Inactive Trouble starting

al davis · Aug 8, 2020

Having trouble beginning the removal process. Can't download FRST in several tries, it starts but stalls & never completes. I copied the DL link and DL'ed on another computer. It started then updated then reported it won't run on my computer due to incompatibility. My target is a 64 bit Win10, I downloaded via copied link FRST64.exe.

The original problem that brings me here is that I suspect corruption that seems to affect all my Win10 browsers (Pale Moon, MS Edge & IE). The all run extreemly slow, sometimes never connect to the target website. Something seems to be throttling them to the point of not being usable. Another computer tied to the same hotspot runs fine.

Are there things I should try to get this process underway ?

Al

al davis · Aug 8, 2020

Well, on a retry it DID run but I think it failed to update. Here are the logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-08-2020
Ran by User (administrator) on TENNER (LENOVO 90F10030US) (08-08-2020 18:33:36)
Running from C:\Users\User\Desktop\RunPeriodic\Aug2020
Loaded Profiles: User
Platform: Windows 10 Home Version 2004 19041.423 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
(CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) [File not signed] C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\igfxTray.exe
(Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.3-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Skd8821] => C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe [2203648 2015-07-23] (LITE-ON TECHNOLOGY CORP.) [File not signed]
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit64.exe [53832 2015-07-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink -> CyberLink Corp.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2104912744-3228988123-3252583671-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [224768 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2019-06-05]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2019-06-05]
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C89F44B-A046-432B-BA15-E1995E1597FF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.3-0\MpCmdRun.exe [525048 2020-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1A830ABB-8BEC-477F-9B30-660F7B44D338} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [287688 2016-04-05] (LENOVO -> Lenovo)
Task: {201E3F23-D220-4550-8CD6-964D5CB9A402} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.3-0\MpCmdRun.exe [525048 2020-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {22272786-F23D-4CD3-8FE8-CDA993F598A3} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [829344 2015-07-12] (LENOVO -> )
Task: {4158E084-39AC-4511-9C54-593CA9FE18E6} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-05-20] (CyberLink Corp. -> CyberLink Corp.)
Task: {493CDD79-3D79-429E-AA6C-49AB413FE5B1} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270272 2015-07-02] (LENOVO -> Lenovo)
Task: {4F1C2EC2-56C9-48FD-A3E6-C55F31D2EE9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-27] (Google Inc -> Google LLC)
Task: {536C644C-6294-4DAF-B0DA-7439BBF984FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.3-0\MpCmdRun.exe [525048 2020-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67364809-12A8-4F6C-A223-C525E098DF9A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-08] (LENOVO -> Lenovo)
Task: {6C06197D-D498-4FDB-B53B-AD179967BF80} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-27] (Google Inc -> Google LLC)
Task: {704F81A8-4F75-4776-BEF4-1455D5A0AD46} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {724157D1-A2C7-4B1F-895F-EF60B22FA68C} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [679880 2016-03-29] (LENOVO -> Lenovo)
Task: {73B8A937-60DD-4C40-A0D4-3F6F0454C132} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {826E2F54-091A-4FE7-BCDF-E19D69006C17} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [679880 2016-03-29] (LENOVO -> Lenovo)
Task: {9E2C7621-6352-4E69-8E0F-98852F0600FE} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2104912744-3228988123-3252583671-500 => C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B28F2501-0BE0-440D-89D7-6DD8CD0785C2} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {B65795FC-62D8-40C3-97FA-FD190BC50599} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412952 2015-09-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {BA40666C-7619-4E99-BA92-C8EE99DC959E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9465280 2015-07-02] (LENOVO -> )
Task: {C6AC344F-EB50-471D-A17B-F2347406A4E2} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9465280 2015-07-02] (LENOVO -> )
Task: {C6DF2F67-1A5F-4603-8BAE-4B5CE361A040} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [808352 2015-07-12] (LENOVO -> )
Task: {CA9A706C-789B-46FD-8324-DBBE52480A1A} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [1149344 2015-07-10] (LENOVO -> Lenovo)
Task: {D8CB4ED9-6A2B-47E7-8213-C7317C633A72} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.3-0\MpCmdRun.exe [525048 2020-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EB96D008-0C5C-4BB2-9E79-7650F3026612} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => sc control iMControllerService 128
Task: {ECF340E6-1E13-42BD-8BC7-6C0BF41F2F82} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1320384 2015-07-02] (LENOVO -> Lenovo)
Task: {EFAC2C42-88CC-4D23-B629-8CCF47962122} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1413384 2015-09-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6a4db590-1fdc-4a19-bf4c-f2f400fc5ecb}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c018ebfc-2a80-4759-b3bc-b4088ed499e3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2104912744-3228988123-3252583671-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
HKU\S-1-5-21-2104912744-3228988123-3252583671-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-2104912744-3228988123-3252583671-1001 -> DefaultScope {080799D7-8D2B-4E88-AD36-1406A31CF5BC} URL =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.52\BHO\ie_to_edge_bho_64.dll [2020-08-01] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-08]

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ya1q7i6.default [2019-12-13]
FF Homepage: Mozilla\Firefox\Profiles\5ya1q7i6.default -> hxxp://www.cloudynights.com/index/
FF ProfilePath: C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\hwaehdq0.default [2020-08-08]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\hwaehdq0.default -> about:home
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2020
Ran by User (08-08-2020 18:37:39)
Running from C:\Users\User\Desktop\RunPeriodic\Aug2020
Windows 10 Home Version 2004 19041.423 (X64) (2020-06-29 23:02:48)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2104912744-3228988123-3252583671-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2104912744-3228988123-3252583671-503 - Limited - Disabled)
Guest (S-1-5-21-2104912744-3228988123-3252583671-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2104912744-3228988123-3252583671-1005 - Limited - Enabled)
User (S-1-5-21-2104912744-3228988123-3252583671-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2104912744-3228988123-3252583671-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Standard Edition 8.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.12 - Arduino LLC)
Components (HKLM-x32\...\{1720B0E0-C520-43A6-B677-97A1D80F3B99}) (Version: 1.0.023.00 - Lenovo) Hidden
Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.02.0716 - Lenovo)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Google Earth Pro (HKLM\...\{B6EAFE41-5723-40EB-869B-4AF44CA17B35}) (Version: 7.3.3.7699 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Jupiter 2.0.7.1 (HKLM-x32\...\{22C070B6-BEC2-4B4B-8324-08DE6F168B9C}_is1) (Version: - Sylvain Rondi)
Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.)
Lenovo Slim USB Keyboard (HKLM\...\{494D80C4-3557-4D73-A153-65FE4B3ECDC3}) (Version: 1.17 - Lenovo)
Lenovo Solution Center (HKLM\...\{A5591EC4-8AD6-48EE-9F8D-FACFA8BA4E35}) (Version: 3.0.002.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.023.00 - Lenovo)
Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - )
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2104912744-3228988123-3252583671-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.47.2 - Microsoft Corporation)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Pale Moon 28.10.0 (x64 en-US) (HKLM\...\Pale Moon 28.10.0 (x64 en-US)) (Version: 28.10.0 - Moonchild Productions)
PuTTY release 0.73 (HKLM-x32\...\{9A5E8BB6-AECA-42FB-8E76-DC8EA546AF2A}) (Version: 0.73.0.0 - Simon Tatham)
Python 3.7.5 (64-bit) (HKU\S-1-5-21-2104912744-3228988123-3252583671-1001\...\{5e6d7bfa-46e9-4496-9ccd-e15816be8f0a}) (Version: 3.7.5150.0 - Python Software Foundation)
Python 3.7.5 Core Interpreter (64-bit) (HKLM\...\{6DC6BC71-F1FB-412D-A16A-2FE8C463E89F}) (Version: 3.7.5150.0 - Python Software Foundation) Hidden
Python 3.7.5 Development Libraries (64-bit) (HKLM\...\{5A54B213-36D8-40CB-9E55-D20864AEF3C8}) (Version: 3.7.5150.0 - Python Software Foundation) Hidden
Python 3.7.5 Executables (64-bit) (HKLM\...\{8864B390-4DFB-43AB-934B-F02C48577666}) (Version: 3.7.5150.0 - Python Software Foundation) Hidden
Python 3.7.5 pip Bootstrap (64-bit) (HKLM\...\{2E590D5A-4E40-4C9C-AFF8-7CB80F085752}) (Version: 3.7.5150.0 - Python Software Foundation) Hidden
Python 3.7.5 Standard Library (64-bit) (HKLM\...\{45CB356A-C0DF-430E-B75F-7764DBA06DF9}) (Version: 3.7.5150.0 - Python Software Foundation) Hidden
Python 3.7.5 Utility Scripts (64-bit) (HKLM\...\{EFF40415-0D5B-4CBA-9080-3EE2DADB527C}) (Version: 3.7.5150.0 - Python Software Foundation) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.128 - Qualcomm Atheros)
Qualcomm Atheros QCA9377 Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.0.043 - Qualcomm Atheros)
REACHit (HKLM-x32\...\{148684F7-4513-4642-8E7E-DE0EE39298FD}) (Version: 3.0.004.9 - Lenovo)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7586 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.)
SDRSharp (HKLM-x32\...\SDRSharp) (Version: 1.0.0.1732 - SDR Chile)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.0 - Lenovo)
Stellarium 0.19.1.1 (HKLM\...\Stellarium_is1) (Version: 0.19.1.1 - Stellarium team)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Windows Driver Package - Digi International CDM Driver Package (10/28/2013 2.08.30.10) (HKLM\...\E34048117A7ADA54A13B2741325E53D9189993CC) (Version: 10/28/2013 2.08.30.10 - Digi International)
Windows Driver Package - Digi International CDM Driver Package (10/28/2013 2.08.30.10) (HKLM\...\FC9CE758D32BD6E481A68C06696B4CF706B1D7E3) (Version: 10/28/2013 2.08.30.10 - Digi International)
Windows Driver Package - Genesys Logic (GeneStor) USB (07/13/2015 4.5.0.6) (HKLM\...\AE2E6FAB44844413B4C6F53C908EACC8AFC838F0) (Version: 07/13/2015 4.5.0.6 - Genesys Logic)
Windows Driver Package - Intel Corporation (igfx) Display (07/17/2015 10.18.15.4256) (HKLM\...\00B7AF24A3F134555C104D6FD6BA2E998DF37957) (Version: 07/17/2015 10.18.15.4256 - Intel Corporation)
Windows Driver Package - Qualcomm Atheros Communications Inc. (Qcamain10x64) Net (06/24/2015 12.0.0.102) (HKLM\...\766702C88D2140850CDD709023BD1C70A8D0FFEB) (Version: 06/24/2015 12.0.0.102 - Qualcomm Atheros Communications Inc.)
Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.2015) (HKLM\...\6A304520C2F25CD034E477A379C47308AA84A2DC) (Version: 05/05/2015 10.001.0505.2015 - Realtek)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
XCTU (HKLM-x32\...\XCTU 6.5.0.3) (Version: 6.5.0.3 - Digi International Inc.)

Packages:
=========
Arduino IDE -> C:\Program Files\WindowsApps\ArduinoLLC.ArduinoIDE_1.8.21.0_x86__mdqgnx93n4wtt [2020-01-14] (Arduino LLC)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2020-01-14] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2020-01-14] (LENOVO INC.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2019-12-07] (Skype)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2104912744-3228988123-3252583671-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\19.222.1110.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2104912744-3228988123-3252583671-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\19.222.1110.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2104912744-3228988123-3252583671-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\19.222.1110.0006\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-07-12] (LENOVO -> Lenovo)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-07-12] (LENOVO -> Lenovo)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-06-29 17:18 - 2020-06-29 17:18 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2015-07-10 07:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2019-06-03 20:53 - 2020-06-16 22:09 - 000000437 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\PuTTY\;C:\Program Files (x86)\AOMEI Backupper
HKU\S-1-5-21-2104912744-3228988123-3252583671-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: 0150531459261545mcinstcleanup => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: DcpSvc => 3
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LenovoPortalService => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: UpdateAgentService => 2
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Find Fast.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office Shortcut Bar.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Office Startup.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "UMonit"
HKLM\...\StartupApproved\Run: => "Skd8821"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{7E5D63DB-8B25-48BF-9332-099F9223C5AB}C:\sdrsharp_2\sdrsharp-x86 (1)\spyserver.exe] => (Block) C:\sdrsharp_2\sdrsharp-x86 (1)\spyserver.exe () [File not signed]
FirewallRules: [TCP Query User{987C89CF-AF60-4CE0-8496-6AAB172E5063}C:\sdrsharp_2\sdrsharp-x86 (1)\spyserver.exe] => (Block) C:\sdrsharp_2\sdrsharp-x86 (1)\spyserver.exe () [File not signed]
FirewallRules: [UDP Query User{13986513-6F15-4178-96E8-983DFD5A1E9B}C:\sdr_airspy_2020\spyserver.exe] => (Block) C:\sdr_airspy_2020\spyserver.exe () [File not signed]
FirewallRules: [TCP Query User{A7EB5B18-A12C-48FD-9C92-373246412FB9}C:\sdr_airspy_2020\spyserver.exe] => (Block) C:\sdr_airspy_2020\spyserver.exe () [File not signed]
FirewallRules: [UDP Query User{48A3FACD-C970-4021-A2FD-414E87A2DF9B}C:\sdrsharp\sdrsharp.exe] => (Allow) C:\sdrsharp\sdrsharp.exe () [File not signed]
FirewallRules: [TCP Query User{57C1F111-A746-4D5F-BE71-E4AB04151A90}C:\sdrsharp\sdrsharp.exe] => (Allow) C:\sdrsharp\sdrsharp.exe () [File not signed]
FirewallRules: [UDP Query User{90ADAA7C-E55C-4395-B88F-7F3ABFEA938B}C:\sdrsharp\sdrsharp.exe] => (Block) C:\sdrsharp\sdrsharp.exe () [File not signed]
FirewallRules: [TCP Query User{C02D26C1-1099-48A2-AFCC-46280DF3ACD9}C:\sdrsharp\sdrsharp.exe] => (Block) C:\sdrsharp\sdrsharp.exe () [File not signed]
FirewallRules: [UDP Query User{684A83AE-41C2-4C44-8B36-80A2FDC6BEA5}C:\sdr -- funcube\sdrsharp-x86\spyserver.exe] => (Allow) C:\sdr -- funcube\sdrsharp-x86\spyserver.exe => No File
FirewallRules: [TCP Query User{1DD51420-53B4-4066-8DC5-DCD33728BAF6}C:\sdr -- funcube\sdrsharp-x86\spyserver.exe] => (Allow) C:\sdr -- funcube\sdrsharp-x86\spyserver.exe => No File
FirewallRules: [{4850381D-0037-4BD9-9DE7-9D8610AD6DF9}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{F8853534-C6E4-4C3C-A1E5-13F1CFDD2C7C}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
FirewallRules: [UDP Query User{99E1308D-C462-48EC-A878-BD07A3B691AC}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Block) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{11996DB7-FB47-4BC9-BD0D-8F414144ACBA}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Block) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{BB266423-DF46-479A-9483-4196D4CD86CA}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{A9ECE37E-BEA9-49E7-9C6D-0433644B2196}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{E6AEB7EB-1054-4622-8DBD-9588F55F4860}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
FirewallRules: [{2EC1FDE5-D7F3-4538-9E82-59123DE6F2D1}] => (Allow) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CHENGDU AOMEI TECHNOLOGY CO., LTD. -> AOMEI Tech Co., Ltd.)
FirewallRules: [UDP Query User{565D86F2-8B04-4F6F-80E7-20108DC36941}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [TCP Query User{70592899-B9DF-4E96-8BEB-2AD37D576B1E}C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.21.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [{DEF24352-B8B0-480B-BC83-2FA48F21C4C7}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> Lenovo)
FirewallRules: [{E6557E32-5811-4556-BD11-361B8B8C377E}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> Lenovo)
FirewallRules: [{1461862E-BA5C-4053-BD66-A7720F5B67A9}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoPortal\Lenovo.Portal.exe (LENOVO -> )
FirewallRules: [TCP Query User{D9DC8E53-A35A-43E3-ACFF-B755738B8F5F}C:\users\user\desktop\winvnc4.exe] => (Block) C:\users\user\desktop\winvnc4.exe (RealVNC Ltd -> RealVNC Ltd.)
FirewallRules: [UDP Query User{FAB7E22E-C30C-4FEC-9768-AFA6D07E30EC}C:\users\user\desktop\winvnc4.exe] => (Block) C:\users\user\desktop\winvnc4.exe (RealVNC Ltd -> RealVNC Ltd.)
FirewallRules: [{1C843EFF-3594-42BB-8836-DF18A22E0024}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{CCFB9B08-8457-418E-BB2E-78C637F7D561}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)

==================== Restore Points =========================

07-08-2020 18:46:48 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/08/2020 06:40:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (08/08/2020 06:40:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (08/08/2020 06:40:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (08/08/2020 06:40:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (08/08/2020 06:40:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (08/08/2020 06:40:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (08/08/2020 06:35:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (08/08/2020 06:35:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

System errors:
=============
Error: (08/08/2020 03:24:46 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (08/07/2020 09:00:15 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.10 with the system
having network hardware address 0E-2F-B0-28-D7-F8. Network operations on this system may
be disrupted as a result.

Error: (08/07/2020 09:00:06 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (0c:2f:b0:28:d7:f7) failed.

Error: (08/07/2020 08:46:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (08/07/2020 08:46:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys

Error: (08/07/2020 08:46:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (08/07/2020 08:46:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys

Error: (08/07/2020 08:46:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Windows Defender:
===================================
Date: 2020-08-07 14:01:31.2460000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

PUA:Win32/InstallCore threat description - Microsoft Security Intelligence

Name: PUA:Win32/InstallCore
ID: 213927
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\User\Desktop\Win Stuff\stellarium0.13.2win32_0601054033.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.321.836.0, AS: 1.321.836.0, NIS: 1.321.836.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4

Date: 2020-08-07 12:35:39.8820000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

PUA:Win32/Bibado threat description - Microsoft Security Intelligence

Name: PUA:Win32/Bibado
ID: 227145
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Als_Stuff\backup\backup\ThumbDrives\DarkOne\installer_conexant_rd01-d850.exe; file:_C:\FromXP\backup\ThumbDrives\DarkOne\installer_conexant_rd01-d850.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.321.836.0, AS: 1.321.836.0, NIS: 1.321.836.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4

Date: 2020-08-07 12:35:39.8770000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

PUA:Win32/CandyOpen threat description - Microsoft Security Intelligence

Name: PUA:Win32/CandyOpen
ID: 213956
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Als_Stuff\backup\backup\drive_d\manuals\IZArc4.1.6.exe; containerfile:_C:\Als_Stuff\backup\manuals\IZArc4.1.6.exe; containerfile:_C:\FromXP\backup\drive_d\manuals\IZArc4.1.6.exe; containerfile:_C:\FromXP\manuals\IZArc4.1.6.exe; file:_C:\Als_Stuff\backup\backup\drive_d\manuals\IZArc4.1.6.exe->(inno#000158); file:_C:\Als_Stuff\backup\manuals\IZArc4.1.6.exe->(inno#000158); file:_C:\FromXP\backup\drive_d\manuals\IZArc4.1.6.exe->(inno#000158); file:_C:\FromXP\manuals\IZArc4.1.6.exe->(inno#000158)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.321.836.0, AS: 1.321.836.0, NIS: 1.321.836.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4

Date: 2020-08-07 12:35:39.8620000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

PUA:Win32/InstallCore threat description - Microsoft Security Intelligence

Name: PUA:Win32/InstallCore
ID: 213927
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\User\Desktop\Win Stuff\stellarium0.13.2win32_0601054033.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.321.836.0, AS: 1.321.836.0, NIS: 1.321.836.0
Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4

Date: 2020-08-06 23:55:55.2240000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {7C1B4590-1846-494B-A3AA-5C08B36C69D8}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2020-08-07 10:03:34.7680000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.249.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2020-08-07 10:03:34.7670000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.249.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2020-08-07 10:03:34.7660000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.249.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2020-08-07 10:00:50.6200000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.249.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-08-07 10:00:50.6190000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.249.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80070102
Error description: The wait operation timed out.

==================== Memory info ===========================

BIOS: LENOVO M0KKT19A 09/16/2015
Motherboard: LENOVO SHARKBAY
Processor: Intel(R) Core(TM) i3-4170 CPU @ 3.70GHz
Percentage of memory in use: 77%
Total physical RAM: 4005.27 MB
Available physical RAM: 896.32 MB
Total Virtual: 4773.27 MB
Available Virtual: 1632.27 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:433.92 GB) (Free:169.62 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{47562943-bcfb-4c66-b7d0-4f3514ca67d7}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.52 GB) NTFS
\\?\Volume{685daee3-f643-40c0-8e1b-207864546791}\ (LENOVO_PART) (Fixed) (Total:30 GB) (Free:17.28 GB) NTFS
\\?\Volume{5fe34e40-16bc-4f84-b1cd-77311910f337}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 73BA6EF6)

Partition: GPT.

==================== End of Addition.txt =======================

Broni · Aug 9, 2020

Actually, I don't see anything malicious there.
I suggest new topic in Windows forum.

al davis · Aug 9, 2020

Will do. I appreciate you taking a look.

Al

Broni · Aug 9, 2020

Sure thing

Inactive Trouble starting

al davis

Posts: 232 +7

al davis

Posts: 232 +7

Broni

Posts: 56,041 +516

al davis

Posts: 232 +7

Broni

Posts: 56,041 +516

Similar threads

Latest posts