Jump to content

Possible undetected virus/malware?


Recommended Posts

I've attached log files from my Legion Lenovo Vantage scanner and Malwarebytes with details.

Been having an issue where if we run games like GTA or Rocket League on our desktop PC, the ethernet internet to the PC drops to about 8 mbps download and .20 upload. Our speeds are normally 500 down/50 up. If I run a speed test on my laptop connected via WiFi while this is happening I still get 500/50 while the PC stays at 8/.20 until the game is closed. Then the desktop PC internet speeds are nominal. The game itself on the PC seems to operate ok, but nothing else on the PC will work. Sometimes we stream and will have OBS Studio or SLOBS open streaming to Twitch but either of those two games would crash the internet/stream. So we have run speed tests with JUST one of the games open MANY times and it drops to practically nothing.

That was happening for about the past 2-3 months. We've ruled out it being our ISP or hardware. We've run every troubleshooter there is. Everything on our PC seems perfect. All drivers up to date. 

We were still able to play many other games that did not affect our internet connection during this time. Until Monday night at around 7:20 pm cdt. I was streaming very small games, Marbles on Stream and Horror Tales: The Wine and my stream crashed twice. I ended streaming, did a hard reboot on our router and PC. I opened just Marbles on Stream and ran a speed test and now even that game is dropping internet speeds on our desktop PC only. I tried the same games on my laptop connected via WiFi and they barely affect the speeds there. I tried at least 10 other games that we stream regularly with and have no internet speed problems and they ALL dropped internet speeds to 8/.20.

Sunday night it was fine, I streamed several games including Dead by Daylight and it went smooth. There were no updates that I am aware of but suddenly the problem got worse and now extends to all of our games. I've run several scans on Windows Defender, Malwarebytes, CCleaner and Lenovo Vantage and nothing comes up as an issue but the way this has progressively gotten worse seems like a virus. (I also noticed some key stroke issues shortly before I began streaming Monday night so I had just rebooted everything because of that.)

ANY help is appreciated, we have tried literally everything for months and the problem just got WAY worse.

8-17-21 1454.txt 8-17-21 1948.txt HardwareScanLog_20210817_205006 PDF.pdf

Link to post
Share on other sites

  • Root Admin

Hello @Carrollm1980 and :welcome:

Let me have you do the following scan for us and we'll check and see what we can find. You can ignore step one as you already provided the logs from the Malwarebytes scan, but do perform steps 2 and 3 as shown, thanks.

It's almost midnight here for me so I'll check back on you again sometime tomorrow

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 

 

Spoiler

 

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-08-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-18-2021
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  8
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files\SlimWare Utilities
Deleted       C:\Users\carro\AppData\Local\slimware utilities inc

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverUpdate
Deleted       HKCU\Software\SlimWare Utilities Inc
Deleted       HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted       HKLM\Software\SlimWare Utilities Inc
Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3125 octets] - [18/08/2021 04:01:56]
AdwCleaner[S01].txt - [3186 octets] - [18/08/2021 04:03:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

Link to post
Share on other sites

  • Root Admin

Please temporarily uninstall the following software while we diagnose your system issues. Windows 10 comes with built-in antivirus that is as good or better than AVG so your system will still be protected without it.

  • AVG Antivirus
  • CCleaner (experts no longer recommend the use of this program)
  • McAfee WebAdvisor

 

Once you have uninstalled the above items, please restart the computer and run the Farbar program again and click on Scan and make sure you have the following set. Then attach back both new logs.

image.png

Thank you @Carrollm1980

 

 

Link to post
Share on other sites

This is the addition, I have to run the other scan after work

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2021
Ran by carro (18-08-2021 04:13:16)
Running from C:\Users\carro\Downloads
Windows 10 Home Version 21H1 19043.1165 (X64) (2021-04-30 00:23:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1813194472-1536907766-1201081494-500 - Administrator - Disabled)
carro (S-1-5-21-1813194472-1536907766-1201081494-1001 - Administrator - Enabled) => C:\Users\carro
DefaultAccount (S-1-5-21-1813194472-1536907766-1201081494-503 - Limited - Disabled)
Guest (S-1-5-21-1813194472-1536907766-1201081494-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1813194472-1536907766-1201081494-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Out of date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Capture Utility (HKLM\...\{DC2C8F41-BE16-4442-BC11-6A36B995A2B3}) (Version: 1.7.4.4808 - Elgato Systems)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Adobe After Effects 2021 (HKLM-x32\...\AEFT_18_4) (Version: 18.4 - Adobe Inc.)
Adobe Character Animator 2021 (HKLM-x32\...\CHAR_4_4) (Version: 4.4 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.5.0.617 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_4_1) (Version: 25.4.1 - Adobe Inc.)
Adobe Media Encoder 2021 (HKLM-x32\...\AME_15_4) (Version: 15.4 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4_3) (Version: 22.4.3.317 - Adobe Inc.)
Adobe Premiere Rush (HKLM-x32\...\RUSH_1_5_62) (Version: 1.5.62 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.06.22.050 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{dbef9d6b-46b4-4fc6-b09e-5d9f2447fde4}) (Version: 2.06.22.050 - Advanced Micro Devices, Inc.) Hidden
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 21.6.3189 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.83 - Piriform)
Dixper Studio v2.7.2 (HKLM\...\{267760CC-0CDD-4A82-8376-3CFFC9A51414}_is1) (Version: v2.7.2 - Dixper Software S.L.)
DriverUpdate (HKLM\...\{70A3DB76-E1F1-4D1C-B791-824F1C63238A}) (Version: 5.8.19 - Slimware Utilities Holdings, Inc.) Hidden <==== ATTENTION
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Calliope USB Keyboard (HKLM\...\{520AA862-0064-4B41-B777-1FAFC1AD1293}) (Version: 1.12 - Lenovo)
Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}_is1) (Version: 4.39.0.196 - LENOVO (UNITED STATES) INC.)
Lenovo Migration Assistant (HKLM\...\Lenovo Migration Assistant_is1) (Version: 2.1.4.6 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.4 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0127 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.7.19.0 - Lenovo Group Ltd.)
Lens Studio 3.4.2 (HKLM-x32\...\{652D235D-D6FF-4E47-B95F-D2BE6E8B9858}}_is1) (Version: 3.4.2 - Snap Inc.)
Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)
Maxon Cinema 4D 22 (HKLM\...\Maxon Cinema 4D S22) (Version: S22 - Maxon)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.73 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.73 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29914 (HKLM-x32\...\{43d1ce82-6f55-4860-a938-20e5deb28b98}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
NDI 4 Tools (HKLM\...\{35D49334-910D-4519-B971-C7B604214855}_is1) (Version:  - NewTek, inc.)
NewTek SpeedHQ Video Codec (x64) (Remove Only) (HKLM\...\NewTek_SpeedHQ_Codec_x64) (Version:  - )
NewTek SpeedHQ Video Codec (x86) (Remove Only) (HKLM-x32\...\NewTek_SpeedHQ_Codec) (Version:  - )
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.68 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Plarium Play (HKLM-x32\...\{146859e7-33bd-417c-8c4a-4f4ad2ed13a6}) (Version: 6.7.0 - Plarium)
Plarium Play (HKLM-x32\...\{1F9621E1-784E-4444-9E6B-76A346CC0016}) (Version: 6.7.0 - Plarium) Hidden
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.15.19.1412 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0731.072613 - Razer Inc.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.45.416 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.9 - Rockstar Games)
Snap Camera 1.14.0 (HKLM-x32\...\{024A6CF5-627D-497F-980B-B9A6EC5C40AF}_is1) (Version: 1.14.0 - Snap Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamElements OBS.Live (HKLM-x32\...\StreamElements OBS.Live) (Version: 21.7.25.759 - StreamElements)
Streamlabs OBS 1.1.2 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.1.2 - General Workings, Inc.)
Twitch Studio (HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF372B0}) (Version: 8.0.0 - Twitch Interactive, Inc.)
UXP WebView Support (HKLM-x32\...\UXPW_1_0_0) (Version: 1.0.0 - Adobe Inc.)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.14.0.1 - Voicemod S.L.)
VSDC Free Video Converter version 2.4.7.339 (HKLM-x32\...\VSDC Free Video Converter_is1) (Version: 2.4.7.339 - Flash-Integro LLC)
VSDC Free Video Editor version 6.7.4.300 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.7.4.300 - Flash-Integro LLC)
Wargaming.net Game Center for Steam (HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\Wargaming.net Game Center for Steam) (Version: 21.3.0.5224 - Wargaming.net)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.613 - McAfee, LLC)
XSplit VCam (HKLM\...\{DC703711-647D-4A98-8AFA-937C3B061C96}) (Version: 2.3.2108.0303 - XSplit) Hidden
XSplit VCam (HKLM\...\XSplit VCam 2.3.2108.0303) (Version: 2.3.2108.0303 - XSplit)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-04-29] (Adobe Systems Incorporated)
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-07-25] (Microsoft Corporation)
Dolby Atmos for Gaming -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosforGaming_3.30000.4.0_x64__rz1tebttyb220 [2021-08-17] (Dolby Laboratories)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2105.16.0_x64__k1h2ywk1493x8 [2021-08-09] (LENOVO INC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-09] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-17] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-05-22] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.27.253.0_x64__dt26b99r8h8gj [2021-08-17] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1813194472-1536907766-1201081494-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E29B5DCE0634} -> [Creative Cloud Files] => C:\Users\carro\Creative Cloud Files [2021-04-29 21:02]
CustomCLSID: HKU\S-1-5-21-1813194472-1536907766-1201081494-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1813194472-1536907766-1201081494-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-05] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-05] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-05] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-05] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlei.inf_amd64_3e260c9eef586c71\nvshext.dll [2021-08-06] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-05] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-08-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-17] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.SHQ0] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ1] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ2] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ3] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ4] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ5] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ7] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ9] => C:\Windows\system32\Codec.SpeedHQ.x64.dll [27725240 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.SHQ0] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ1] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ2] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ3] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ4] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ5] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ7] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [VIDC.SHQ9] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2858936 2021-05-27] (Newtek Inc -> )
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\A General Guide To Help You Fix GTA 5 Lag - Kill Ping.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=nboioiecdjoafbommlcpldhilimillfk
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Amazon Tax Information Interview and IRS Annual Reporting FAQ.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=npolfpgafhboagcfnjedlhoocfdhcfla
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Animator Tips and Tricks - No background.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chat Commands.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=fnillioccgplbnnnfhapehijfnbkbjkj
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CloudConverter.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hdmdoclnahphbppladolaimacehflnnb
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Crock Pot Honey Garlic Chicken Recipe _ Super Easy & Delicious Recipe.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=maddnhelchlegodheffacipapdlkofgi
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Discord.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=magkoliahgffibhgfkmoealggombgknl
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\GTA Online PC Connection Troubleshooting - Rockstar Games Customer Support.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=bmegmhocneldfjgcaanfbdpeifjodmfj
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Kapwing.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=llaigcdlmigbiiallkfokpaamhophgbh
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Malwarebytes Forums.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hfhgmlgffnifkpjjkehahglepnoiaohd
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Malwarebytes.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hmmdnehdnmlphhfdkccgbggnccabbgle
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\NDI live output does not show up in Character Anim... - Adobe Support Community - 11080532.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=pmhbpjacoogdggcnofkgdkbbeakjfgmj
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pizzle Pack SoundCloud.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=eikjhbkpemdappjfcmdeeeamdpkgabmk
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pretzel Rocks.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=lhpcbchbomeepcdjbfkfjdbfchpkonhh
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\RAID  Shadow Legends - Ninja.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TikTok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Twitch Emotes - How to Make Your OwnFor Free.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=afagpmhnkeahnadpgfkieilmcocdhbpb
ShortcutWithArgument: C:\Users\carro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Twitch.tv - Affiliate Agreement.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=dfgkjngjaphphoiffdjpmhjjgchanbfn

==================== Loaded Modules (Whitelisted) =============

2021-06-03 19:47 - 2021-05-08 06:33 - 012516352 _____ () [File not signed] C:\Program Files\NDI.tv\NDI 4 Tools\HX Driver\x64\avcodec-ndi-58.dll
2021-06-03 19:47 - 2021-05-08 06:33 - 002772480 _____ () [File not signed] C:\Program Files\NDI.tv\NDI 4 Tools\HX Driver\x64\avformat-ndi-58.dll
2021-06-03 19:47 - 2021-05-08 06:33 - 000606720 _____ () [File not signed] C:\Program Files\NDI.tv\NDI 4 Tools\HX Driver\x64\avutil-ndi-56.dll
2021-06-03 19:47 - 2021-05-08 06:33 - 000215040 _____ () [File not signed] C:\Program Files\NDI.tv\NDI 4 Tools\HX Driver\x64\swresample-ndi-3.dll
2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 ____N (easyhook.codeplex.com) [File not signed] C:\ProgramData\Dolby\DAX3\RADARHOST\EasyHook64.dll
2021-06-18 04:32 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-07-20 19:01 - 2020-05-30 15:58 - 001280000 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2021-05-31 19:03 - 2020-11-03 05:08 - 000954864 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7822]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-1813194472-1536907766-1201081494-1001 -> DefaultScope {BE9EFE2D-063B-490E-AE70-790B5BEC9EE3} URL = 
SearchScopes: HKU\S-1-5-21-1813194472-1536907766-1201081494-1001 -> {BE9EFE2D-063B-490E-AE70-790B5BEC9EE3} URL = 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-07-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-08-12] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-26] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2021-07-15 02:59 - 2021-07-15 02:59 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\carro\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\ratties.jfif
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "Snap Camera"
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "Voicemod"
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "Dixper Studio"
HKU\S-1-5-21-1813194472-1536907766-1201081494-1001\...\StartupApproved\Run: => "PlariumPlay"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{93A5ADD9-39E9-4953-AF31-857945FC1C9A}C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe] => (Allow) C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe (Newtek Inc -> )
FirewallRules: [UDP Query User{BF562122-0A5A-4469-8F8C-A1C35296849C}C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe] => (Allow) C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe (Newtek Inc -> )
FirewallRules: [{FA189680-C136-4925-9BBC-A77A8DA19C4B}] => (Allow) E:\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4C9F8803-4A8F-48CE-AF58-2BE081060F74}] => (Allow) E:\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{51944E88-89C8-4529-8488-FB7E40BA1C03}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5A789F75-7758-4335-84D9-CA18E5299A4F}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{CA571C7D-1337-460C-B6C1-D0A4E9109968}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{B9F632D8-3EEF-4A89-A8AD-88F0C4FC4463}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{4C70BA2E-423D-45DF-80C2-992B76B0A06C}] => (Allow) E:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{EFAB08B5-5AE3-4773-91DF-0245946D9933}] => (Allow) E:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{A1870CF3-AEE2-49AF-93DA-D77F79B22DDF}C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe] => (Allow) C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe (Streamlabs (General Workings, Inc.) -> Streamlabs)
FirewallRules: [UDP Query User{0B678663-C7D3-46D4-B241-4FE9C75E80AF}C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe] => (Allow) C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe (Streamlabs (General Workings, Inc.) -> Streamlabs)
FirewallRules: [TCP Query User{0CF4BCEA-F845-40EC-B033-2600DCF8D950}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{1E51A47C-3AD0-41A9-856A-CADFF45EC9A1}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{540D3AF7-0B1D-4521-8FF5-571D9043BDA2}] => (Allow) LPort=6672
FirewallRules: [{042BD33E-41B5-4079-B7E6-1F3EDF5D2A25}] => (Allow) LPort=61455
FirewallRules: [{01C9AF8A-CC08-40A5-9E3A-6766263E1506}] => (Allow) LPort=61457
FirewallRules: [{F3D80F23-9649-4A41-B706-CF03455893AD}] => (Allow) LPort=61456
FirewallRules: [{B135EF12-6650-43E7-9CDF-E2488E72F449}] => (Allow) LPort=61458
FirewallRules: [TCP Query User{7B8178C7-F922-4056-94E7-FD5570DC6C20}C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe] => (Allow) C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe (Newtek Inc -> )
FirewallRules: [UDP Query User{C0FD7CEB-BB0D-467A-B83E-425E5029B1F7}C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe] => (Allow) C:\program files\ndi.tv\ndi 4 tools\webcam input\webcam input.exe (Newtek Inc -> )
FirewallRules: [TCP Query User{2E94401C-092C-4B5A-A858-D14F611D9937}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{327CC953-2C53-415F-AF0B-247AD0D5BC8E}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E4596CD7-5FA6-40EF-B85D-CD1E30AF668C}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{E65D0002-BD85-4A59-B54F-A445C118D6CC}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{0867F865-49A0-4EC7-9A4F-04E33E9E98A2}C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe] => (Allow) C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe (Streamlabs (General Workings, Inc.) -> Streamlabs)
FirewallRules: [UDP Query User{5AEF6B8C-1E2A-4F82-8670-B2604044AC87}C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe] => (Allow) C:\program files\streamlabs obs\resources\app.asar.unpacked\node_modules\obs-studio-node\obs64.exe (Streamlabs (General Workings, Inc.) -> Streamlabs)
FirewallRules: [{7EAD0192-58F1-4F32-A204-C0ECBCFAEBF5}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{469A45BC-CCB1-4859-A17F-ACBA5F2DCEC1}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{8EA92A76-EC11-4FC3-925C-425F24FC7BE7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE1F1B44-43C9-46C3-BAE7-469FB428830A}] => (Allow) C:\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC -> Psyonix, LLC)
FirewallRules: [{F947C677-F692-4D31-B6C3-2C6AE0BE3B5D}] => (Allow) C:\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC -> Psyonix, LLC)
FirewallRules: [{EE4D0A82-3BEE-4526-874C-A7B174FAB994}] => (Allow) C:\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC -> Psyonix, LLC)
FirewallRules: [{D7C3830D-81A5-4202-990C-C86D598FAA41}] => (Allow) C:\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC -> Psyonix, LLC)
FirewallRules: [{2A124B85-6D33-418B-B9F9-2CF41CB43B48}] => (Allow) C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [{61A255E7-ABFC-48BD-A1DF-5AD1D61E36E8}] => (Allow) C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [{3A38E05F-5E3D-4C38-AE1F-56ABE938EBEC}] => (Allow) C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [{C2ABEE22-B5B9-4F49-B96B-8DAEF59E665D}] => (Allow) C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [{DF76C177-F171-4A8B-98BD-B36A0BE2FA83}] => (Allow) E:\Steam\steamapps\common\Metro Exodus\MetroExodus.exe => No File
FirewallRules: [{CF6734FA-EE68-47E4-887C-1643EC7E6226}] => (Allow) E:\Steam\steamapps\common\Metro Exodus\MetroExodus.exe => No File
FirewallRules: [{2AAD2303-2413-4780-9A7A-FA85CF52604E}] => (Allow) E:\Steam\steamapps\common\Resident Evil Village BIOHAZARD VILLAGE\re8.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.)
FirewallRules: [{23584170-DCD4-417F-9058-FCFE2DABFCBD}] => (Allow) E:\Steam\steamapps\common\Resident Evil Village BIOHAZARD VILLAGE\re8.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.)
FirewallRules: [{6D2C38EF-B00B-43FD-83DA-74F3B9FBC57B}] => (Allow) E:\Steam\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{313D66F0-590B-4736-8615-700F2192F286}] => (Allow) E:\Steam\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{2840B03F-DFAD-489E-AFF7-59DA46FB1825}] => (Allow) E:\Steam\steamapps\common\Marbles on Stream\MarblesOnStream.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{6476BE63-0BB8-4E4A-A9E4-D5FC470345E1}] => (Allow) E:\Steam\steamapps\common\Marbles on Stream\MarblesOnStream.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{7F6F2CA1-CAD6-470A-98CB-80998474C8E5}] => (Allow) E:\Steam\steamapps\common\Deceit\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{9C3B2466-A887-4F05-ABBF-91791AFF016B}] => (Allow) E:\Steam\steamapps\common\Deceit\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{9F0F23F7-6BBE-4F8F-822C-104825B864C5}] => (Allow) E:\Steam\steamapps\common\Devour\DEVOUR.exe () [File not signed]
FirewallRules: [{07439CC7-1E2A-4375-BEAD-8972D7BAE7F4}] => (Allow) E:\Steam\steamapps\common\Devour\DEVOUR.exe () [File not signed]
FirewallRules: [{C2E32FE9-DD97-4993-9D99-C919B5910327}] => (Allow) E:\Steam\steamapps\common\Animaze\Bin\AnimazeDesktop.exe (Holotech Studios, Inc. -> )
FirewallRules: [{863FD7AB-3AE6-45CF-8419-0F9DFEEA80A8}] => (Allow) E:\Steam\steamapps\common\Animaze\Bin\AnimazeDesktop.exe (Holotech Studios, Inc. -> )
FirewallRules: [{61C133F8-021B-4A51-8FDF-C9DEB8011197}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{CB971486-FC54-423A-808C-6CA78B078310}E:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe] => (Allow) E:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe (Gearbox Software, L.L.C. -> Gearbox Software)
FirewallRules: [UDP Query User{B431C068-EAC6-4637-8FF6-4DBBB6BFDD9D}E:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe] => (Allow) E:\program files\epic games\borderlands3\oakgame\binaries\win64\borderlands3.exe (Gearbox Software, L.L.C. -> Gearbox Software)
FirewallRules: [{15D7A63C-8438-4D79-9538-B77D7C81826B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{BEA62043-4A27-4592-9ECC-EFB838A8FE7A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{FF287DA2-D2EB-4590-8606-CD7930DAAA8E}] => (Allow) E:\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{1ECC2620-DED1-406E-9A52-059B3C1210AB}] => (Allow) E:\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{2706C0B9-213C-4021-A236-AE46543800A3}] => (Allow) C:\Program Files\Elgato\4KCaptureUtility\4KCaptureUtility.exe (Corsair Memory, Inc. -> Elgato Systems)
FirewallRules: [{50A97435-81D8-4827-98C9-F8650B76BC68}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{673DF6CE-5F75-4566-8ABB-02E101F3B8EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3B9C06E1-E1C9-4A17-9FCE-F6475C3283E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{25146433-E23E-449A-8916-BA688892219B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3D80EC58-9E29-4A8D-9BCF-07C442DAC8F2}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc)
FirewallRules: [{77DEFE3E-AFB8-4206-8D35-E570EA4E7027}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc)
FirewallRules: [{BCE825B1-D68B-486D-8710-070D213DA14D}] => (Allow) E:\Steam\steamapps\common\F13Game\EAC_Launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{9876F9AC-13E8-4E81-899E-FF8CBB5E5419}] => (Allow) E:\Steam\steamapps\common\F13Game\EAC_Launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{92FA712B-B7CF-457D-9539-521C8F962CD5}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{16CBCA52-2051-4C50-9EDD-F3226550F527}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{E1194E5E-54AF-4283-91F0-CD484DFC88D8}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{5C91239B-9EFE-4F10-8F25-79D39597AFA5}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{823E9DEA-84B8-400F-AE29-B07967B3D028}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{95D8A7C2-808D-4DC8-9E27-72C9AF781268}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{2148575A-4E35-44D3-9E9B-E4B27F37753D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.73\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{08385045-1A06-4849-B2C8-C0704732A33C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DA923767-F100-40E4-82F7-03D61B3D72C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2028F84-ED3C-4EC4-9D37-906109C41086}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2AA7CBCA-C099-45CE-836F-463B1975336E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

14-08-2021 14:33:39 Scheduled Checkpoint
15-08-2021 16:12:30 Plarium Play
17-08-2021 20:57:11 Piriform Driver Updater - Update 4.13.0.0
17-08-2021 21:06:32 Piriform Driver Updater - Update 3.20701.717.0

==================== Faulty Device Manager Devices ============

Name: Lenovo Legion System Firmware 1CA
Description: Lenovo Legion System Firmware 1CA
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Lenovo Ltd.
Service: 
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Lenovo Legion EC 0.0.0.28
Description: Lenovo Legion EC 0.0.0.28
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Lenovo Ltd.
Service: 
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/18/2021 03:57:31 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (08/18/2021 03:49:26 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (08/17/2021 09:06:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service McSecDashboardService since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/17/2021 09:06:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {858295a0-796f-473a-8b9c-33d8e9f083e9}

Error: (08/17/2021 09:00:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (08/17/2021 09:00:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (08/17/2021 09:00:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Synapse Service Process.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0020001, exception address 76B7B512
Stack:

Error: (08/17/2021 08:57:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b4df06a7-8161-422b-a2a4-002e1479fb29}


System errors:
=============
Error: (08/18/2021 04:07:54 AM) (Source: ACPI) (EventID: 5) (User: )
Description: AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x81), which lies in the 0x81 - 0x83 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Error: (08/18/2021 04:07:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (08/18/2021 04:07:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (08/18/2021 04:06:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (08/18/2021 04:06:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-POF167L)
Description: The server windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.

Error: (08/18/2021 04:06:51 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-POF167L)
Description: The server {B9B05098-3E30-483F-87F7-027CA78DA287} did not register with DCOM within the required timeout.

Error: (08/18/2021 04:04:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Central Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/18/2021 04:04:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


Windows Defender:
================
Date: 2021-08-18 03:01:37
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-08-12 14:51:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-08-10 18:00:25
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-08-08 15:13:33
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-08-07 22:37:35
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-08-05 02:59:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.2244.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18400.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===============
Date: 2021-08-18 04:11:19
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2021-08-18 04:09:47
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

BIOS: LENOVO O4MKT19A 02/01/2021
Motherboard: LENOVO 3716
Processor: AMD Ryzen 7 3700X 8-Core Processor 
Percentage of memory in use: 31%
Total physical RAM: 16244.88 MB
Available physical RAM: 11110.7 MB
Total Virtual: 24948.88 MB
Available Virtual: 17138.42 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.69 GB) (Free:306.68 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.5 GB) (Free:447.93 GB) NTFS

\\?\Volume{1b08e381-522d-4c40-9591-c74a8870ad4a}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{e08f7474-b32e-40ae-9f2e-f233a3c541f4}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 6E9DF860)

Partition: GPT.

==================== End of Addition.txt =======================

txtAddition.txt

Link to post
Share on other sites

Ok, I removed those three programs, restarted the PC and ran the Farbar program again. The files attached are from that scan but let me know if you still need the Addition.txt file from before.

CCleaner and AVG were just downloaded last night when I was trying scans in Lenovo and Windows Defender and not finding anything malicious. I'm not sure how long McAfee WebAdvisor was installed but I believe I was able to completely uninstall all three.

Thank you!

FRST.txt Addition.txt

Link to post
Share on other sites

  • Root Admin

I missed this one. Please uninstall this as well. This is a very noisy network discovery tool from Apple and not needed on most installations of Windows.

Bonjour
 

Why is the Windows Firewall disabled? If you're not using another firewall I highly recommend that you re-enable the builtin Windows Firewall

If you're not using Microsoft OneDrive I'd recommend that you uninstall it.

 

If there is not an easy method to correct this issue I would recommend you contact Lenovo Support for assistance to correct this issue.

==================== Faulty Device Manager Devices ============

Name: Lenovo Legion System Firmware 1CA
Description: Lenovo Legion System Firmware 1CA
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Lenovo Ltd.
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Lenovo Legion EC 0.0.0.28
Description: Lenovo Legion EC 0.0.0.28
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Lenovo Ltd.
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

System errors:
=============
Error: (08/18/2021 05:32:19 PM) (Source: ACPI) (EventID: 5) (User: )
Description: AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x81), which lies in the 0x81 - 0x83 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

 

Error: (08/18/2021 01:39:06 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (08/18/2021 04:07:54 AM) (Source: ACPI) (EventID: 5) (User: )
Description: AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x81), which lies in the 0x81 - 0x83 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Error: (08/18/2021 04:07:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (08/18/2021 04:07:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

 

 

 

 

After you uninstall Bonjour please run the following fix

 

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

Ok, I didn't realize the Windows Firewall was disabled. My fiance disabled it and forgot to turn it back on when he ran one of the earlier scans for me while I was at work. I turned it back on but disabled it to run the fix. I disabled Windows Defender and Malwarebytes real-time protection. I hope I didn't miss anything but lemme know if I did. The fix ran pretty smoothly and Windows Defender was all back on after the restart. Malwarebytes I had to manually turn back on.  

I did completely remove Bonjour and Microsoft One Drive and restart before running the fix, we have never used either of those.

I've attached the log.

Thank you for all of your help!

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

No problem @Carrollm1980 the log looks to have run well.

From the logs, which is a good thing.

Windows Resource Protection found corrupt files and successfully repaired them.

Let me have you run the Farbar FRST program again. Please click on Scan and attach back both new logs

image.png

 

Then also run the following for me.

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures and Check VirusTotal.com and Submit Unknown Images
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right-click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

 

image.png

 

Next, I'd also like you to get me the following. Let me know if you have any questions or issues.

 

Please download HWiNFO the Professional System Information and Diagnostics program.
HWiNFO Portable for Windows

Unzip the program to its own folder such as: C:\HWiNFO
Go to the new folder and locate the file C:\HWiNFO\HWiNFO64.exe and double-click to run it.
Click the RUN button.
Ignore the update, click close.
Click on Save Report and choose HTML and click Next, then Finish
By default, it will create a new report named COMPUTER.HTM in the same folder as the program. C:\HWiNFO
Please zip that file and attach it to your next reply

 

Thank you

 

Link to post
Share on other sites

  • Root Admin

Your Intel Wi-Fi 6 AX200 160MHz Wi-Fi drivers show as version 22.40.0.7 - there is a newer version 22.70.0 from the Intel site.

Please double-check and verify if this is the correct driver for your card and if it is please update it.

https://www.intel.com/content/www/us/en/products/sku/189347/intel-wifi-6-ax200-gig/downloads.html

 

Your RealTek Semiconductor RTL8168/8111 PCI-E Gigabit Ethernet NIC shows driver version 10.39.212.2020
There appears to be a newer version 10.50 on the Realtek site

Please double-check and verify if this is the correct driver for your card and if it is please update it.

https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-pci-express-software

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.