetter | Format-List
Endpowershell:
Startpowershell:
get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-file "$env:userprofile\Desktop\CHKDSKResults.txt"
Endpowershell:
CMD: Type %userprofile%\Desktop\CHKDSKResults.txt
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] 
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] 
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] 
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found 
S3 AppleKmdfFilter; \SystemRoot\System32\drivers\AppleKmdfFilter.sys [X] 
S3 AppleLowerFilter; \SystemRoot\System32\drivers\AppleLowerFilter.sys [X] 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION 
Task: {000D3822-5246-48C5-80A7-056475DCFEEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION 
Task: {03C56F68-AB18-4303-9099-499A310CFA10} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION 
Task: {05C420AC-D6E7-4960-8EAE-9D76F7BCBB39} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION 
Task: {05F69063-9E05-4AD0-BB3F-7432B6CC3469} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {1155BD0F-2583-435D-A981-DA5E2AA37436} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION 
Task: {184E9436-65FD-4C7F-91C4-0309E21F1491} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION 
Task: {20A37501-0E20-4ED4-9967-07DAE3013F99} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION 
Task: {4432FAEA-EB32-4C06-A656-EAD35869C8DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION 
Task: {69FEED23-F89C-4941-8B08-86167CDD9A3E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION 
Task: {6C9D8729-5D28-4B7F-B826-0992ED4E38E9} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION 
Task: {7819A85D-D55E-4005-B7AA-8315CD13267E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION 
Task: {94B1D677-D691-42F8-805A-208B065E631E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION 
Task: {AE9D377D-074C-495E-AC7D-960A3B522B72} - \WPD\SqmUpload_S-1-5-21-1168067149-1418559455-1623139670-1001 -> No File <==== ATTENTION 
Task: {B47378CA-0DB0-4F99-9544-B40A3C5C1A6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION 
Task: {B77FAA68-E9F4-435D-82DC-4C028ADEFB58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION 
Task: {C2A2CE6B-EE81-4153-B214-B02C7B10C6CB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION 
Task: {CD54645E-AF5A-4F97-BBB2-35F2603E97F6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION 
Task: {CF46A063-1511-4D0E-8840-212603E34C9B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION 
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (No File) 
Task: {000D3822-5246-48C5-80A7-056475DCFEEF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION 
Task: {03C56F68-AB18-4303-9099-499A310CFA10} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION 
Task: {05C420AC-D6E7-4960-8EAE-9D76F7BCBB39} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION 
Task: {05F69063-9E05-4AD0-BB3F-7432B6CC3469} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {09E4FB88-3387-4BB2-A758-87A8E22DCDF1} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (No File) 
Task: {1155BD0F-2583-435D-A981-DA5E2AA37436} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION 
Task: {184E9436-65FD-4C7F-91C4-0309E21F1491} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION 
Task: {185CD1E4-DD2D-4AAF-AB0D-E93D3642209F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File) 
Task: {20A37501-0E20-4ED4-9967-07DAE3013F99} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION 
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File) 
Task: {3B63D030-AC55-4665-9001-84DD8D238E44} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe (No File) 
Task: {4432FAEA-EB32-4C06-A656-EAD35869C8DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION 
Task: {69FEED23-F89C-4941-8B08-86167CDD9A3E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION 
Task: {6C9D8729-5D28-4B7F-B826-0992ED4E38E9} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION 
Task: {7819A85D-D55E-4005-B7AA-8315CD13267E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION 
Task: {94B1D677-D691-42F8-805A-208B065E631E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION 
Task: {991B6EBC-0923-4C82-AFF5-3CD5F8BBACB4} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File) 
Task: {AA1AF704-E393-47D2-8AA8-61A8235E604C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No File) 
Task: {AE9D377D-074C-495E-AC7D-960A3B522B72} - \WPD\SqmUpload_S-1-5-21-1168067149-1418559455-1623139670-1001 -> No File <==== ATTENTION 
Task: {B47378CA-0DB0-4F99-9544-B40A3C5C1A6C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION 
Task: {B77FAA68-E9F4-435D-82DC-4C028ADEFB58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION 
Task: {C2A2CE6B-EE81-4153-B214-B02C7B10C6CB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION 
Task: {C8F62D32-1E9B-4258-96A7-FA06C62768FD} - System32\Tasks\Pokki => C:\Users\customerservice\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe /LOGON (No File) 
Task: {CD54645E-AF5A-4F97-BBB2-35F2603E97F6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION 
Task: {CF46A063-1511-4D0E-8840-212603E34C9B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION 
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File] 
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File] 
CustomCLSID: HKU\S-1-5-21-1168067149-1418559455-1623139670-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File 
FirewallRules: [{7D0321DD-FFEF-4C25-A58A-08D846345E8C}] => (Allow) C:\Users\customerservice\AppData\Local\Temp\7zS4845\HP.EasyStart.exe => No File 
FirewallRules: [{7D0321DD-FFEF-4C25-A58A-08D846345E8C}] => (Allow) C:\Users\customerservice\AppData\Local\Temp\7zS4845\HP.EasyStart.exe => No File 
FirewallRules: [{7D0321DD-FFEF-4C25-A58A-08D846345E8C}] => (Allow) C:\Users\customerservice\AppData\Local\Temp\7zS4845\HP.EasyStart.exe => No File 
CMD: "C:\WINDOWS\SYSTEM32\lodctr.exe" /R  
CMD: "C:\WINDOWS\SysWOW64\lodctr.exe" /R  
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R  
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R  
CMD: fltmc instances 
CMD: netsh advfirewall reset 
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog 
CMD: netsh int ip reset C:\resettcpip.txt 
CMD: Bitsadmin /Reset /Allusers 
C:\Windows\Temp\*.* 
C:\WINDOWS\system32\*.tmp 
C:\WINDOWS\syswow64\*.tmp 
EMPTYTEMP: 
 
*****************
 
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
 
========= Powershell: =========
 
Secure Boot Status: True
 
 
DriveLetter   : C:
Number        : 0
Label         : Windows8_OS
Manufacturer  : 
Model         : WDC WD10EZEX-08M2NA0
SerialNumber  : WD-WMC3F2794154
Name          : WDC WD10EZEX-08M2NA0
FileSystem    : NTFS
PartitionKind : GPT
TotalSpace    : 905.254
FreeSpace     : 856.898
UsedSpace     : 48.356
Drive         : Win32_LogicalDisk: C: (DeviceID = "C:")
Partition     : Win32_DiskPartition: Disk #0, Partition #3 (DeviceID = "Disk #0, Partition #3")
Disk          : Win32_DiskDrive: WDC WD10EZEX-08M2NA0 (DeviceID = "\\.\PHYSICALDRIVE0")
 
 
 
 
========= End of Powershell: =========
 
 
========= Powershell: =========
 
 
========= End of Powershell: =========
 
 
========= Type %userprofile%\Desktop\CHKDSKResults.txt =========
 
 
 
TimeCreated : 1/4/2022 6:50:23 PM
Message     : 
              
              Checking file system on C:
              The type of the file system is NTFS.
              Volume label is Windows8_OS.
              
              
              A disk check has been scheduled.
              Windows will now check the disk.                         
              
              Stage 1: Examining basic file system structure ...
              The USA check value, 0x7e, at block 0x1 is incorrect.
              The expected value is 0x4.
              The multi-sector header signature in file 0x250ec is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 250EC.
              The USA check value, 0x39, at block 0x1 is incorrect.
              The expected value is 0x4.
              The multi-sector header signature in file 0x250ed is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 250ED.
              The USA check value, 0x36, at block 0x1 is incorrect.
              The expected value is 0x4.
              The multi-sector header signature in file 0x250ee is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 250EE.
              The USA check value, 0x6e, at block 0x1 is incorrect.
              The expected value is 0x4.
              The multi-sector header signature in file 0x250ef is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 250EF.
              The USA check value, 0x0, at block 0x1 is incorrect.
              The expected value is 0x8e.
              The multi-sector header signature in file 0x6c6b4 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6B4.
              The USA check value, 0x9999, at block 0x1 is incorrect.
              The expected value is 0x57.
              The multi-sector header signature in file 0x6c6b5 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6B5.
              The USA check value, 0x0, at block 0x1 is incorrect.
              The expected value is 0x8e.
              The multi-sector header signature in file 0x6c6b7 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6B7.
              The USA check value, 0x9999, at block 0x1 is incorrect.
              The expected value is 0x60.
              The multi-sector header signature in file 0x6c6d1 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6D1.
              The USA check value, 0x0, at block 0x1 is incorrect.
              The expected value is 0x3.
              The multi-sector header signature in file 0x6c6d2 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6D2.
              The USA check value, 0x9999, at block 0x1 is incorrect.
              The expected value is 0x60.
              The multi-sector header signature in file 0x6c6d3 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6D3.
              The USA check value, 0x0, at block 0x1 is incorrect.
              The expected value is 0x9.
              The multi-sector header signature in file 0x6c6fc is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6FC.
              The USA check value, 0x2e, at block 0x1 is incorrect.
              The expected value is 0x11.
              The multi-sector header signature in file 0x6c6fd is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6FD.
              The USA check value, 0x0, at block 0x1 is incorrect.
              The expected value is 0x9.
              The multi-sector header signature in file 0x6c6ff is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6FF.
                753152 file records processed.                                                        
              
              File verification completed.
               Phase duration (File record verification): 8.91 minutes.
              Deleting orphan file record segment 6C6F8.
              Deleting orphan file record segment 6C6F9.
              Deleting orphan file record segment 6C6FA.
              Deleting orphan file record segment 6C6FB.
                20530 large file records processed.                                   
              
               Phase duration (Orphan file record recovery): 0.00 milliseconds.
                0 bad file records processed.                                     
              
               Phase duration (Bad file record checking): 2.15 milliseconds.
              
              Stage 2: Examining file name linkage ...
              The reparse point index entry in file 0x1a points to file 0x6c6fd
              but the file has no reparse point in it.
              Deleting an index entry from index $R of file 1A.
                93783 reparse records processed.                                      
              
              Index entry 00000000000844B6 of index $I30 in file 0x1e points to unused file 0x6c6fa.
              Deleting index entry 00000000000844B6 in index $I30 of file 1E.
              Index entry 00000000000844F9 of index $I30 in file 0x1e points to unused file 0x6c6b7.
              Deleting index entry 00000000000844F9 in index $I30 of file 1E.
              Index entry 00000000000844FC of index $I30 in file 0x1e points to unused file 0x6c6b4.
              Deleting index entry 00000000000844FC in index $I30 of file 1E.
              Index entry MI0C21~1.MUM of index $I30 in file 0xbd07 points to unused file 0x250ec.
              Deleting index entry MI0C21~1.MUM in index $I30 of file BD07.
              Index entry MI7DC2~1.MUM of index $I30 in file 0xbd07 points to unused file 0x250ee.
              Deleting index entry MI7DC2~1.MUM in index $I30 of file BD07.
              Index entry Microsoft-NanoServer-Licensing-Package~31bf3856ad364e35~amd64~lv-LV~10.0.19041.906.mum of 
              index $I30 in file 0xbd07 points to unused file 0x250ed.
              Deleting index entry 
              Microsoft-NanoServer-Licensing-Package~31bf3856ad364e35~amd64~lv-LV~10.0.19041.906.mum in index $I30 of 
              file BD07.
              Index entry 
              Microsoft-Windows-Client-Desktop-Required-Package0112~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1387.mum 
              of index $I30 in file 0xbd07 points to unused file 0x250ee.
              Deleting index entry 
              Microsoft-Windows-Client-Desktop-Required-Package0112~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1387.mum 
              in index $I30 of file BD07.
              Index entry 
              Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~pl-PL~10.0.19041.1266.mum of index 
              $I30 in file 0xbd07 points to unused file 0x250ec.
              Deleting index entry 
              Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~pl-PL~10.0.19041.1266.mum in index 
              $I30 of file BD07.
              Index entry 
              Microsoft-Windows-EditionSpecific-StarterN-Package~31bf3856ad364e35~amd64~nl-NL~10.0.19041.423.mum of 
              index $I30 in file 0xbd07 points to unused file 0x250ef.
              Deleting index entry 
              Microsoft-Windows-EditionSpecific-StarterN-Package~31bf3856ad364e35~amd64~nl-NL~10.0.19041.423.mum in 
              index $I30 of file BD07.
              Index entry MID5D4~1.MUM of index $I30 in file 0xbd07 points to unused file 0x250ed.
              Deleting index entry MID5D4~1.MUM in index $I30 of file BD07.
              Index entry MIDC56~1.MUM of index $I30 in file 0xbd07 points to unused file 0x250ef.
              Deleting index entry MIDC56~1.MUM in index $I30 of file BD07.
              Index entry FI2A0B~1.ODL of index $I30 in file 0x19cc6 points to unused file 0x6c6d0.
              Deleting index entry FI2A0B~1.ODL in index $I30 of file 19CC6.
              The file reference 0x2c00000006c6b6 of index entry 206095~1.LOG of index $I30
              with parent 0x245c0 is not the same as 0x2d00000006c6b6.
              Deleting index entry 206095~1.LOG in index $I30 of file 245C0.
              The file reference 0x900000006c6fe of index entry MICROS~1.SWA of index $I30
              with parent 0x35d41 is not the same as 0xa00000006c6fe.
              Deleting index entry MICROS~1.SWA in index $I30 of file 35D41.
              Index entry wirelessdisplay.adml of index $I30 in file 0x372d0 points to unused file 0x6c6f9.
              Deleting index entry wirelessdisplay.adml in index $I30 of file 372D0.
              Index entry WIRELE~1.ADM of index $I30 in file 0x372d0 points to unused file 0x6c6f9.
              Deleting index entry WIRELE~1.ADM in index $I30 of file 372D0.
              Index entry wirelessdisplay.adml of index $I30 in file 0x372e1 points to unused file 0x6c6ff.
              Deleting index entry wirelessdisplay.adml in index $I30 of file 372E1.
              Index entry WIRELE~1.ADM of index $I30 in file 0x372e1 points to unused file 0x6c6ff.
              Deleting index entry WIRELE~1.ADM in index $I30 of file 372E1.
              Index entry wirelessdisplay.adml of index $I30 in file 0x3731b points to unused file 0x6c6f8.
              Deleting index entry wirelessdisplay.adml in index $I30 of file 3731B.
              Index entry WIRELE~1.ADM of index $I30 in file 0x3731b points to unused file 0x6c6f8.
              Deleting index entry WIRELE~1.ADM in index $I30 of file 3731B.
              Index entry wirelessdisplay.adml of index $I30 in file 0x37350 points to unused file 0x6c6fb.
              Deleting index entry wirelessdisplay.adml in index $I30 of file 37350.
              Index entry WIRELE~1.ADM of index $I30 in file 0x37350 points to unused file 0x6c6fb.
              Deleting index entry WIRELE~1.ADM in index $I30 of file 37350.
              Index entry wirelessdisplay.adml of index $I30 in file 0x37358 points to unused file 0x6c6fc.
              Deleting index entry wirelessdisplay.adml in index $I30 of file 37358.
              Index entry WIRELE~1.ADM of index $I30 in file 0x37358 points to unused file 0x6c6fc.
              Deleting index entry WIRELE~1.ADM in index $I30 of file 37358.
              Index entry MI4905~1.CAT of index $I30 in file 0x3b3ec points to unused file 0x6c6fd.
              Deleting index entry MI4905~1.CAT in index $I30 of file 3B3EC.
              Index entry Microsoft-Windows-WindowsAppCompat-Package~31bf3856ad364e35~amd64~lv-LV~10.0.19041.1151.cat 
              of index $I30 in file 0x3b3ec points to unused file 0x6c6fd.
              Deleting index entry 
              Microsoft-Windows-WindowsAppCompat-Package~31bf3856ad364e35~amd64~lv-LV~10.0.19041.1151.cat in index 
              $I30 of file 3B3EC.
              Index entry wintypes.dll.mui of index $I30 in file 0x4070a points to unused file 0x6c6d1.
              Deleting index entry wintypes.dll.mui in index $I30 of file 4070A.
              Index entry WINTYP~1.MUI of index $I30 in file 0x4070a points to unused file 0x6c6d1.
              Deleting index entry WINTYP~1.MUI in index $I30 of file 4070A.
              Index entry wintypes.dll.mui of index $I30 in file 0x4084c points to unused file 0x6c6d3.
              Deleting index entry wintypes.dll.mui in index $I30 of file 4084C.
              Index entry WINTYP~1.MUI of index $I30 in file 0x4084c points to unused file 0x6c6d3.
              Deleting index entry WINTYP~1.MUI in index $I30 of file 4084C.
              Index entry wintypes.dll.mui of index $I30 in file 0x40907 points to unused file 0x6c6b5.
              Deleting index entry wintypes.dll.mui in index $I30 of file 40907.
              Index entry WINTYP~1.MUI of index $I30 in file 0x40907 points to unused file 0x6c6b5.
              Deleting index entry WINTYP~1.MUI in index $I30 of file 40907.
              Index entry SecureBlackbox.HTTP.dll of index $I30 in file 0x6c525 points to unused file 0x6c6d2.
              Deleting index entry SecureBlackbox.HTTP.dll in index $I30 of file 6C525.
              Index entry SECURE~2.DLL of index $I30 in file 0x6c525 points to unused file 0x6c6d2.
              Deleting index entry SECURE~2.DLL in index $I30 of file 6C525.
                1073308 index entries processed.                                                       
              
              Index verification completed.
               Phase duration (Index verification): 3.19 minutes.
              CHKDSK is scanning unindexed files for reconnect to their original directory.
                8 unindexed files scanned.                                        
              
                0 unindexed files recovered to original directory.
               Phase duration (Orphan reconnection): 0.00 milliseconds.
              CHKDSK is recovering remaining unindexed files.
                8 unindexed files recovered to lost and found.                    
              
                  Lost and found is located at \found.001
              
               Phase duration (Orphan recovery to lost and found): 0.00 milliseconds.
                93783 reparse records processed.                                      
              
               Phase duration (Reparse point and Object ID verification): 202.27 milliseconds.
              
              Stage 3: Examining security descriptors ...
              Cleaning up 27 unused index entries from index $SII of file 0x9.
              Cleaning up 27 unused index entries from index $SDH of file 0x9.
              Cleaning up 27 unused security descriptors.
              Security descriptor verification completed.
               Phase duration (Security descriptor verification): 56.04 milliseconds.
                160079 data files processed.                                           
              
               Phase duration (Data attribute verification): 2.42 milliseconds.
              CHKDSK is verifying Usn Journal...
              Usn Journal verification completed.
              Correcting errors in the master file table's (MFT) BITMAP attribute.
              CHKDSK discovered free space marked as allocated in the volume bitmap.
              
              Windows has made corrections to the file system.
              No further action is required.
              
               949227519 KB total disk space.
                41826360 KB in 456509 files.
                  313136 KB in 160082 indexes.
                     136 KB in bad sectors.
                  855103 KB in use by the system.
                   65536 KB occupied by the log file.
               906232784 KB available on disk.
              
                    4096 bytes in each allocation unit.
               237306879 total allocation units on disk.
               226558196 allocation units available on disk.
              Total duration: 12.19 minutes (731983 ms).
              
              Internal Info:
              00 7e 0b 00 54 68 09 00 1a 9b 0f 00 00 00 00 00  .~..Th..........
              a4 01 00 00 b3 6c 01 00 00 00 00 00 00 00 00 00  .....l..........
              
 
 
 
 
========= End of CMD: =========
 
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
HKLM\System\CurrentControlSet\Services\AppleKmdfFilter => removed successfully
AppleKmdfFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\AppleLowerFilter => removed successfully
AppleLowerFilter => service removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{000D3822-5246-48C5-80A7-056475DCFEEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{000D3822-5246-48C5-80A7-056475DCFEEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03C56F68-AB18-4303-9099-499A310CFA10}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03C56F68-AB18-4303-9099-499A310CFA10}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05C420AC-D6E7-4960-8EAE-9D76F7BCBB39}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05C420AC-D6E7-4960-8EAE-9D76F7BCBB39}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05F69063-9E05-4AD0-BB3F-7432B6CC3469}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05F69063-9E05-4AD0-BB3F-7432B6CC3469}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1155BD0F-2583-435D-A981-DA5E2AA37436}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1155BD0F-2583-435D-A981-DA5E2AA37436}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{184E9436-65FD-4C7F-91C4-0309E21F1491}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{184E9436-65FD-4C7F-91C4-0309E21F1491}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20A37501-0E20-4ED4-9967-07DAE3013F99}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20A37501-0E20-4ED4-9967-07DAE3013F99}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4432FAEA-EB32-4C06-A656-EAD35869C8DA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4432FAEA-EB32-4C06-A656-EAD35869C8DA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69FEED23-F89C-4941-8B08-86167CDD9A3E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69FEED23-F89C-4941-8B08-86167CDD9A3E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C9D8729-5D28-4B7F-B826-0992ED4E38E9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C9D8729-5D28-4B7F-B826-0992ED4E38E9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7819A85D-D55E-4005-B7AA-8315CD13267E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7819A85D-D55E-4005-B7AA-8315CD13267E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94B1D677-D691-42F8-805A-208B065E631E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94B1D677-D691-42F8-805A-208B065E631E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE9D377D-074C-495E-AC7D-960A3B522B72}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE9D377D-074C-495E-AC7D-960A3B522B72}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1168067149-1418559455-1623139670-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B47378CA-0DB0-4F99-9544-B40A3C5C1A6C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B47378CA-0DB0-4F99-9544-B40A3C5C1A6C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B77FAA68-E9F4-435D-82DC-4C028ADEFB58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B77FAA68-E9F4-435D-82DC-4C028ADEFB58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2A2CE6B-EE81-4153-B214-B02C7B10C6CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2A2CE6B-EE81-4153-B214-B02C7B10C6CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD54645E-AF5A-4F97-BBB2-35F2603E97F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD54645E-AF5A-4F97-BBB2-35F2603E97F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF46A063-1511-4D0E-8840-212603E34C9B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF46A063-1511-4D0E-8840-212603E34C9B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Intel Driver & Support Assistant" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{000D3822-5246-48C5-80A7-056475DCFEEF}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03C56F68-AB18-4303-9099-499A310CFA10}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05C420AC-D6E7-4960-8EAE-9D76F7BCBB39}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05F69063-9E05-4AD0-BB3F-7432B6CC3469}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09E4FB88-3387-4BB2-A758-87A8E22DCDF1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E4FB88-3387-4BB2-A758-87A8E22DCDF1}" => removed successfully
C:\WINDOWS\System32\Tasks\DolbySelectorTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DolbySelectorTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1155BD0F-2583-435D-A981-DA5E2AA37436}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{184E9436-65FD-4C7F-91C4-0309E21F1491}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{185CD1E4-DD2D-4AAF-AB0D-E93D3642209F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{185CD1E4-DD2D-4AAF-AB0D-E93D3642209F}" => removed successfully
C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20A37501-0E20-4ED4-9967-07DAE3013F99}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B63D030-AC55-4665-9001-84DD8D238E44}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B63D030-AC55-4665-9001-84DD8D238E44}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\LSC\LSCTaskService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LSC\LSCTaskService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4432FAEA-EB32-4C06-A656-EAD35869C8DA}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69FEED23-F89C-4941-8B08-86167CDD9A3E}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C9D8729-5D28-4B7F-B826-0992ED4E38E9}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7819A85D-D55E-4005-B7AA-8315CD13267E}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94B1D677-D691-42F8-805A-208B065E631E}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{991B6EBC-0923-4C82-AFF5-3CD5F8BBACB4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991B6EBC-0923-4C82-AFF5-3CD5F8BBACB4}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA1AF704-E393-47D2-8AA8-61A8235E604C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA1AF704-E393-47D2-8AA8-61A8235E604C}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE9D377D-074C-495E-AC7D-960A3B522B72}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1168067149-1418559455-1623139670-1001" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B47378CA-0DB0-4F99-9544-B40A3C5C1A6C}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B77FAA68-E9F4-435D-82DC-4C028ADEFB58}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2A2CE6B-EE81-4153-B214-B02C7B10C6CB}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8F62D32-1E9B-4258-96A7-FA06C62768FD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8F62D32-1E9B-4258-96A7-FA06C62768FD}" => removed successfully
C:\WINDOWS\System32\Tasks\Pokki => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pokki" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD54645E-AF5A-4F97-BBB2-35F2603E97F6}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF46A063-1511-4D0E-8840-212603E34C9B}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => not found
HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10 => removed successfully
HKU\S-1-5-21-1168067149-1418559455-1623139670-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D0321DD-FFEF-4C25-A58A-08D846345E8C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D0321DD-FFEF-4C25-A58A-08D846345E8C}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D0321DD-FFEF-4C25-A58A-08D846345E8C}" => not found
 
========= "C:\WINDOWS\SYSTEM32\lodctr.exe" /R =========
 
 
Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========
 
 
========= "C:\WINDOWS\SysWOW64\lodctr.exe" /R =========
 
 
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
 
 
========= "C:\Windows\SysWOW64\lodctr.exe" /R =========
 
 
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
 
 
========= "C:\Windows\SYSTEM32\lodctr.exe" /R =========
 
 
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
 
 
========= fltmc instances =========
 
Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo              \Device\HarddiskVolume3                    40500     FileInfo                  0     00000007  
FileInfo              C:                                         40500     FileInfo                  0     00000007  
FileInfo                                                         40500     FileInfo                  0     00000007  
FileInfo              \Device\HarddiskVolumeShadowCopy1          40500     FileInfo                  0     00000007  
FileInfo              \Device\Mup                                40500     FileInfo                  0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              \Device\HarddiskVolume3                   328010     WdFilter Instance         0     00000007  
WdFilter              C:                                        328010     WdFilter Instance         0     00000007  
WdFilter                                                        328010     WdFilter Instance         0     00000007  
WdFilter              \Device\HarddiskVolumeShadowCopy1         328010     WdFilter Instance         0     00000007  
WdFilter              \Device\Mup                               328010     WdFilter Instance         0     00000007  
Wof                                                              40700     Wof Instance              0     00000007  
Wof                   C:                                         40700     Wof Instance              0     00000007  
Wof                                                              40700     Wof Instance              0     00000007  
Wof                   \Device\HarddiskVolumeShadowCopy1          40700     Wof Instance              0     00000007  
bindflt               C:                                        409800     bindflt Instance          0     00000007  
luafv                 C:                                        135000     luafv                     0     00000007  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
wcifs                 C:                                        189900     wcifs Instance            0     00000007  
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
Unable to connect to BITS - 0x80080005
Server execution failed
 
 
 
========= End of CMD: =========
 
 
=========== "C:\Windows\Temp\*.*" ==========
 
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\LENOVO-PC-20220108-0913.log => moved successfully
C:\Windows\Temp\LENOVO-PC-20220108-0952.log => moved successfully
C:\Windows\Temp\LENOVO-PC-20220108-1228.log => moved successfully
C:\Windows\Temp\LENOVO-PC-20220108-1245.log => moved successfully
C:\Windows\Temp\LENOVO-PC-20220108-1304.log => moved successfully
C:\Windows\Temp\LENOVO-PC-20220108-1319.log => moved successfully
C:\Windows\Temp\LENOVO-PC-20220108-1349.log => moved successfully
C:\Windows\Temp\LENOVO-PC-20220108-1902.log => moved successfully
C:\Windows\Temp\LENOVO-PC-20220109-0738.log => moved successfully
C:\Windows\Temp\LENOVO-PC-20220109-0743.log => moved successfully
C:\Windows\Temp\LENOVO-PC-20220109-0743a.log => moved successfully
Could not move "C:\Windows\Temp\LENOVO-PC-20220109-0745.log" => Scheduled to move on reboot.
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpCopyAccelerator.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20220109073855FB0).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_c2ruidll(202201090745212BA0).log" => Scheduled to move on reboot.
C:\Windows\Temp\officeclicktorun.exe_streamserver(20220109073855FB0).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202201090745212BA0).log" => Scheduled to move on reboot.
 
========= End -> "C:\Windows\Temp\*.*" ========
 
 
=========== "C:\WINDOWS\system32\*.tmp" ==========
 
not found
 
========= End -> "C:\WINDOWS\system32\*.tmp" ========
 
 
=========== "C:\WINDOWS\syswow64\*.tmp" ==========
 
not found
 
========= End -> "C:\WINDOWS\syswow64\*.tmp" ========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13712764 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4086 B
Edge => 4096 B
Chrome => 151552 B
Firefox => 14836698 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 605124529 B
systemprofile32 => 605124529 B
LocalService => 605124529 B
NetworkService => 605814131 B
customerservice => 608825602 B
 
RecycleBin => 41238064 B
EmptyTemp: => 2.9 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-01-2022 07:56:48)
 
C:\Windows\Temp\LENOVO-PC-20220109-0745.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(202201090745212BA0).log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202201090745212BA0).log => Is moved successfully
 
==== End of Fixlog 07:56:48 ====
 
 
 
 
 
TimeCreated : 1/4/2022 6:50:23 PM
Message     : 
              
              Checking file system on C:
              The type of the file system is NTFS.
              Volume label is Windows8_OS.
              
              
              A disk check has been scheduled.
              Windows will now check the disk.                         
              
              Stage 1: Examining basic file system structure ...
              The USA check value, 0x7e, at block 0x1 is incorrect.
              The expected value is 0x4.
              The multi-sector header signature in file 0x250ec is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 250EC.
              The USA check value, 0x39, at block 0x1 is incorrect.
              The expected value is 0x4.
              The multi-sector header signature in file 0x250ed is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 250ED.
              The USA check value, 0x36, at block 0x1 is incorrect.
              The expected value is 0x4.
              The multi-sector header signature in file 0x250ee is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 250EE.
              The USA check value, 0x6e, at block 0x1 is incorrect.
              The expected value is 0x4.
              The multi-sector header signature in file 0x250ef is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 250EF.
              The USA check value, 0x0, at block 0x1 is incorrect.
              The expected value is 0x8e.
              The multi-sector header signature in file 0x6c6b4 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6B4.
              The USA check value, 0x9999, at block 0x1 is incorrect.
              The expected value is 0x57.
              The multi-sector header signature in file 0x6c6b5 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6B5.
              The USA check value, 0x0, at block 0x1 is incorrect.
              The expected value is 0x8e.
              The multi-sector header signature in file 0x6c6b7 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6B7.
              The USA check value, 0x9999, at block 0x1 is incorrect.
              The expected value is 0x60.
              The multi-sector header signature in file 0x6c6d1 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6D1.
              The USA check value, 0x0, at block 0x1 is incorrect.
              The expected value is 0x3.
              The multi-sector header signature in file 0x6c6d2 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6D2.
              The USA check value, 0x9999, at block 0x1 is incorrect.
              The expected value is 0x60.
              The multi-sector header signature in file 0x6c6d3 is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6D3.
              The USA check value, 0x0, at block 0x1 is incorrect.
              The expected value is 0x9.
              The multi-sector header signature in file 0x6c6fc is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6FC.
              The USA check value, 0x2e, at block 0x1 is incorrect.
              The expected value is 0x11.
              The multi-sector header signature in file 0x6c6fd is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6FD.
              The USA check value, 0x0, at block 0x1 is incorrect.
              The expected value is 0x9.
              The multi-sector header signature in file 0x6c6ff is incorrect.
              42 41 41 44 30 00 03 00 ?? ?? ?? ?? ?? ?? ?? ??  BAAD0...........
              Deleting corrupt file record segment 6C6FF.
                753152 file records processed.                                                        
              
              File verification completed.
               Phase duration (File record verification): 8.91 minutes.
              Deleting orphan file record segment 6C6F8.
              Deleting orphan file record segment 6C6F9.
              Deleting orphan file record segment 6C6FA.
              Deleting orphan file record segment 6C6FB.
                20530 large file records processed.                                   
              
               Phase duration (Orphan file record recovery): 0.00 milliseconds.
                0 bad file records processed.                                     
              
               Phase duration (Bad file record checking): 2.15 milliseconds.
              
              Stage 2: Examining file name linkage ...
              The reparse point index entry in file 0x1a points to file 0x6c6fd
              but the file has no reparse point in it.
              Deleting an index entry from index $R of file 1A.
                93783 reparse records processed.                                      
              
              Index entry 00000000000844B6 of index $I30 in file 0x1e points to unused file 0x6c6fa.
              Deleting index entry 00000000000844B6 in index $I30 of file 1E.
              Index entry 00000000000844F9 of index $I30 in file 0x1e points to unused file 0x6c6b7.
              Deleting index entry 00000000000844F9 in index $I30 of file 1E.
              Index entry 00000000000844FC of index $I30 in file 0x1e points to unused file 0x6c6b4.
              Deleting index entry 00000000000844FC in index $I30 of file 1E.
              Index entry MI0C21~1.MUM of index $I30 in file 0xbd07 points to unused file 0x250ec.
              Deleting index entry MI0C21~1.MUM in index $I30 of file BD07.
              Index entry MI7DC2~1.MUM of index $I30 in file 0xbd07 points to unused file 0x250ee.
              Deleting index entry MI7DC2~1.MUM in index $I30 of file BD07.
              Index entry Microsoft-NanoServer-Licensing-Package~31bf3856ad364e35~amd64~lv-LV~10.0.19041.906.mum of 
              index $I30 in file 0xbd07 points to unused file 0x250ed.
              Deleting index entry 
              Microsoft-NanoServer-Licensing-Package~31bf3856ad364e35~amd64~lv-LV~10.0.19041.906.mum in index $I30 of 
              file BD07.
              Index entry 
              Microsoft-Windows-Client-Desktop-Required-Package0112~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1387.mum 
              of index $I30 in file 0xbd07 points to unused file 0x250ee.
              Deleting index entry 
              Microsoft-Windows-Client-Desktop-Required-Package0112~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1387.mum 
              in index $I30 of file BD07.
              Index entry 
              Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~pl-PL~10.0.19041.1266.mum of index 
              $I30 in file 0xbd07 points to unused file 0x250ec.
              Deleting index entry 
              Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~pl-PL~10.0.19041.1266.mum in index 
              $I30 of file BD07.
              Index entry 
              Microsoft-Windows-EditionSpecific-StarterN-Package~31bf3856ad364e35~amd64~nl-NL~10.0.19041.423.mum of 
              index $I30 in file 0xbd07 points to unused file 0x250ef.
              Deleting index entry 
              Microsoft-Windows-EditionSpecific-StarterN-Package~31bf3856ad364e35~amd64~nl-NL~10.0.19041.423.mum in 
              index $I30 of file BD07.
              Index entry MID5D4~1.MUM of index $I30 in file 0xbd07 points to unused file 0x250ed.
              Deleting index entry MID5D4~1.MUM in index $I30 of file BD07.
              Index entry MIDC56~1.MUM of index $I30 in file 0xbd07 points to unused file 0x250ef.
              Deleting index entry MIDC56~1.MUM in index $I30 of file BD07.
              Index entry FI2A0B~1.ODL of index $I30 in file 0x19cc6 points to unused file 0x6c6d0.
              Deleting index entry FI2A0B~1.ODL in index $I30 of file 19CC6.
              The file reference 0x2c00000006c6b6 of index entry 206095~1.LOG of index $I30
              with parent 0x245c0 is not the same as 0x2d00000006c6b6.
              Deleting index entry 206095~1.LOG in index $I30 of file 245C0.
              The file reference 0x900000006c6fe of index entry MICROS~1.SWA of index $I30
              with parent 0x35d41 is not the same as 0xa00000006c6fe.
              Deleting index entry MICROS~1.SWA in index $I30 of file 35D41.
              Index entry wirelessdisplay.adml of index $I30 in file 0x372d0 points to unused file 0x6c6f9.
              Deleting index entry wirelessdisplay.adml in index $I30 of file 372D0.
              Index entry WIRELE~1.ADM of index $I30 in file 0x372d0 points to unused file 0x6c6f9.
              Deleting index entry WIRELE~1.ADM in index $I30 of file 372D0.
              Index entry wirelessdisplay.adml of index $I30 in file 0x372e1 points to unused file 0x6c6ff.
              Deleting index entry wirelessdisplay.adml in index $I30 of file 372E1.
              Index entry WIRELE~1.ADM of index $I30 in file 0x372e1 points to unused file 0x6c6ff.
              Deleting index entry WIRELE~1.ADM in index $I30 of file 372E1.
              Index entry wirelessdisplay.adml of index $I30 in file 0x3731b points to unused file 0x6c6f8.
              Deleting index entry wirelessdisplay.adml in index $I30 of file 3731B.
              Index entry WIRELE~1.ADM of index $I30 in file 0x3731b points to unused file 0x6c6f8.
              Deleting index entry WIRELE~1.ADM in index $I30 of file 3731B.
              Index entry wirelessdisplay.adml of index $I30 in file 0x37350 points to unused file 0x6c6fb.
              Deleting index entry wirelessdisplay.adml in index $I30 of file 37350.
              Index entry WIRELE~1.ADM of index $I30 in file 0x37350 points to unused file 0x6c6fb.
              Deleting index entry WIRELE~1.ADM in index $I30 of file 37350.
              Index entry wirelessdisplay.adml of index $I30 in file 0x37358 points to unused file 0x6c6fc.
              Deleting index entry wirelessdisplay.adml in index $I30 of file 37358.
              Index entry WIRELE~1.ADM of index $I30 in file 0x37358 points to unused file 0x6c6fc.
              Deleting index entry WIRELE~1.ADM in index $I30 of file 37358.
              Index entry MI4905~1.CAT of index $I30 in file 0x3b3ec points to unused file 0x6c6fd.
              Deleting index entry MI4905~1.CAT in index $I30 of file 3B3EC.
              Index entry Microsoft-Windows-WindowsAppCompat-Package~31bf3856ad364e35~amd64~lv-LV~10.0.19041.1151.cat 
              of index $I30 in file 0x3b3ec points to unused file 0x6c6fd.
              Deleting index entry 
              Microsoft-Windows-WindowsAppCompat-Package~31bf3856ad364e35~amd64~lv-LV~10.0.19041.1151.cat in index 
              $I30 of file 3B3EC.
              Index entry wintypes.dll.mui of index $I30 in file 0x4070a points to unused file 0x6c6d1.
              Deleting index entry wintypes.dll.mui in index $I30 of file 4070A.
              Index entry WINTYP~1.MUI of index $I30 in file 0x4070a points to unused file 0x6c6d1.
              Deleting index entry WINTYP~1.MUI in index $I30 of file 4070A.
              Index entry wintypes.dll.mui of index $I30 in file 0x4084c points to unused file 0x6c6d3.
              Deleting index entry wintypes.dll.mui in index $I30 of file 4084C.
              Index entry WINTYP~1.MUI of index $I30 in file 0x4084c points to unused file 0x6c6d3.
              Deleting index entry WINTYP~1.MUI in index $I30 of file 4084C.
              Index entry wintypes.dll.mui of index $I30 in file 0x40907 points to unused file 0x6c6b5.
              Deleting index entry wintypes.dll.mui in index $I30 of file 40907.
              Index entry WINTYP~1.MUI of index $I30 in file 0x40907 points to unused file 0x6c6b5.
              Deleting index entry WINTYP~1.MUI in index $I30 of file 40907.
              Index entry SecureBlackbox.HTTP.dll of index $I30 in file 0x6c525 points to unused file 0x6c6d2.
              Deleting index entry SecureBlackbox.HTTP.dll in index $I30 of file 6C525.
              Index entry SECURE~2.DLL of index $I30 in file 0x6c525 points to unused file 0x6c6d2.
              Deleting index entry SECURE~2.DLL in index $I30 of file 6C525.
                1073308 index entries processed.                                                       
              
              Index verification completed.
               Phase duration (Index verification): 3.19 minutes.
              CHKDSK is scanning unindexed files for reconnect to their original directory.
                8 unindexed files scanned.                                        
              
                0 unindexed files recovered to original directory.
               Phase duration (Orphan reconnection): 0.00 milliseconds.
              CHKDSK is recovering remaining unindexed files.
                8 unindexed files recovered to lost and found.                    
              
                  Lost and found is located at \found.001
              
               Phase duration (Orphan recovery to lost and found): 0.00 milliseconds.
                93783 reparse records processed.                                      
              
               Phase duration (Reparse point and Object ID verification): 202.27 milliseconds.
              
              Stage 3: Examining security descriptors ...
              Cleaning up 27 unused index entries from index $SII of file 0x9.
              Cleaning up 27 unused index entries from index $SDH of file 0x9.
              Cleaning up 27 unused security descriptors.
              Security descriptor verification completed.
               Phase duration (Security descriptor verification): 56.04 milliseconds.
                160079 data files processed.                                           
              
               Phase duration (Data attribute verification): 2.42 milliseconds.
              CHKDSK is verifying Usn Journal...
              Usn Journal verification completed.
              Correcting errors in the master file table's (MFT) BITMAP attribute.
              CHKDSK discovered free space marked as allocated in the volume bitmap.
              
              Windows has made corrections to the file system.
              No further action is required.
              
               949227519 KB total disk space.
                41826360 KB in 456509 files.
                  313136 KB in 160082 indexes.
                     136 KB in bad sectors.
                  855103 KB in use by the system.
                   65536 KB occupied by the log file.
               906232784 KB available on disk.
              
                    4096 bytes in each allocation unit.
               237306879 total allocation units on disk.
               226558196 allocation units available on disk.
              Total duration: 12.19 minutes (731983 ms).
              
              Internal Info:
              00 7e 0b 00 54 68 09 00 1a 9b 0f 00 00 00 00 00  .~..Th..........
              a4 01 00 00 b3 6c 01 00 00 00 00 00 00 00 00 00  .....l..........
              
 
 
 

  • 0

Advertisements


#26
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts
 949227519 KB total disk space.
                41826360 KB in 456509 files.
                  313136 KB in 160082 indexes.
                     136 KB in bad sectors.
                  855103 KB in use by the system.
                   65536 KB occupied by the log file.
               906232784 KB available on disk.

 

 

That hard drive does not look healthy and as time passes by, it will get worst.. I believe it is time to backup personal records, replace the hard drive and reinstall.

 

You did not post the Search.txt.

 

Open FRST. Type the following in the dialog box, next to search.

 
upnp.dll
 
Click on the search Files button. A log will be produced in the same location FRST was ran. Please Post its contents in your next reply.

 

 

If you decide to change the hard drive and reinstall, I am enclosing the right process to reinstall Windows 10.

 

Once you replace the hard drive, you should run Diskpart as indicated in the document, wipe clean the hard drive and convert it to GPT. Windows will do the rest of the partitions and settings.

 

Let me know if you have questions.


  • 0

#27
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Farbar Recovery Scan Tool (x64) Version: 27-12-2021
Ran by customerservice (09-01-2022 12:05:03)
Running from C:\Users\customerservice\Desktop
Boot Mode: Normal
 
================== Search Files: "upnp.dll" =============
 
C:\Windows\WinSxS\wow64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_b201fe701a40c4dd\r\upnp.dll
[2021-07-08 17:00][2021-07-03 03:29] 000008737 _____ () 7C4A986135FF463295B33FF6F8D08D38 [File not signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_b201fe701a40c4dd\f\upnp.dll
[2021-07-08 17:00][2021-07-03 03:27] 000025652 _____ () 70C56CE185B2D9EBA55F86A7F58F232E [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_a7ad541de5e002e2\r\upnp.dll
[2021-07-08 17:00][2021-07-04 16:09] 000008606 _____ () FEAF4220D63D6DA7C10B8A8B2992987E [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_a7ad541de5e002e2\f\upnp.dll
[2021-07-08 17:00][2021-07-04 16:09] 000028788 _____ () 6B264F57981861F7B4A845D053A27030 [File not signed]
 
C:\Windows\SysWOW64\upnp.dll
[2021-07-08 17:05][2021-07-08 17:05] 000352768 _____ (Microsoft Corporation) 5E54D417950E77ECC85F95D8D5A0AA8E [File is digitally signed]
 
C:\Windows\System32\upnp.dll
[2021-07-08 17:05][2021-07-08 17:05] 000441344 _____ (Microsoft Corporation) 38D0C0413FA377CBFB7D2079DE63D921 [File not signed]
 
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1415.1.6\wow64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_b201fe701a40c4dd\r\upnp.dll
[2021-12-17 17:08][2021-07-03 04:29] 000008737 ____N () 7C4A986135FF463295B33FF6F8D08D38 [File not signed]
 
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1415.1.6\wow64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_b201fe701a40c4dd\f\upnp.dll
[2021-12-17 17:08][2021-07-03 04:27] 000025652 ____N () 70C56CE185B2D9EBA55F86A7F58F232E [File not signed]
 
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1415.1.6\amd64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_a7ad541de5e002e2\r\upnp.dll
[2021-12-17 17:08][2021-12-10 02:07] 000008606 ____N () FEAF4220D63D6DA7C10B8A8B2992987E [File not signed]
 
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1415.1.6\amd64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_a7ad541de5e002e2\f\upnp.dll
[2021-12-17 17:08][2021-12-10 02:06] 000028788 ____N () 40D72DE1A95CB5A7CD43D14E587E6444 [File not signed]
 
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1348.1.7\wow64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_b201fe701a40c4dd\r\upnp.dll
[2021-11-11 19:55][2021-07-03 04:29] 000008737 ____N () 7C4A986135FF463295B33FF6F8D08D38 [File not signed]
 
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1348.1.7\wow64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_b201fe701a40c4dd\f\upnp.dll
[2021-11-11 19:55][2021-07-03 04:27] 000025652 ____N () 70C56CE185B2D9EBA55F86A7F58F232E [File not signed]
 
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1348.1.7\amd64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_a7ad541de5e002e2\r\upnp.dll
[2021-11-11 19:55][2021-11-02 23:36] 000008606 ____N () FEAF4220D63D6DA7C10B8A8B2992987E [File not signed]
 
C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1348.1.7\amd64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_a7ad541de5e002e2\f\upnp.dll
[2021-11-11 19:55][2021-11-02 23:35] 000028788 ____N () 861483D59AE2578112B481359ACF4444 [File not signed]
 
 
====== End of Search ======

  • 0

#28
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts

The Universal Plug and Play file (upnp.dll) is not digitally signed and there is no good replacement in the computer.

 

I believe you'll need to replace the hard drive, as mentioned before, and reinstall.


  • 0

#29
tjmcs

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

Was afraid of that. You tried. Thanks.


  • 0

#30
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,589 posts

You are welcome. :)

 

Best regards :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP