Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop sluggish after some time has passed [Solved]

Started by Jamazz , Nov 24 2024 02:04 PM

  • This topic is locked This topic is locked

#1
Jamazz
Posted 24 November 2024 - 02:04 PM

Jamazz

    Member

  • Member
  • PipPip
  • 98 posts

Greetings, Geeks,

 

I am helping a friend with his laptop issues. He claims his laptop becomes sluggish after prolonged use. I am unsure on the time frame before the issue surfaces. So far, I have removed unwanted programs, and I also removed an odd, generic, email program that was suspect. McAfee was uninstalled, since it was installed when the laptop was first bought but has since expired. I also blew any dust out of it with a compressor, but it was pretty clean to begin with. He's got plenty of disk space, and from my expert opinion, it doesn't seem like the laptop has been used or abused at all. It practically seems to be a new install. I asked him if he uses it to surf adult sites, but he said no. It seems to me that the issue may be user error or perhaps the PC was bogged down a bit after signing into it after some time had passed between sessions, leading to the PC wanting to update all the things.

 

As I was writing this, Windows wanted to install: 2024-11 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5046633).

 

I will do that after this is posted, but for the most part, I am curious if there is something nefarious running under the hood that has not caught my attention. I look forward to getting it checked out. Thank you.

 

 

FRST scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2024
Ran by aamat (administrator) on DESKTOP-DJ5O2TS (LENOVO 81Q9) (24-11-2024 14:42:24)
Running from C:\Users\aamat\OneDrive\Desktop\FRST64.exe
Loaded Profiles: aamat
Platform: Microsoft Windows 11 Home Version 23H2 22631.4317 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe <12>
(C:\Users\aamat\AppData\Local\Temp\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\aamat\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(C:\Users\aamat\AppData\Local\Temp\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\aamat\AppData\Local\Temp\TeamViewer\tv_w32.exe
(C:\Users\aamat\AppData\Local\Temp\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\aamat\AppData\Local\Temp\TeamViewer\tv_x64.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoNotificationUx.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxEMN.exe
(explorer.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2409.21002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_401fde8782680631\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87e934fb3fbbf9b1\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_16c0b30f7916739a\Intel_PIE_Service.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Texas Instruments Inc. -> Texas Instuments) C:\Windows\System32\TISmartAmpService.exe <2>
(services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_594cfb6f4fd50768\WTabletServiceISD.exe <2>
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5635.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24091.30.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5635.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.25992.9000.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.22062.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.22062.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\aamat\AppData\Local\Microsoft\OneDrive\24.186.0915.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\1.0.2402.27001-0\SecurityHealthHost.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\aamat\AppData\Local\Temp\TeamViewer\TeamViewer.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082592 2020-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [464712 2024-11-24] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\...\Run: [MicrosoftEdgeAutoLaunch_A8C5AB4161C6505FD5F2758518AD9879] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-11-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\131.0.6778.86\Installer\chrmstp.exe [2024-11-24] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {E8510123-6115-4710-92B4-5D22A7FAAE29} - System32\Tasks\AVG\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5246280 2024-11-24] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {B44AFA3C-1025-4AF3-AC05-979B4C246C39} - System32\Tasks\AVG\AVG Antivirus Patcher => C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe [8313672 2024-11-13] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {0624993E-9FEE-4C07-B276-2592EDC45A4E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2593096 2024-11-24] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {CE7547CA-E1DC-46D6-99E8-DAF9A09EC617} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{7C1C6CE2-1265-46BF-99C9-CF7650295121} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {25F54491-C13C-49CE-A4C5-0A8ECC9B2D40} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-08-13] (HP Inc. -> HP Inc.)
Task: {A0284671-493F-4911-AE8C-1E22B444AD4A} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-08-13] (HP Inc. -> HP Inc.)
Task: {54E3382F-AB4B-471F-BB27-C936041DBE8E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {056C4698-ADE2-44F0-9FDC-988CCA8847A8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {B70D165E-E4C8-4D69-908F-465E5B7D5364} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [102400 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {33D0E7B0-3818-4071-B9EA-0927349A7ED3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3d9dde0e-433b-46f4-af5c-343bde631029 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {AB8330EE-A52F-477A-B987-53E69A9ECC3A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4702e646-da94-4445-b407-0c675c4eac82 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {82267661-0267-4BFD-8997-EC1939F92313} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\793201c1-9efb-4951-b40a-db9c8f181f0b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {51921A3A-DE1E-4C43-A958-0EC39B42EABE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8f1f3fe9-47f3-4164-8633-5c0a9be1deba => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {9D98C18B-FDE0-46C5-A086-3C803C1E3F6A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e1e6ba15-8bb4-4ff7-874b-b0e1475437a6 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {D1A72C57-9B44-4001-BEB9-8138C2ADF335} - System32\Tasks\Lenovo\SensorReset => C:\ProgramData\Lenovo\SensorReset\RestartSensorSvc.bat [49 2019-07-10] () [File not signed] <==== ATTENTION
Task: {25453453-39B5-4EBE-B6A6-63A8E1B3CF66} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {5B421CEE-5726-4446-AAE0-9911D00C7860} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90976 2024-04-07] (Lenovo -> Lenovo Group Ltd.) -> C:\windows\system32\drivers\Lenovo\udc\Service\/onidle
Task: {3B226E3F-3893-4717-B6D7-22A03D33FF98} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [188656 2024-04-07] (Lenovo -> Lenovo Group Ltd.)
Task: {D6980107-DEC6-4459-9755-7A85FF665D45} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe [5596280 2024-10-08] (Microsoft Windows -> Microsoft Corporation)
Task: {3FFDD0B3-CDFA-4285-8D1E-4EDDF0C7B942} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28617448 2024-09-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD2A3FF8-194D-44D2-A4EC-581FC085A46E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28617448 2024-09-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {B58E833B-C55C-4489-97B5-4AD8EF9ED113} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312472 2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {B41C5349-A724-4E80-A1EF-E7703A0B6853} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312472 2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FEDC90C-D7F5-4002-8A49-CFBDEEF0DFAA} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [187328 2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {8039D245-E930-42E9-9BF7-8B3C9BAACEC2} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {E30D93A5-1207-4A4F-9F5B-2066B1AEA23B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\System32\MRT.exe [202035632 2024-11-24] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\system32\/EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x80072ee7"
Task: {E9A78793-4AD6-4E97-A58F-330DC909E9C9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File)
Task: {7339338D-66F8-44D2-BA94-A14BF431DCBE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{a16871c1-d2f7-4cdb-b28f-f671511481fe}: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{a16871c1-d2f7-4cdb-b28f-f671511481fe}: [DhcpDomain] cable.rcn.com
Tcpip\..\Interfaces\{a16871c1-d2f7-4cdb-b28f-f671511481fe}\3416371634162726F6: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a16871c1-d2f7-4cdb-b28f-f671511481fe}\450303368613: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{a16871c1-d2f7-4cdb-b28f-f671511481fe}\55443544027457563747: [DhcpNameServer] 76.223.76.40 13.248.207.99
Tcpip\..\Interfaces\{f4ee8c06-394a-40b5-8d85-83d7c3ae875a}: [DhcpNameServer] 150.206.1.3
 
Edge: 
=======
Edge Profile: C:\Users\aamat\AppData\Local\Microsoft\Edge\User Data\Default [2024-11-24]
Edge HomePage: Default -> hxxp://lenovo17win10.msn.com/?pc=LCTE
Edge StartupUrls: Default -> "hxxp://www.google.com/"
Edge Extension: (McAfee® WebAdvisor) - C:\Users\aamat\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2024-11-24]
Edge Extension: (Google Docs Offline) - C:\Users\aamat\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-07]
Edge Extension: (Edge relevant text changes) - C:\Users\aamat\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-07-28]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-07-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-07-16] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\aamat\AppData\Local\Google\Chrome\User Data\Default [2024-11-24]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Google Docs Offline) - C:\Users\aamat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\aamat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [813384 2024-11-24] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [1259848 2024-11-24] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7332680 2024-11-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVGWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2024-11-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13861048 2024-09-22] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1633952 2019-07-18] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [360320 2019-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-08-13] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1831672 2022-08-17] (Lenovo -> Lenovo(beijing) Limited)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [256696 2022-02-05] (Intel Corporation -> Intel Corporation)
R2 TISmartAmpService; C:\WINDOWS\System32\TISmartAmpService.exe [560312 2019-06-24] (Texas Instruments Inc. -> Texas Instuments)
R2 UDCService; C:\WINDOWS\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72432 2024-04-07] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 YMC; C:\WINDOWS\System32\YMC.exe [856960 2019-05-26] (Lenovo -> Lenovo Group Ltd.)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [20552 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [234056 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [383040 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [296008 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [84552 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [28280 2024-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [28736 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [274504 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [97864 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [69184 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [954944 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [1424448 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [203848 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [381512 2024-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2023-02-25] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2023-02-25] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_a88140dd513c6aee\iaLPSS2_GPIO2_ICL.sys [131584 2019-12-25] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_e0e88582ca2b3459\iaLPSS2_I2C_ICL.sys [198656 2019-12-25] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [22104 2024-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [606624 2024-11-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-24] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-11-24 14:42 - 2024-11-24 14:42 - 000026312 _____ C:\Users\aamat\OneDrive\Desktop\FRST.txt
2024-11-24 14:42 - 2024-11-24 14:42 - 000000000 ____D C:\FRST
2024-11-24 14:36 - 2024-11-24 14:36 - 002402816 _____ (Farbar) C:\Users\aamat\OneDrive\Desktop\FRST64.exe
2024-11-24 14:25 - 2024-11-24 14:25 - 000000000 ____D C:\Users\aamat\AppData\Local\TeamViewer
2024-11-24 14:24 - 2024-11-24 14:24 - 032902848 _____ (TeamViewer) C:\Users\aamat\Downloads\TeamViewerQS_x64.exe
2024-11-24 13:56 - 2024-11-24 14:09 - 000000000 ___HD C:\$WinREAgent
2024-11-24 13:10 - 2024-11-24 13:10 - 000002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus Free.lnk
2024-11-24 13:10 - 2024-11-24 13:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2024-11-24 13:10 - 2024-11-24 13:10 - 000000000 ____D C:\Users\aamat\AppData\Roaming\AVG
2024-11-24 13:10 - 2024-11-24 13:10 - 000000000 ____D C:\Users\aamat\AppData\Local\AVG
2024-11-24 13:10 - 2024-11-24 13:09 - 000315720 _____ (Gen Digital Inc.) C:\WINDOWS\system32\avgBoot.exe
2024-11-24 13:09 - 2024-11-24 13:09 - 000000000 ____D C:\Program Files\Common Files\AVG
2024-11-24 13:09 - 2024-11-24 13:09 - 000000000 ____D C:\Program Files\AVG
2024-11-24 13:09 - 2024-11-24 13:08 - 000050976 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2024-11-24 13:08 - 2024-11-24 13:10 - 000000000 ____D C:\ProgramData\AVG
2024-11-24 13:07 - 2024-11-24 13:07 - 000254224 _____ (AVG Technologies CZ, s.r.o.) C:\Users\aamat\Downloads\avg_antivirus_free_setup.exe
2024-11-24 11:30 - 2024-11-24 12:13 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-11-24 14:42 - 2022-05-07 00:22 - 000000000 ____D C:\WINDOWS\INF
2024-11-24 14:36 - 2020-12-14 14:15 - 000000000 ____D C:\Users\aamat\AppData\Local\Packages
2024-11-24 14:32 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-11-24 14:21 - 2022-05-07 00:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-11-24 14:17 - 2023-02-25 04:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-11-24 13:37 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-11-24 13:35 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-11-24 13:10 - 2022-05-07 00:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-11-24 13:06 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-11-24 12:50 - 2023-02-25 04:59 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-11-24 12:46 - 2020-12-14 14:17 - 000000000 ___RD C:\Users\aamat\OneDrive
2024-11-24 12:45 - 2023-02-25 04:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-11-24 12:45 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-11-24 12:45 - 2022-05-07 00:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-11-24 12:45 - 2020-12-14 14:15 - 000000000 __SHD C:\Users\aamat\IntelGraphicsProfiles
2024-11-24 12:45 - 2020-12-03 13:04 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2024-11-24 12:45 - 2020-12-03 13:04 - 000000000 ____D C:\Intel
2024-11-24 12:45 - 2020-12-03 13:03 - 000012288 ___SH C:\DumpStack.log.tmp
2024-11-24 12:14 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-11-24 11:57 - 2020-12-14 14:15 - 000000000 ____D C:\ProgramData\Packages
2024-11-24 11:54 - 2020-12-18 23:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-11-24 11:52 - 2020-12-18 23:55 - 202035632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-11-24 11:44 - 2022-05-07 00:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-11-24 11:40 - 2020-12-03 13:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-11-24 11:36 - 2020-12-03 13:05 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-11-24 11:33 - 2023-02-25 04:44 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-11-24 11:33 - 2023-02-25 04:44 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-11-24 11:32 - 2020-12-14 14:21 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-11-24 11:22 - 2023-02-25 04:40 - 000471328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-11-24 11:21 - 2023-12-05 16:50 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-11-24 11:21 - 2022-05-07 01:10 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\IME
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-11-24 11:21 - 2022-05-07 00:17 - 000000000 ____D C:\WINDOWS\servicing
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2024
Ran by aamat (24-11-2024 14:43:13)
Running from C:\Users\aamat\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.4317 (X64) (2023-02-25 09:44:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
(If an entry is included in the fixlist, it will be removed.)
 
aamat (S-1-5-21-1070449367-101869535-4192911188-1001 - Administrator - Enabled) => C:\Users\aamat
Administrator (S-1-5-21-1070449367-101869535-4192911188-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1070449367-101869535-4192911188-503 - Limited - Disabled)
Guest (S-1-5-21-1070449367-101869535-4192911188-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1070449367-101869535-4192911188-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AVG AntiVirus Free (HKLM\...\AVG Antivirus) (Version: 24.11.9615.2288 - Gen Digital Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 131.0.6778.86 - Google LLC)
Intel® Chipset Device Software (HKLM\...\{351A0D24-F6F1-4105-AA50-5D2CCC71E0DD}) (Version: 10.1.18019.8144 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel® Corporation)
Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.6.1.30 - Wacom Technology Corp.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18025.20104 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.63 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.63 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1070449367-101869535-4192911188-1001\...\OneDriveSetup.exe) (Version: 24.186.0915.0001 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.19202 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18025.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18025.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
 
Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5635.0_x64__8j3eq9eme6ctt [2024-09-15] (INTEL CORP) [Startup Task]
AppUp.ThunderboltControlCenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2023-12-05] (INTEL CORP)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2024.3.211.0_neutral__6rarf9sa4v8jt [2024-11-24] (Disney)
Dolby Atmos Speaker System -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyatmosspeakersystem_3.20402.409.0_x64__rz1tebttyb220 [2020-12-03] (Dolby Laboratories)
Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.20400.722.0_x64__rz1tebttyb220 [2024-09-05] (Dolby Laboratories)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_155.1.1088.0_x64__v10z8vjag6ke6 [2024-08-13] (HP Inc.)
Hulu -> C:\Program Files\WindowsApps\HULULLC.HULUPLUS_4.12.0.0_neutral__fphbd361v8tya [2024-11-24] (Hulu.)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.645.1237.0_x64__8wekyb3d8bbwe [2024-10-08] (Microsoft Corporation)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.645.1237.0_x86__8wekyb3d8bbwe [2024-10-08] (Microsoft Corporation)
Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.645.1237.0_x64__8wekyb3d8bbwe [2024-10-08] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-11-24] (Instagram)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\appup.intelgraphicscontrolpanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-12-03] (INTEL CORP)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2409.29.0_x64__k1h2ywk1493x8 [2024-09-30] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.6.12.0_x64__5grkq8ppsgwt4 [2024-04-26] (LENOVO INC) [Startup Task]
Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_8.2.6.0_neutral__ss941bf8mfs8a [2024-08-14] (Wacom Technology Corp.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2409.21002.0_x64__8wekyb3d8bbwe [2024-10-07] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-12-05] (Microsoft Corp.)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-11-24] (Netflix, Inc.)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-08-17] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2022-03-11] (Realtek Semiconductor Corp)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2021-02-22] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1070449367-101869535-4192911188-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\aamat\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.19202\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-11-24] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-11-24] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-11-24] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-11-24] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-11-24] (AVG Technologies USA, LLC -> Gen Digital Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-09-17 15:29 - 2019-09-17 15:29 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2019-09-17 15:29 - 2019-09-17 15:29 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) =============
 
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.132.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
Network Binding:
=============
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Wi-Fi: Intel® Wi-Fi 6 AX201 160MHz -> Netwtw10.sys
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{20B0EA80-A1A6-464B-87C4-D15DB51B01DF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{0C17E1C1-ECC2-4228-A716-116A05BEE16D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{2C68815C-AE9E-48C0-99EA-424B63709FC3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{F8DAB281-0A4F-46FA-B34D-9A72A746D2ED}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{FF7AA933-5A9D-45D4-A469-9D12A54C311F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{18DBFB01-00D8-4E0A-AEC9-87B9500B8109}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{F87BAAF4-6062-4A35-9898-40E04DE4955D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{F3986D3B-DAEF-4131-9DFA-D17720B33A95}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{778556EC-12A4-4AE3-AD2B-95E122C6159B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B2874041-45AF-4569-81C2-CC7990CC02E5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24244.507.3118.4732_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9A753D7A-9825-4E82-9A83-45E446BB09CB}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24244.507.3118.4732_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1D6FAC9B-7166-4B93-A30D-83CF066D1455}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2F0B9DF6-7127-44F2-8B3C-1E9B4BB49CDE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{57D149A1-E093-47C6-B836-3567B2CF04C9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{08E644ED-94FA-40E8-9FE4-3488FECECEE7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{233F5DAB-DBEF-4BBD-BB8E-D383AC7FF309}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{830DC17F-9357-4C1F-BF54-F13BBAD1DEF9}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21982C20-BE70-41F9-A48B-F92FF9EA33AB}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B586D4FE-E542-48E8-9A5E-C1720614B8F4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{53C0ED9D-2522-4B4A-8BE8-4A916DAAC99D}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{B3D93943-1898-4F27-8933-48C91F0B650D}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:475.63 GB) (Free:405.3 GB) (85%)
 
==================== Faulty Device Manager Devices ============
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/24/2024 12:13:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (11/24/2024 12:13:27 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (11/24/2024 11:44:55 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: mfevtps.exe, version: 20.9.0.193, time stamp: 0x5f59a286
Faulting module name: CRYPT32.dll, version: 10.0.22621.4169, time stamp: 0x05f19029
Exception code: 0xc0000005
Fault offset: 0x0000000000021347
Faulting process id: 0x0x1dac
Faulting application start time: 0x0x1db3e8e2b266c00
Faulting application path: C:\Windows\system32\mfevtps.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CRYPT32.dll
Report Id: b643e00f-5a61-4a95-aa8f-13b27d8f54e5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/24/2024 11:26:46 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program SystemSettings.exe version 10.0.22621.4249 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (11/24/2024 11:22:15 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: mfevtps.exe, version: 20.9.0.193, time stamp: 0x5f59a286
Faulting module name: CRYPT32.dll, version: 10.0.22621.4169, time stamp: 0x05f19029
Exception code: 0xc0000005
Fault offset: 0x0000000000021347
Faulting process id: 0x0x1c70
Faulting application start time: 0x0x1db19c2bdcdcd17
Faulting application path: C:\Windows\system32\mfevtps.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CRYPT32.dll
Report Id: 8ef35ee2-15e3-447e-ab73-8293a0885a73
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/08/2024 03:43:16 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: mfevtps.exe, version: 20.9.0.193, time stamp: 0x5f59a286
Faulting module name: ntdll.dll, version: 10.0.22621.4111, time stamp: 0x518e67bb
Exception code: 0xc0000005
Fault offset: 0x0000000000033faa
Faulting process id: 0x0x1be4
Faulting application start time: 0x0x1db19381158c308
Faulting application path: C:\Windows\system32\mfevtps.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5a488d4d-6d47-4bb2-b949-2ecf77fe4352
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/30/2024 10:10:15 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program msteamsupdate.exe version 24215.1105.3082.1600 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (09/10/2024 11:43:49 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: mfevtps.exe, version: 20.9.0.193, time stamp: 0x5f59a286
Faulting module name: CRYPT32.dll, version: 10.0.22621.4169, time stamp: 0x3ec72cae
Exception code: 0xc0000005
Fault offset: 0x0000000000020022
Faulting process id: 0x0x12b4
Faulting application start time: 0x0x1daf9d44a5c260e
Faulting application path: C:\Windows\system32\mfevtps.exe
Faulting module path: C:\WINDOWS\SYSTEM32\CRYPT32.dll
Report Id: f80ed658-0b9a-4ad4-a643-528ad8856ce8
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (11/24/2024 12:47:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® SGX AESM service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/24/2024 12:47:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® SGX AESM service to connect.
 
Error: (11/24/2024 12:15:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® SGX AESM service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/24/2024 12:15:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® SGX AESM service to connect.
 
Error: (11/24/2024 12:13:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x800704c7 = The operation was canceled by the user.): 2024-11 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5046633).
 
Error: (11/24/2024 12:13:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242008: 9N8MHTPHNGVV-Microsoft.Windows.DevHome.
 
Error: (11/24/2024 12:13:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: 9NH2SW16MQ7F-Microsoft.WindowsAppRuntime.1.5.
 
Error: (11/24/2024 11:32:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® SGX AESM service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Windows Defender:
================
Date: 2024-11-24 12:44:17
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-11-24 12:11:55
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-10-03 04:12:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-10-02 01:46:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-09-30 02:05:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-03-18 05:41:17
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
Date: 2024-01-18 14:21:49
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1729.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80070102
Error description: The wait operation timed out.  
 
Date: 2024-01-18 14:21:49
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1729.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80070102
Error description: The wait operation timed out.  
 
Date: 2023-10-05 12:11:27
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.397.870.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23080.2005
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
CodeIntegrity:
===============
Date: 2024-11-24 13:10:22
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. 
 
Date: 2024-11-24 11:45:08
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system. 
 
Date: 2024-11-24 11:45:06
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SystemSettings.DataModel.dll because the set of per-page image hashes could not be found on the system. 
 
Date: 2024-11-24 11:42:07
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO AUCN59WW 02/24/2021
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core™ i7-1065G7 CPU @ 1.30GHz
Percentage of memory in use: 65%
Total physical RAM: 12030.68 MB
Available physical RAM: 4205.07 MB
Total Virtual: 13886.68 MB
Available Virtual: 5499.74 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:475.63 GB) (Free:405.3 GB) (Model: SAMSUNG MZVLB512HBJQ-000L2) (Protected) NTFS
 
\\?\Volume{cf709739-ec72-4bd1-84e3-8e2a2d755444}\ () (Fixed) (Total:1.04 GB) (Free:0.11 GB) NTFS
\\?\Volume{c6ab4513-32a9-420e-9a63-691677e9ed6f}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1EF13600)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

Advertisements

#2
icotonev
Posted 25 November 2024 - 10:22 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

Hello , Jamazz..!  :)

 

No signs of an active infection that I can see in your FRST logs.

 

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include the word Code: ) .....
Virusscan: C:\ProgramData\Lenovo\SensorReset\RestartSensorSvc.bat
  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

 

QUESTION: .... is there any particular reason that you're using АVG AntiVirus, because to be quite frank Windows Defender will do a better job of protecting your machine. АVG AntiVirus loads a great many processes and services which only slow down your machine, whereas Windows Defender is fully integrated into Windows itself, and is far less demanding of system resources.


  • 0

#3
Jamazz
Posted 25 November 2024 - 11:25 AM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Thanks for the quick attention!

 

There's no particular reason I am using AVG other than thinking I did not have enough of, or a robust enough, Antivirus program. I did not know Windows Defender was robust enough to handle things on its own. I will uninstall AVG.

 

FixLog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-11-2024

Ran by aamat (25-11-2024 12:20:33) Run:2
Running from C:\Users\aamat\OneDrive\Desktop
Loaded Profiles: aamat
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Virusscan: C:\ProgramData\Lenovo\SensorReset\RestartSensorSvc.bat
*****************
 
Virusscan: C:\ProgramData\Lenovo\SensorReset\RestartSensorSvc.bat => https://virusscan.jo...njob/xseenefwkw
 
==== End of Fixlog 12:20:34 ====

  • 0

#4
icotonev
Posted 25 November 2024 - 11:55 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

By their very nature AV programs link closely to your OS (much more so than other programs), so are best removed with a stand alone Uninstaller, most AV producers will have one on their website.
 
For АVG AntiVirusit can be found at - Avast Article: Using the AVG Uninstall Tool ... another instruction- uninstalling avg | AVG
 
Windows on board uninstaller tends to leave orphans behind which can cause you problems later, the tool supplied by АVG does a much better job... and you can combine the two options
 

 

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include the word Code: ) .....
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {8039D245-E930-42E9-9BF7-8B3C9BAACEC2} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {E9A78793-4AD6-4E97-A58F-330DC909E9C9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File)
Task: {7339338D-66F8-44D2-BA94-A14BF431DCBE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
FirewallRules: [{20B0EA80-A1A6-464B-87C4-D15DB51B01DF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{0C17E1C1-ECC2-4228-A716-116A05BEE16D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{2C68815C-AE9E-48C0-99EA-424B63709FC3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{F8DAB281-0A4F-46FA-B34D-9A72A746D2ED}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{FF7AA933-5A9D-45D4-A469-9D12A54C311F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{18DBFB01-00D8-4E0A-AEC9-87B9500B8109}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{F87BAAF4-6062-4A35-9898-40E04DE4955D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{F3986D3B-DAEF-4131-9DFA-D17720B33A95}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File

EmptyTemp:
Reboot:
End::
  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

  • 0

#5
Jamazz
Posted 25 November 2024 - 05:42 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

I already uninstalled AVG after my last post and before your last post. When I uninstalled it, the AVG program itself got involved and walked me (tried to change my mind) through uninstalling it. It's removed. Apologies for not waiting for your instruction, first.

 

I ran your last FixList. Below is the log. I'm back in it after reboot, awaiting next steps. Thanks.

 

FixLog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-11-2024

Ran by aamat (25-11-2024 18:16:29) Run:3
Running from C:\Users\aamat\OneDrive\Desktop
Loaded Profiles: aamat
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
 
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {8039D245-E930-42E9-9BF7-8B3C9BAACEC2} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {E9A78793-4AD6-4E97-A58F-330DC909E9C9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File)
Task: {7339338D-66F8-44D2-BA94-A14BF431DCBE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
FirewallRules: [{20B0EA80-A1A6-464B-87C4-D15DB51B01DF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{0C17E1C1-ECC2-4228-A716-116A05BEE16D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{2C68815C-AE9E-48C0-99EA-424B63709FC3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{F8DAB281-0A4F-46FA-B34D-9A72A746D2ED}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{FF7AA933-5A9D-45D4-A469-9D12A54C311F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{18DBFB01-00D8-4E0A-AEC9-87B9500B8109}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{F87BAAF4-6062-4A35-9898-40E04DE4955D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{F3986D3B-DAEF-4131-9DFA-D17720B33A95}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
 
EmptyTemp:
Reboot:
End::
*****************
 
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiSpyware => Error setting value.
HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiVirus => Error setting value.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8039D245-E930-42E9-9BF7-8B3C9BAACEC2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8039D245-E930-42E9-9BF7-8B3C9BAACEC2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9A78793-4AD6-4E97-A58F-330DC909E9C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9A78793-4AD6-4E97-A58F-330DC909E9C9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7339338D-66F8-44D2-BA94-A14BF431DCBE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7339338D-66F8-44D2-BA94-A14BF431DCBE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20B0EA80-A1A6-464B-87C4-D15DB51B01DF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C17E1C1-ECC2-4228-A716-116A05BEE16D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C68815C-AE9E-48C0-99EA-424B63709FC3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8DAB281-0A4F-46FA-B34D-9A72A746D2ED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF7AA933-5A9D-45D4-A469-9D12A54C311F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18DBFB01-00D8-4E0A-AEC9-87B9500B8109}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F87BAAF4-6062-4A35-9898-40E04DE4955D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3986D3B-DAEF-4131-9DFA-D17720B33A95}" => removed successfully
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9533676 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 17953027 B
Edge => 0 B
Chrome => 738027602 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 182813 B
systemprofile32 => 182813 B
LocalService => 304111 B
NetworkService => 571101 B
aamat => 375438221 B
 
RecycleBin => 4623612372 B
EmptyTemp: => 5.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:16:53 ====

  • 0

#6
icotonev
Posted 26 November 2024 - 01:32 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

Hello , Jamazz..!  :)

 

Let's check for leftovers..:

 

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.

 

SearchAll: AVG , AVG AntiVirus , Avast

 

  • Press the Search Files button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.

  • 0

#7
Jamazz
Posted 26 November 2024 - 06:11 AM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

It seems, AVG backed out clean. Astonishing.

 

Search Log

 

Farbar Recovery Scan Tool (x64) Version: 25-11-2024

Ran by aamat (26-11-2024 07:04:56)
Running from C:\Users\aamat\OneDrive\Desktop
Boot Mode: Normal
 
================== Search Files: "SearchAll: AVG , AVG AntiVirus , Avast" =============
 
File:
========
 
Folder:
========
 
Registry:
========
 
 
====== End of Search ======

  • 0

#8
icotonev
Posted 26 November 2024 - 06:45 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

Great..! :)

For the finale...: How is the computer running now..?
 

 

Fresh FRST logs

Please run FRST tool once more, and attach for me fresh logs:
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach these two logs in your next reply.

In your next reply, please post:
  1. Fresh FRST logs

  • 0

#9
Jamazz
Posted 26 November 2024 - 07:48 AM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

In my experience with this laptop, it did not seem to exhibit the behavior the owner claimed. To me, it has been performing well throughout our checkup. It seems like a nice and simple laptop that maybe my daughters would like. I have a Lenovo for work, and they seem to be great laptops, overall.

 

Scan Results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2024

Ran by aamat (administrator) on DESKTOP-DJ5O2TS (LENOVO 81Q9) (26-11-2024 08:13:55)
Running from C:\Users\aamat\OneDrive\Desktop\FRST64.exe
Loaded Profiles: aamat
Platform: Microsoft Windows 11 Home Version 23H2 22631.4460 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe <13>
(C:\Users\aamat\AppData\Local\Temp\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\aamat\AppData\Local\Temp\TeamViewer\tv_w32.exe
(C:\Users\aamat\AppData\Local\Temp\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\aamat\AppData\Local\Temp\TeamViewer\tv_x64.exe
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\24.10.0.10\x64\MessagingPlugin.exe
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\24.10.0.10\x64\SystemNotificationPlugin.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxEMN.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_401fde8782680631\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87e934fb3fbbf9b1\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_16c0b30f7916739a\Intel_PIE_Service.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Texas Instruments Inc. -> Texas Instuments) C:\Windows\System32\TISmartAmpService.exe <2>
(services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_594cfb6f4fd50768\WTabletServiceISD.exe <2>
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24102.48.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.22098.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.22098.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\aamat\AppData\Local\Microsoft\OneDrive\24.216.1027.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\aamat\AppData\Local\Temp\TeamViewer\TeamViewer.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082592 2020-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\...\Run: [MicrosoftEdgeAutoLaunch_A8C5AB4161C6505FD5F2758518AD9879] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-11-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\aamat\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [82831904 2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\aamat\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\...\RunOnce: [Uninstall 24.211.1020.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\aamat\AppData\Local\Microsoft\OneDrive\24.211.1020.0001" [0 2024-11-25] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\131.0.6778.86\Installer\chrmstp.exe [2024-11-24] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {CE7547CA-E1DC-46D6-99E8-DAF9A09EC617} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{7C1C6CE2-1265-46BF-99C9-CF7650295121} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {DFF5824D-2877-4BB9-B6BE-65AA359D4FCF} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64976 2024-11-25] (HP Inc. -> HP Inc.)
Task: {ACCA5992-A730-4553-9EA7-9C1F126F5D0B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64976 2024-11-25] (HP Inc. -> HP Inc.)
Task: {54E3382F-AB4B-471F-BB27-C936041DBE8E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {056C4698-ADE2-44F0-9FDC-988CCA8847A8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {B70D165E-E4C8-4D69-908F-465E5B7D5364} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [102400 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {33D0E7B0-3818-4071-B9EA-0927349A7ED3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3d9dde0e-433b-46f4-af5c-343bde631029 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {AB8330EE-A52F-477A-B987-53E69A9ECC3A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4702e646-da94-4445-b407-0c675c4eac82 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {82267661-0267-4BFD-8997-EC1939F92313} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\793201c1-9efb-4951-b40a-db9c8f181f0b => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {51921A3A-DE1E-4C43-A958-0EC39B42EABE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8f1f3fe9-47f3-4164-8633-5c0a9be1deba => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {9D98C18B-FDE0-46C5-A086-3C803C1E3F6A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e1e6ba15-8bb4-4ff7-874b-b0e1475437a6 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {D1A72C57-9B44-4001-BEB9-8138C2ADF335} - System32\Tasks\Lenovo\SensorReset => C:\ProgramData\Lenovo\SensorReset\RestartSensorSvc.bat [49 2019-07-10] () [File not signed] <==== ATTENTION
Task: {1A5F6B3F-48F1-4C4A-8135-6C1C0543DE6A} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {5B421CEE-5726-4446-AAE0-9911D00C7860} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90952 2024-10-24] (Lenovo -> Lenovo Group Ltd.) -> C:\windows\system32\drivers\Lenovo\udc\Service\/onidle
Task: {3FDD025B-7E1A-4136-8CE9-DDE1BFD11E3E} - System32\Tasks\Lenovo\UDC\Lenovo UDC Maintainance Task => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 220
Task: {409BF2BE-C262-4DA7-90BC-0418521FE7F7} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [196960 2024-10-24] (Lenovo -> Lenovo Group Ltd.)
Task: {FE2C24A6-FD93-45EA-94DA-A0D49F762BC2} - System32\Tasks\Lenovo\UDC\SystemNotificationPlugin\DigestDownload => C:\Windows\System32\drivers\Lenovo\udc\Service\UdcInfInstaller.exe [196960 2024-10-24] (Lenovo -> Lenovo Group Ltd.)
Task: {D6980107-DEC6-4459-9755-7A85FF665D45} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe [5550800 2024-11-24] (Microsoft Windows -> Microsoft Corporation)
Task: {6A178493-7BFC-4BD1-AD95-0589E4B696BA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28644032 2024-11-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {F73258E8-2F14-424E-94CA-9C17785F1FC2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28644032 2024-11-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {45CBFF45-B607-4A2E-974E-8BC3567FBB8C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312408 2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {E44B4D52-6F4B-4DAC-800A-512FDA9A303A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312408 2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {0EE3191F-3554-4128-A2B4-D00F7F4800E5} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [187600 2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {810CDAAA-0E20-4F0B-8E1C-9AB598DA07E3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C18DD06-AC32-4852-9188-BF5CA7CBBC73} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1878395E-D112-4D9D-8FB2-592EF84C733F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1EF5EEE0-63E7-484E-9474-8ACD11A09ADA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{a16871c1-d2f7-4cdb-b28f-f671511481fe}: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{a16871c1-d2f7-4cdb-b28f-f671511481fe}: [DhcpDomain] cable.rcn.com
Tcpip\..\Interfaces\{a16871c1-d2f7-4cdb-b28f-f671511481fe}\3416371634162726F6: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a16871c1-d2f7-4cdb-b28f-f671511481fe}\450303368613: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{a16871c1-d2f7-4cdb-b28f-f671511481fe}\55443544027457563747: [DhcpNameServer] 76.223.76.40 13.248.207.99
Tcpip\..\Interfaces\{f4ee8c06-394a-40b5-8d85-83d7c3ae875a}: [DhcpNameServer] 150.206.1.3
 
Edge: 
=======
Edge Profile: C:\Users\aamat\AppData\Local\Microsoft\Edge\User Data\Default [2024-11-26]
Edge HomePage: Default -> hxxp://lenovo17win10.msn.com/?pc=LCTE
Edge StartupUrls: Default -> "hxxp://www.google.com/"
Edge Extension: (McAfee® WebAdvisor) - C:\Users\aamat\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2024-11-24]
Edge Extension: (Google Docs Offline) - C:\Users\aamat\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-07]
Edge Extension: (Edge relevant text changes) - C:\Users\aamat\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-07-28]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-07-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-07-16] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\aamat\AppData\Local\Google\Chrome\User Data\Default [2024-11-26]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Google Docs Offline) - C:\Users\aamat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\aamat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13652176 2024-11-09] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1633952 2019-07-18] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [360320 2019-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2024-11-25] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1831672 2022-08-17] (Lenovo -> Lenovo(beijing) Limited)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [256696 2022-02-05] (Intel Corporation -> Intel Corporation)
R2 TISmartAmpService; C:\WINDOWS\System32\TISmartAmpService.exe [560312 2019-06-24] (Texas Instruments Inc. -> Texas Instuments)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [72520 2024-10-24] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 YMC; C:\WINDOWS\System32\YMC.exe [856960 2019-05-26] (Lenovo -> Lenovo Group Ltd.)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2023-02-25] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2023-02-25] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_a88140dd513c6aee\iaLPSS2_GPIO2_ICL.sys [131584 2019-12-25] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_e0e88582ca2b3459\iaLPSS2_I2C_ICL.sys [198656 2019-12-25] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 MpKsl5f9e322b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D916F14-E809-4B04-BE69-E4C6F149B371}\MpKslDrv.sys [267552 2024-11-26] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-11-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-24] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-11-26 08:13 - 2024-11-26 08:14 - 000022875 _____ C:\Users\aamat\OneDrive\Desktop\FRST.txt
2024-11-25 12:33 - 2024-11-25 12:33 - 000000000 ____D C:\Users\aamat\AppData\Local\ToastNotificationManagerCompat
2024-11-25 11:50 - 2024-11-25 11:50 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-11-24 14:48 - 2024-11-24 14:48 - 000000000 ____D C:\Users\aamat\AppData\Roaming\Microsoft\MMC
2024-11-24 14:42 - 2024-11-26 08:14 - 000000000 ____D C:\FRST
2024-11-24 14:36 - 2024-11-26 07:04 - 002402816 _____ (Farbar) C:\Users\aamat\OneDrive\Desktop\FRST64.exe
2024-11-24 14:25 - 2024-11-24 14:25 - 000000000 ____D C:\Users\aamat\AppData\Local\TeamViewer
2024-11-24 14:24 - 2024-11-24 14:24 - 032902848 _____ (TeamViewer) C:\Users\aamat\Downloads\TeamViewerQS_x64.exe
2024-11-24 14:18 - 2024-11-24 14:18 - 000026650 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-11-24 14:18 - 2024-11-24 14:18 - 000026650 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-11-24 13:10 - 2024-11-25 12:26 - 000000000 ____D C:\Users\aamat\AppData\Roaming\AVG
2024-11-24 13:10 - 2024-11-25 12:26 - 000000000 ____D C:\Users\aamat\AppData\Local\AVG
2024-11-24 13:08 - 2024-11-25 12:28 - 000000000 ____D C:\ProgramData\AVG
2024-11-24 11:30 - 2024-11-25 12:28 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-11-26 07:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-11-26 07:40 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-11-26 06:17 - 2022-05-07 00:22 - 000000000 ____D C:\WINDOWS\INF
2024-11-25 21:48 - 2023-02-25 04:44 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1070449367-101869535-4192911188-1001
2024-11-25 21:48 - 2023-02-25 04:44 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1070449367-101869535-4192911188-1001
2024-11-25 21:48 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-11-25 21:48 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-11-25 21:48 - 2021-07-11 02:39 - 000002390 _____ C:\Users\aamat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-11-25 21:48 - 2020-12-14 14:17 - 000000000 ___RD C:\Users\aamat\OneDrive
2024-11-25 18:21 - 2023-02-25 04:59 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-11-25 18:17 - 2023-02-25 04:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-11-25 18:17 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-11-25 18:17 - 2022-05-07 00:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-11-25 18:17 - 2020-12-14 14:15 - 000000000 __SHD C:\Users\aamat\IntelGraphicsProfiles
2024-11-25 18:17 - 2020-12-03 13:04 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2024-11-25 18:17 - 2020-12-03 13:04 - 000000000 ____D C:\Intel
2024-11-25 18:17 - 2020-12-03 13:03 - 000012288 ___SH C:\DumpStack.log.tmp
2024-11-25 12:45 - 2023-07-05 19:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-11-25 12:45 - 2023-07-05 19:23 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-11-25 12:30 - 2021-09-21 19:17 - 000000000 ____D C:\Users\aamat\AppData\Local\D3DSCache
2024-11-25 11:50 - 2022-05-07 00:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-11-25 11:50 - 2019-09-17 15:29 - 000000000 ____D C:\Program Files\Microsoft Office
2024-11-24 21:39 - 2023-02-25 04:44 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-11-24 21:39 - 2023-02-25 04:44 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-11-24 15:29 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-11-24 15:18 - 2020-12-18 23:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-11-24 15:13 - 2023-02-25 04:40 - 000471344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-11-24 15:12 - 2023-12-05 16:50 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-11-24 15:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-11-24 15:12 - 2022-05-07 00:17 - 000000000 ____D C:\WINDOWS\servicing
2024-11-24 14:36 - 2020-12-14 14:15 - 000000000 ____D C:\Users\aamat\AppData\Local\Packages
2024-11-24 14:21 - 2022-05-07 00:25 - 000077312 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2024-11-24 14:21 - 2022-05-07 00:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2024-11-24 14:21 - 2022-05-07 00:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-11-24 14:17 - 2023-02-25 04:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-11-24 13:10 - 2022-05-07 00:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-11-24 11:57 - 2020-12-14 14:15 - 000000000 ____D C:\ProgramData\Packages
2024-11-24 11:52 - 2020-12-18 23:55 - 202035632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-11-24 11:44 - 2022-05-07 00:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-11-24 11:40 - 2020-12-03 13:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-11-24 11:36 - 2020-12-03 13:05 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-11-24 11:32 - 2020-12-14 14:21 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-11-24 11:21 - 2022-05-07 01:10 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-11-24 11:21 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\IME
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2024
Ran by aamat (26-11-2024 08:15:10)
Running from C:\Users\aamat\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.4460 (X64) (2023-02-25 09:44:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
(If an entry is included in the fixlist, it will be removed.)
 
aamat (S-1-5-21-1070449367-101869535-4192911188-1001 - Administrator - Enabled) => C:\Users\aamat
Administrator (S-1-5-21-1070449367-101869535-4192911188-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1070449367-101869535-4192911188-503 - Limited - Disabled)
Guest (S-1-5-21-1070449367-101869535-4192911188-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1070449367-101869535-4192911188-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 131.0.6778.86 - Google LLC)
Intel® Chipset Device Software (HKLM\...\{351A0D24-F6F1-4105-AA50-5D2CCC71E0DD}) (Version: 10.1.18019.8144 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel® Corporation)
Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.6.1.30 - Wacom Technology Corp.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18129.20158 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.63 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.63 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1070449367-101869535-4192911188-1001\...\OneDriveSetup.exe) (Version: 24.216.1027.0003 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.19202 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18129.20100 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18129.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
 
Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-25] (INTEL CORP) [Startup Task]
AppUp.ThunderboltControlCenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2023-12-05] (INTEL CORP)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2024.3.211.0_neutral__6rarf9sa4v8jt [2024-11-25] (Disney)
Dolby Atmos Speaker System -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyatmosspeakersystem_3.20402.409.0_x64__rz1tebttyb220 [2020-12-03] (Dolby Laboratories)
Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.20400.722.0_x64__rz1tebttyb220 [2024-09-05] (Dolby Laboratories)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_156.1.1125.0_x64__v10z8vjag6ke6 [2024-11-25] (HP Inc.)
Hulu -> C:\Program Files\WindowsApps\HULULLC.HULUPLUS_4.12.0.0_neutral__fphbd361v8tya [2024-11-25] (Hulu.)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.645.1237.0_x64__8wekyb3d8bbwe [2024-10-08] (Microsoft Corporation)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.645.1237.0_x86__8wekyb3d8bbwe [2024-10-08] (Microsoft Corporation)
Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.645.1237.0_x64__8wekyb3d8bbwe [2024-10-08] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-11-25] (Instagram)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\appup.intelgraphicscontrolpanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-12-03] (INTEL CORP)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2409.29.0_x64__k1h2ywk1493x8 [2024-09-30] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.6.12.0_x64__5grkq8ppsgwt4 [2024-04-26] (LENOVO INC) [Startup Task]
Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_8.2.6.0_neutral__ss941bf8mfs8a [2024-08-14] (Wacom Technology Corp.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16002.0_x64__8wekyb3d8bbwe [2024-11-25] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-12-05] (Microsoft Corp.)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-11-25] (Netflix, Inc.)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-08-17] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2024-11-25] (Realtek Semiconductor Corp)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2021-02-22] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1070449367-101869535-4192911188-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\aamat\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.19202\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1070449367-101869535-4192911188-1001_Classes\CLSID\{51694bf6-7178-71ba-ba8c-cd64aadfc7f1}\localserver32 -> C:\ProgramData\Lenovo\Udc\Hosts\24.10.0.10\x64\MessagingPlugin.exe (Lenovo -> )
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-09-17 15:29 - 2019-09-17 15:29 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2019-09-17 15:29 - 2019-09-17 15:29 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) =============
 
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-11-25] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1070449367-101869535-4192911188-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\aamat\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\2021.JPG
DNS Servers: 192.168.132.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
Network Binding:
=============
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Wi-Fi: Intel® Wi-Fi 6 AX201 160MHz -> Netwtw10.sys
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B2874041-45AF-4569-81C2-CC7990CC02E5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24244.507.3118.4732_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9A753D7A-9825-4E82-9A83-45E446BB09CB}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24244.507.3118.4732_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{233F5DAB-DBEF-4BBD-BB8E-D383AC7FF309}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{830DC17F-9357-4C1F-BF54-F13BBAD1DEF9}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21982C20-BE70-41F9-A48B-F92FF9EA33AB}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B586D4FE-E542-48E8-9A5E-C1720614B8F4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A464C63E-B35C-4AEC-906A-2FF3D4670B51}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC4DF430-8F68-4F2F-9E9D-CCC1B955E54B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.132.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{59E97851-8986-400C-B542-6DC6C1924A27}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.132.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E8F83ADE-C331-478B-961E-776ACCB3574B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.132.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{366F0241-785D-4169-8513-29873E81278D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.132.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
25-11-2024 18:16:29 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices ============
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/25/2024 06:16:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (11/25/2024 06:16:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {edb2a7d6-7d05-468b-a9d2-deb31e369aa3}
 
Error: (11/25/2024 12:26:38 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (11/25/2024 12:26:38 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (11/25/2024 12:26:38 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (11/25/2024 12:26:38 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (11/25/2024 11:49:24 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-DJ5O2TS)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.
 
Error: (11/24/2024 03:12:36 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
 
System errors:
=============
Error: (11/25/2024 06:19:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® SGX AESM service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/25/2024 06:19:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® SGX AESM service to connect.
 
Error: (11/25/2024 06:16:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll
 
Error: (11/25/2024 06:16:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll
 
Error: (11/25/2024 06:16:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Print Scan Doctor Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (11/25/2024 06:16:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Universal Device Client Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/25/2024 06:16:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/25/2024 06:16:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Windows Defender:
================
Date: 2024-11-24 12:44:17
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-11-24 12:11:55
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-10-03 04:12:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-10-02 01:46:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-09-30 02:05:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-03-18 05:41:17
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 
 
Date: 2024-01-18 14:21:49
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1729.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80070102
Error description: The wait operation timed out.  
 
Date: 2024-01-18 14:21:49
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1729.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80070102
Error description: The wait operation timed out.  
 
Date: 2023-10-05 12:11:27
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.397.870.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23080.2005
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
CodeIntegrity:
===============
Date: 2024-11-24 13:10:22
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. 
 
Date: 2024-11-24 11:45:08
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system. 
 
Date: 2024-11-24 11:45:06
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SystemSettings.DataModel.dll because the set of per-page image hashes could not be found on the system. 
 
Date: 2024-11-24 11:42:07
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO AUCN59WW 02/24/2021
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core™ i7-1065G7 CPU @ 1.30GHz
Percentage of memory in use: 53%
Total physical RAM: 12030.68 MB
Available physical RAM: 5537.71 MB
Total Virtual: 13886.68 MB
Available Virtual: 6617.74 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:475.63 GB) (Free:408.51 GB) (Model: SAMSUNG MZVLB512HBJQ-000L2) (Protected) NTFS
 
\\?\Volume{cf709739-ec72-4bd1-84e3-8e2a2d755444}\ () (Fixed) (Total:1.04 GB) (Free:0.11 GB) NTFS
\\?\Volume{c6ab4513-32a9-420e-9a63-691677e9ed6f}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1EF13600)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#10
icotonev
Posted 26 November 2024 - 09:23 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

Thank you..! :)  Your computer is clean..Once again, there are no obvious signs of an active infection in the logs you provided..! Things look good..! :)

 

 

 

I have a Lenovo for work, and they seem to be great laptops, overall.

 

:thumbsup:  Still using my LENOVO Y510P...! 

 

 

As a check to make sure we haven't overlooked anything, I'd like you to run an online scan for me ....:

 

ESET Online Scan


Download ESET Online Scanner and save it to your desktop.


  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

Eset Online Scanner will take some time, so be prepared.


In your next reply, please post:

  1. The Eset.txt

 

 

 

 

 


  • 0

#11
Jamazz
Posted 26 November 2024 - 03:37 PM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

I love my IdeaPad Gaming 3. Work gave me a budget, and I used every cent.

 

ESET says nothing found. Not too shabby.

 

11/26/2024 15:51:16 PM
Scanned files: 284353
Detected files: 0
Cleaned files: 0
Total scan time: 00:46:59
Scan status: Finished

  • 0

#12
icotonev
Posted 27 November 2024 - 07:23 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts
Great..! I'm glad I could help you..!  :)  That's all I'm going to ask you to do...:
 
  • Download KpRm and save it to your Desktop (see here if you must use Chrome)
  • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
  • Right click on the icon and select Run as administrator
  • Click Yes on the Disclaimer
  • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
  • Click Run
  • Click OK on All operations are completed
  • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
  • You are free to remove any other tools/reports still remaining
  • Please copy and paste its contents in your next reply.
 

  • 0

#13
Jamazz
Posted 27 November 2024 - 07:47 AM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Thanks for the help! I would like to support you; please DM me with details so I can compensate your for your time.

 

 

Here's the KpRm Log:

 

# Run at 11/27/2024 8:43:05 AM
# KpRm (Kernel-panik) version 2.17.0
# Run by aamat from C:\Users\aamat\OneDrive\Desktop
# Computer Name: DESKTOP-DJ5O2TS
# OS: Windows 11 X64 (22631) (10.0.22631.4460) 
# Number of passes: 1
 
- Checked options -
 
    ~ Delete Tools
    ~ Create Restore Point
    ~ Delete Quarantines after 7 days
 
- Delete Tools -
 
 
  ## ESET Online Scanner
     [OK] C:\Users\aamat\OneDrive\Desktop\esetonlinescanner.exe deleted
     [OK] C:\Users\aamat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
 
  ## FRST
     [OK] Process FRST64.exe killed
     [OK] C:\Users\aamat\OneDrive\Desktop\Addition.txt deleted
     [OK] C:\Users\aamat\OneDrive\Desktop\FRST.txt deleted
     [OK] C:\Users\aamat\OneDrive\Desktop\FRST64.exe deleted
 
- Other Lines -
 
 
  ## Quarantines that will be deleted in 7 days (2024/12/04)
    ~ C:\Users\aamat\AppData\Local\ESET\ESETOnlineScanner (ESET Online Scanner)
    ~ C:\FRST (FRST)
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named Restore Point Created by FRST created at 11/25/2024 23:16:29
   ~ [I] RP named KpRm created at 11/27/2024 13:43:09
 
-- KPRM finished in 13.01s --

  • 0

#14
icotonev
Posted 27 November 2024 - 09:56 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

That is all..! I mark the topic as SOLVED...!

 

Stay Safe...! :)


  • 0

#15
Jamazz
Posted 27 November 2024 - 10:06 AM

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Always a pleasure. I love this community. Thank you!


  • 1
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP