Jump to content

Carrollm1980

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by Carrollm1980

  1. This is Carroll and my fiance and I wanna say thank you very very very much for all of your help! Our computer is running so much better! My fiance found that Network Priority/Boost was an option in Lenovo Vantage that was switched on. Apparently it gives network priority to bigger games when they are running and takes away from everything else on the PC when those games are running. We knew there was a Network Priority setting in our router and had made sure that was set correctly but we had no idea about the setting in Lenovo Vantage. It used to only affect GTA and Rocket League and when it suddenly started affecting all of the games without us changing anything I was sure it had to be a virus. But there must've been some update that added all of our games to Network Priority/Boost in Lenovo? My fiance switched it off and tested every game and the internet did not drop speed at all. Other programs worked while the games were on and he was able to stream Rocket League with no issues. So we apologise for wasting your time and energy but again GREATLY appreciate all of your efforts. It was nice to have someone listen and actually try to help. I wanted to let you know what did fix our problem in case it ever happens to anyone else who has this issue and has a Lenovo Legion gaming system and they think they have a virus. Hopefully, they are all smarter than us and figure that out before going through all of this, but if they wanna game AND do ANYTHING else simultaneously, turn OFF Network Boost in Lenovo Vantage! Thank you and Malwarebytes AGAIN!!!
  2. Also on a side note I wanted to ask if reinstalling windows actually works, i know viruses would come along for the ride but wanted to know your thoughts on that topic. Seems like doing that doesn't work for most and you can mess things up if not done correctly. Also is it possible for you to remote in at some point and just go to town?
  3. This process will have to continue tomorrow. I'm Carroll's fiance and we have both been taking turns working on this issue. I can't complete the steps above without her phone being here (2-step verification). She is out of town and will be back tomorrow night. Also there are 2 other devices that we will have to go through this process on to fully straighten things up, maybe 5 if we need to do this on phones as well. Thank you for your patience. Will you be available over the weekend?
  4. Ok I restarted. I need to get going though and will be afk until late tonight. I will do the system restore point and then follow the steps to clean up chrome. I will let you know how it goes. I won't be able to complete the steps until after you're probably done for the day. Thanks for your help!
  5. Ok I am updating the wifi and ethernet now, the ethernet update is going slow. But it is going
  6. There I think I'm all caught up for now auto run scan.zip
  7. FRST 2.txtaddition 2.txt When I click on autoruns nothing happens.
  8. Ok, I didn't realize the Windows Firewall was disabled. My fiance disabled it and forgot to turn it back on when he ran one of the earlier scans for me while I was at work. I turned it back on but disabled it to run the fix. I disabled Windows Defender and Malwarebytes real-time protection. I hope I didn't miss anything but lemme know if I did. The fix ran pretty smoothly and Windows Defender was all back on after the restart. Malwarebytes I had to manually turn back on. I did completely remove Bonjour and Microsoft One Drive and restart before running the fix, we have never used either of those. I've attached the log. Thank you for all of your help! Fixlog.txt
  9. Ok, I removed those three programs, restarted the PC and ran the Farbar program again. The files attached are from that scan but let me know if you still need the Addition.txt file from before. CCleaner and AVG were just downloaded last night when I was trying scans in Lenovo and Windows Defender and not finding anything malicious. I'm not sure how long McAfee WebAdvisor was installed but I believe I was able to completely uninstall all three. Thank you! FRST.txt Addition.txt
  10. This is the addition, I have to run the other scan after work Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2021 Ran by carro (18-08-2021 04:13:16) Running from C:\Users\carro\Downloads Windows 10 Home Version 21H1 19043.1165 (X64) (2021-04-30 00:23:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1813194472-1536907766-1201081494-500 - Administrator - Disabled) carro (S-1-5-21-1813194472-1536907766-1201081494-1001 - Administrator - Enabled) => C:\Users\carro DefaultAccount (S-1-5-21-1813194472-1536907766-1201081494-503 - Limited - Disabled) Guest (S-1-5-21-1813194472-1536907766-1201081494-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1813194472-1536907766-1201081494-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Disabled - Out of date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Capture Utility (HKLM\...\{DC2C8F41-BE16-4442-BC11-6A36B995A2B3}) (Version: 1.7.4.4808 - Elgato Systems) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated) Adobe After Effects 2021 (HKLM-x32\...\AEFT_18_4) (Version: 18.4 - Adobe Inc.) Adobe Character Animator 2021 (HKLM-x32\...\CHAR_4_4) (Version: 4.4 - Adobe Inc.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.5.0.617 - Adobe Inc.) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_4_1) (Version: 25.4.1 - Adobe Inc.) Adobe Media Encoder 2021 (HKLM-x32\...\AME_15_4) (Version: 15.4 - Adobe Inc.) Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4_3) (Version: 22.4.3.317 - Adobe Inc.) Adobe Premiere Rush (HKLM-x32\...\RUSH_1_5_62) (Version: 1.5.62 - Adobe Inc.) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.06.22.050 - Advanced Micro Devices, Inc.) AMD_Chipset_Drivers (HKLM-x32\...\{dbef9d6b-46b4-4fc6-b09e-5d9f2447fde4}) (Version: 2.06.22.050 - Advanced Micro Devices, Inc.) Hidden AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 21.6.3189 - AVG Technologies) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.83 - Piriform) Dixper Studio v2.7.2 (HKLM\...\{267760CC-0CDD-4A82-8376-3CFFC9A51414}_is1) (Version: v2.7.2 - Dixper Software S.L.) DriverUpdate (HKLM\...\{70A3DB76-E1F1-4D1C-B791-824F1C63238A}) (Version: 5.8.19 - Slimware Utilities Holdings, Inc.) Hidden <==== ATTENTION Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lenovo Calliope USB Keyboard (HKLM\...\{520AA862-0064-4B41-B777-1FAFC1AD1293}) (Version: 1.12 - Lenovo) Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}_is1) (Version: 4.39.0.196 - LENOVO (UNITED STATES) INC.) Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 2.1.4.6 - Lenovo) Lenovo Service Bridge (HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.4 - Lenovo) Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0127 - Lenovo) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.7.19.0 - Lenovo Group Ltd.) Lens Studio 3.4.2 (HKLM-x32\...\{652D235D-D6FF-4E47-B95F-D2BE6E8B9858}}_is1) (Version: 3.4.2 - Snap Inc.) Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes) Maxon Cinema 4D 22 (HKLM\...\Maxon Cinema 4D S22) (Version: S22 - Maxon) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.73 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.73 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29914 (HKLM-x32\...\{43d1ce82-6f55-4860-a938-20e5deb28b98}) (Version: 14.28.29914.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) NDI 4 Tools (HKLM\...\{35D49334-910D-4519-B971-C7B604214855}_is1) (Version: - NewTek, inc.) NewTek SpeedHQ Video Codec (x64) (Remove Only) (HKLM\...\NewTek_SpeedHQ_Codec_x64) (Version: - ) NewTek SpeedHQ Video Codec (x86) (Remove Only) (HKLM-x32\...\NewTek_SpeedHQ_Codec) (Version: - ) NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation) NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation) NVIDIA Graphics Driver 471.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.68 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Plarium Play (HKLM-x32\...\{146859e7-33bd-417c-8c4a-4f4ad2ed13a6}) (Version: 6.7.0 - Plarium) Plarium Play (HKLM-x32\...\{1F9621E1-784E-4444-9E6B-76A346CC0016}) (Version: 6.7.0 - Plarium) Hidden Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.15.19.1412 - Razer Inc.) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0731.072613 - Razer Inc.) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.45.416 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.9 - Rockstar Games) Snap Camera 1.14.0 (HKLM-x32\...\{024A6CF5-627D-497F-980B-B9A6EC5C40AF}_is1) (Version: 1.14.0 - Snap Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) StreamElements OBS.Live (HKLM-x32\...\StreamElements OBS.Live) (Version: 21.7.25.759 - StreamElements) Streamlabs OBS 1.1.2 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.1.2 - General Workings, Inc.) Twitch Studio (HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF372B0}) (Version: 8.0.0 - Twitch Interactive, Inc.) UXP WebView Support (HKLM-x32\...\UXPW_1_0_0) (Version: 1.0.0 - Adobe Inc.) Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.14.0.1 - Voicemod S.L.) VSDC Free Video Converter version 2.4.7.339 (HKLM-x32\...\VSDC Free Video Converter_is1) (Version: 2.4.7.339 - Flash-Integro LLC) VSDC Free Video Editor version 6.7.4.300 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.7.4.300 - Flash-Integro LLC) Wargaming.net Game Center for Steam (HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\Wargaming.net Game Center for Steam) (Version: 21.3.0.5224 - Wargaming.net) WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.613 - McAfee, LLC) XSplit VCam (HKLM\...\{DC703711-647D-4A98-8AFA-937C3B061C96}) (Version: 2.3.2108.0303 - XSplit) Hidden XSplit VCam (HKLM\...\XSplit VCam 2.3.2108.0303) (Version: 2.3.2108.0303 - XSplit) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-04-29] (Adobe Systems Incorporated) AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-07-25] (Microsoft Corporation) Dolby Atmos for Gaming -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosforGaming_3.30000.4.0_x64__rz1tebttyb220 [2021-08-17] (Dolby Laboratories) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2105.16.0_x64__k1h2ywk1493x8 [2021-08-09] (LENOVO INC.) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-09] (Microsoft Studios) [MS Ad] MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Corporation) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-17] (NVIDIA Corp.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-05-22] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.27.253.0_x64__dt26b99r8h8gj [2021-08-17] (Realtek Semiconductor Corp) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1813194472-1536907766-1201081494-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E29B5DCE0634} -> [Creative Cloud Files] => C:\Users\carro\Creative Cloud Files [2021-04-29 21:02] CustomCLSID: HKU\S-1-5-21-1813194472-1536907766-1201081494-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-5-21-1813194472-1536907766-1201081494-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-05] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-05] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-05] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-05] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-17] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_3e260c9eef586c71\nvshext.dll [2021-08-06] (Nvidia Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-05] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-17] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.SHQ0] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ1] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ2] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ3] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ4] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ5] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ7] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ9] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed] HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed] HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed] HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed] HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed] HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed] HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [File not signed] HKLM\...\Drivers32: [VIDC.SHQ0] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ1] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ2] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ3] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ4] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ5] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ7] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [VIDC.SHQ9] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> ) HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed] HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed] HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed] HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed] HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed] HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed] HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed] HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed] HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed] HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\A General Guide To Help You Fix GTA 5 Lag - Kill Ping.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nboioiecdjoafbommlcpldhilimillfk ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Amazon Tax Information Interview and IRS Annual Reporting FAQ.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=npolfpgafhboagcfnjedlhoocfdhcfla ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Animator Tips and Tricks - No background.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chat Commands.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fnillioccgplbnnnfhapehijfnbkbjkj ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CloudConverter.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hdmdoclnahphbppladolaimacehflnnb ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Crock Pot Honey Garlic Chicken Recipe _ Super Easy & Delicious Recipe.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=maddnhelchlegodheffacipapdlkofgi ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Discord.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=magkoliahgffibhgfkmoealggombgknl ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GTA Online PC Connection Troubleshooting - Rockstar Games Customer Support.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=bmegmhocneldfjgcaanfbdpeifjodmfj ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Kapwing.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=llaigcdlmigbiiallkfokpaamhophgbh ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Malwarebytes Forums.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hfhgmlgffnifkpjjkehahglepnoiaohd ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Malwarebytes.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hmmdnehdnmlphhfdkccgbggnccabbgle ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\NDI live output does not show up in Character Anim... - Adobe Support Community - 11080532.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pmhbpjacoogdggcnofkgdkbbeakjfgmj ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pizzle Pack SoundCloud.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eikjhbkpemdappjfcmdeeeamdpkgabmk ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pretzel Rocks.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lhpcbchbomeepcdjbfkfjdbfchpkonhh ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RAID Shadow Legends - Ninja.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TikTok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Twitch Emotes - How to Make Your OwnFor Free.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=afagpmhnkeahnadpgfkieilmcocdhbpb ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Twitch.tv - Affiliate Agreement.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=dfgkjngjaphphoiffdjpmhjjgchanbfn ==================== Loaded Modules (Whitelisted) ============= 2021-06-03 19:47 - 2021-05-08 06:33 - 012516352 _____ () [File not signed] C:\Program Files\NDI.tv\NDI 4 Tools\HX Driver\x64\avcodec-ndi-58.dll 2021-06-03 19:47 - 2021-05-08 06:33 - 002772480 _____ () [File not signed] C:\Program Files\NDI.tv\NDI 4 Tools\HX Driver\x64\avformat-ndi-58.dll 2021-06-03 19:47 - 2021-05-08 06:33 - 000606720 _____ () [File not signed] C:\Program Files\NDI.tv\NDI 4 Tools\HX Driver\x64\avutil-ndi-56.dll 2021-06-03 19:47 - 2021-05-08 06:33 - 000215040 _____ () [File not signed] C:\Program Files\NDI.tv\NDI 4 Tools\HX Driver\x64\swresample-ndi-3.dll 2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 ____N (easyhook.codeplex.com) [File not signed] C:\ProgramData\Dolby\DAX3\RADARHOST\EasyHook64.dll 2021-06-18 04:32 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-07-20 19:01 - 2020-05-30 15:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll 2021-05-31 19:03 - 2020-11-03 05:08 - 000954864 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7822] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=LCTE HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=LCTE HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/ SearchScopes: HKU\S-1-5-21-1813194472-1536907766-1201081494-1001 -> DefaultScope {BE9EFE2D-063B-490E-AE70-790B5BEC9EE3} URL = SearchScopes: HKU\S-1-5-21-1813194472-1536907766-1201081494-1001 -> {BE9EFE2D-063B-490E-AE70-790B5BEC9EE3} URL = BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-07-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts 2021-07-15 02:59 - 2021-07-15 02:59 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\carro\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\ratties.jfif DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "RazerCortex" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0" HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "Synapse3" HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "Snap Camera" HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "Voicemod" HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "Dixper Studio" HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "PlariumPlay" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{93A5ADD9-39E9-4953-AF31-857945FC1C9A}C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe] => (Allow) C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe (Newtek Inc -> ) FirewallRules: [UDP Query User{BF562122-0A5A-4469-8F8C-A1C35296849C}C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe] => (Allow) C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe (Newtek Inc -> ) FirewallRules: [{FA189680-C136-4925-9BBC-A77A8DA19C4B}] => (Allow) E:\Steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{4C9F8803-4A8F-48CE-AF58-2BE081060F74}] => (Allow) E:\Steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{51944E88-89C8-4529-8488-FB7E40BA1C03}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{5A789F75-7758-4335-84D9-CA18E5299A4F}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{CA571C7D-1337-460C-B6C1-D0A4E9109968}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{B9F632D8-3EEF-4A89-A8AD-88F0C4FC4463}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{4C70BA2E-423D-45DF-80C2-992B76B0A06C}] => (Allow) E:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{EFAB08B5-5AE3-4773-91DF-0245946D9933}] => (Allow) E:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{A1870CF3-AEE2-49AF-93DA-D77F79B22DDF}C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe] => (Allow) C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe (Streamlabs (General Workings, Inc.) -> Streamlabs) FirewallRules: [UDP Query User{0B678663-C7D3-46D4-B241-4FE9C75E80AF}C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe] => (Allow) C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe (Streamlabs (General Workings, Inc.) -> Streamlabs) FirewallRules: [TCP Query User{0CF4BCEA-F845-40EC-B033-2600DCF8D950}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{1E51A47C-3AD0-41A9-856A-CADFF45EC9A1}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{540D3AF7-0B1D-4521-8FF5-571D9043BDA2}] => (Allow) LPort=6672 FirewallRules: [{042BD33E-41B5-4079-B7E6-1F3EDF5D2A25}] => (Allow) LPort=61455 FirewallRules: [{01C9AF8A-CC08-40A5-9E3A-6766263E1506}] => (Allow) LPort=61457 FirewallRules: [{F3D80F23-9649-4A41-B706-CF03455893AD}] => (Allow) LPort=61456 FirewallRules: [{B135EF12-6650-43E7-9CDF-E2488E72F449}] => (Allow) LPort=61458 FirewallRules: [TCP Query User{7B8178C7-F922-4056-94E7-FD5570DC6C20}C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe] => (Allow) C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe (Newtek Inc -> ) FirewallRules: [UDP Query User{C0FD7CEB-BB0D-467A-B83E-425E5029B1F7}C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe] => (Allow) C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe (Newtek Inc -> ) FirewallRules: [TCP Query User{2E94401C-092C-4B5A-A858-D14F611D9937}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{327CC953-2C53-415F-AF0B-247AD0D5BC8E}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{E4596CD7-5FA6-40EF-B85D-CD1E30AF668C}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{E65D0002-BD85-4A59-B54F-A445C118D6CC}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{0867F865-49A0-4EC7-9A4F-04E33E9E98A2}C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe] => (Allow) C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe (Streamlabs (General Workings, Inc.) -> Streamlabs) FirewallRules: [UDP Query User{5AEF6B8C-1E2A-4F82-8670-B2604044AC87}C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe] => (Allow) C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe (Streamlabs (General Workings, Inc.) -> Streamlabs) FirewallRules: [{7EAD0192-58F1-4F32-A204-C0ECBCFAEBF5}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{469A45BC-CCB1-4859-A17F-ACBA5F2DCEC1}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{8EA92A76-EC11-4FC3-925C-425F24FC7BE7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AE1F1B44-43C9-46C3-BAE7-469FB428830A}] => (Allow) C:\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC -> Psyonix, LLC) FirewallRules: [{F947C677-F692-4D31-B6C3-2C6AE0BE3B5D}] => (Allow) C:\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC -> Psyonix, LLC) FirewallRules: [{EE4D0A82-3BEE-4526-874C-A7B174FAB994}] => (Allow) C:\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC -> Psyonix, LLC) FirewallRules: [{D7C3830D-81A5-4202-990C-C86D598FAA41}] => (Allow) C:\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC -> Psyonix, LLC) FirewallRules: [{2A124B85-6D33-418B-B9F9-2CF41CB43B48}] => (Allow) C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.) FirewallRules: [{61A255E7-ABFC-48BD-A1DF-5AD1D61E36E8}] => (Allow) C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.) FirewallRules: [{3A38E05F-5E3D-4C38-AE1F-56ABE938EBEC}] => (Allow) C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.) FirewallRules: [{C2ABEE22-B5B9-4F49-B96B-8DAEF59E665D}] => (Allow) C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.) FirewallRules: [{DF76C177-F171-4A8B-98BD-B36A0BE2FA83}] => (Allow) E:\Steam\steamapps\common\Metro Exodus\MetroExodus.exe => No File FirewallRules: [{CF6734FA-EE68-47E4-887C-1643EC7E6226}] => (Allow) E:\Steam\steamapps\common\Metro Exodus\MetroExodus.exe => No File FirewallRules: [{2AAD2303-2413-4780-9A7A-FA85CF52604E}] => (Allow) E:\Steam\steamapps\common\Resident Evil Village BIOHAZARD VILLAGE\re8.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.) FirewallRules: [{23584170-DCD4-417F-9058-FCFE2DABFCBD}] => (Allow) E:\Steam\steamapps\common\Resident Evil Village BIOHAZARD VILLAGE\re8.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.) FirewallRules: [{6D2C38EF-B00B-43FD-83DA-74F3B9FBC57B}] => (Allow) E:\Steam\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [{313D66F0-590B-4736-8615-700F2192F286}] => (Allow) E:\Steam\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [{2840B03F-DFAD-489E-AFF7-59DA46FB1825}] => (Allow) E:\Steam\steamapps\common\Marbles on Stream\MarblesOnStream.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{6476BE63-0BB8-4E4A-A9E4-D5FC470345E1}] => (Allow) E:\Steam\steamapps\common\Marbles on Stream\MarblesOnStream.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{7F6F2CA1-CAD6-470A-98CB-80998474C8E5}] => (Allow) E:\Steam\steamapps\common\Deceit\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [{9C3B2466-A887-4F05-ABBF-91791AFF016B}] => (Allow) E:\Steam\steamapps\common\Deceit\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [{9F0F23F7-6BBE-4F8F-822C-104825B864C5}] => (Allow) E:\Steam\steamapps\common\Devour\DEVOUR.exe () [File not signed] FirewallRules: [{07439CC7-1E2A-4375-BEAD-8972D7BAE7F4}] => (Allow) E:\Steam\steamapps\common\Devour\DEVOUR.exe () [File not signed] FirewallRules: [{C2E32FE9-DD97-4993-9D99-C919B5910327}] => (Allow) E:\Steam\steamapps\common\Animaze\Bin\AnimazeDesktop.exe (Holotech Studios, Inc. -> ) FirewallRules: [{863FD7AB-3AE6-45CF-8419-0F9DFEEA80A8}] => (Allow) E:\Steam\steamapps\common\Animaze\Bin\AnimazeDesktop.exe (Holotech Studios, Inc. -> ) FirewallRules: [{61C133F8-021B-4A51-8FDF-C9DEB8011197}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{CB971486-FC54-423A-808C-6CA78B078310}E:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe] => (Allow) E:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe (Gearbox Software, L.L.C. -> Gearbox Software) FirewallRules: [UDP Query User{B431C068-EAC6-4637-8FF6-4DBBB6BFDD9D}E:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe] => (Allow) E:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe (Gearbox Software, L.L.C. -> Gearbox Software) FirewallRules: [{15D7A63C-8438-4D79-9538-B77D7C81826B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{BEA62043-4A27-4592-9ECC-EFB838A8FE7A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{FF287DA2-D2EB-4590-8606-CD7930DAAA8E}] => (Allow) E:\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed] FirewallRules: [{1ECC2620-DED1-406E-9A52-059B3C1210AB}] => (Allow) E:\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed] FirewallRules: [{2706C0B9-213C-4021-A236-AE46543800A3}] => (Allow) C:\Program Files\Elgato\4KCaptureUtility\4KCaptureUtility.exe (Corsair Memory, Inc. -> Elgato Systems) FirewallRules: [{50A97435-81D8-4827-98C9-F8650B76BC68}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{673DF6CE-5F75-4566-8ABB-02E101F3B8EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3B9C06E1-E1C9-4A17-9FCE-F6475C3283E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{25146433-E23E-449A-8916-BA688892219B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3D80EC58-9E29-4A8D-9BCF-07C442DAC8F2}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc) FirewallRules: [{77DEFE3E-AFB8-4206-8D35-E570EA4E7027}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc) FirewallRules: [{BCE825B1-D68B-486D-8710-070D213DA14D}] => (Allow) E:\Steam\steamapps\common\F13Game\EAC_Launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{9876F9AC-13E8-4E81-899E-FF8CBB5E5419}] => (Allow) E:\Steam\steamapps\common\F13Game\EAC_Launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{92FA712B-B7CF-457D-9539-521C8F962CD5}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{16CBCA52-2051-4C50-9EDD-F3226550F527}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{E1194E5E-54AF-4283-91F0-CD484DFC88D8}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{5C91239B-9EFE-4F10-8F25-79D39597AFA5}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{823E9DEA-84B8-400F-AE29-B07967B3D028}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{95D8A7C2-808D-4DC8-9E27-72C9AF781268}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{2148575A-4E35-44D3-9E9B-E4B27F37753D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.73\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{08385045-1A06-4849-B2C8-C0704732A33C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DA923767-F100-40E4-82F7-03D61B3D72C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F2028F84-ED3C-4EC4-9D37-906109C41086}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2AA7CBCA-C099-45CE-836F-463B1975336E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Restore Points ========================= 14-08-2021 14:33:39 Scheduled Checkpoint 15-08-2021 16:12:30 Plarium Play 17-08-2021 20:57:11 Piriform Driver Updater - Update 4.13.0.0 17-08-2021 21:06:32 Piriform Driver Updater - Update 3.20701.717.0 ==================== Faulty Device Manager Devices ============ Name: Lenovo Legion System Firmware 1CA Description: Lenovo Legion System Firmware 1CA Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52} Manufacturer: Lenovo Ltd. Service: Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Lenovo Legion EC 0.0.0.28 Description: Lenovo Legion EC 0.0.0.28 Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52} Manufacturer: Lenovo Ltd. Service: Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (08/18/2021 03:57:31 AM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (08/18/2021 03:49:26 AM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (08/17/2021 09:06:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service McSecDashboardService since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (08/17/2021 09:06:32 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {858295a0-796f-473a-8b9c-33d8e9f083e9} Error: (08/17/2021 09:00:51 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (08/17/2021 09:00:51 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/17/2021 09:00:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Razer Synapse Service Process.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0020001, exception address 76B7B512 Stack: Error: (08/17/2021 08:57:11 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {b4df06a7-8161-422b-a2a4-002e1479fb29} System errors: ============= Error: (08/18/2021 04:07:54 AM) (Source: ACPI) (EventID: 5) (User: ) Description: AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x81), which lies in the 0x81 - 0x83 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance. Error: (08/18/2021 04:07:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error: (08/18/2021 04:07:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error: (08/18/2021 04:06:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error: (08/18/2021 04:06:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-POF167L) Description: The server windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout. Error: (08/18/2021 04:06:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-POF167L) Description: The server {B9B05098-3E30-483F-87F7-027CA78DA287} did not register with DCOM within the required timeout. Error: (08/18/2021 04:04:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Razer Central Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/18/2021 04:04:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Windows Defender: ================ Date: 2021-08-18 03:01:37 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-12 14:51:44 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-10 18:00:25 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-08 15:13:33 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-07 22:37:35 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-05 02:59:41 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.343.2244.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18400.4 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =============== Date: 2021-08-18 04:11:19 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2021-08-18 04:09:47 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: LENOVO O4MKT19A 02/01/2021 Motherboard: LENOVO 3716 Processor: AMD Ryzen 7 3700X 8-Core Processor Percentage of memory in use: 31% Total physical RAM: 16244.88 MB Available physical RAM: 11110.7 MB Total Virtual: 24948.88 MB Available Virtual: 17138.42 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:475.69 GB) (Free:306.68 GB) NTFS Drive e: (New Volume) (Fixed) (Total:931.5 GB) (Free:447.93 GB) NTFS \\?\Volume{1b08e381-522d-4c40-9591-c74a8870ad4a}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS \\?\Volume{e08f7474-b32e-40ae-9f2e-f233a3c541f4}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Size: 476.9 GB) (Disk ID: 6E9DF860) Partition: GPT. ==================== End of Addition.txt ======================= txtAddition.txt
  11. # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-08-09.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-18-2021 # Duration: 00:00:01 # OS: Windows 10 Home # Cleaned: 8 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\SlimWare Utilities Deleted C:\Users\carro\AppData\Local\slimware utilities inc ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverUpdate Deleted HKCU\Software\SlimWare Utilities Inc Deleted HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69 Deleted HKLM\Software\SlimWare Utilities Inc Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [3125 octets] - [18/08/2021 04:01:56] AdwCleaner[S01].txt - [3186 octets] - [18/08/2021 04:03:54] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
  12. I've attached log files from my Legion Lenovo Vantage scanner and Malwarebytes with details. Been having an issue where if we run games like GTA or Rocket League on our desktop PC, the ethernet internet to the PC drops to about 8 mbps download and .20 upload. Our speeds are normally 500 down/50 up. If I run a speed test on my laptop connected via WiFi while this is happening I still get 500/50 while the PC stays at 8/.20 until the game is closed. Then the desktop PC internet speeds are nominal. The game itself on the PC seems to operate ok, but nothing else on the PC will work. Sometimes we stream and will have OBS Studio or SLOBS open streaming to Twitch but either of those two games would crash the internet/stream. So we have run speed tests with JUST one of the games open MANY times and it drops to practically nothing. That was happening for about the past 2-3 months. We've ruled out it being our ISP or hardware. We've run every troubleshooter there is. Everything on our PC seems perfect. All drivers up to date. We were still able to play many other games that did not affect our internet connection during this time. Until Monday night at around 7:20 pm cdt. I was streaming very small games, Marbles on Stream and Horror Tales: The Wine and my stream crashed twice. I ended streaming, did a hard reboot on our router and PC. I opened just Marbles on Stream and ran a speed test and now even that game is dropping internet speeds on our desktop PC only. I tried the same games on my laptop connected via WiFi and they barely affect the speeds there. I tried at least 10 other games that we stream regularly with and have no internet speed problems and they ALL dropped internet speeds to 8/.20. Sunday night it was fine, I streamed several games including Dead by Daylight and it went smooth. There were no updates that I am aware of but suddenly the problem got worse and now extends to all of our games. I've run several scans on Windows Defender, Malwarebytes, CCleaner and Lenovo Vantage and nothing comes up as an issue but the way this has progressively gotten worse seems like a virus. (I also noticed some key stroke issues shortly before I began streaming Monday night so I had just rebooted everything because of that.) ANY help is appreciated, we have tried literally everything for months and the problem just got WAY worse. 8-17-21 1454.txt 8-17-21 1948.txt HardwareScanLog_20210817_205006 PDF.pdf
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.